ATAL BIHARI VAJPAYEE-INDIAN INSTITUTE OF INFORMATION TECHNOLOGY AND

MANAGEMENT (ABV-IIITM), GWALIOR

ISS
PROJECT
Kshitij Gupta : 2021IMT-056
Pranav Pawar : 2021IMT-074
Neeraj Nagure : 2021IMT-067

Satyrohan Prakash : 2021IMT-086

Ritik Singh : 2021IMT-081

Dr. DEBANJAN SADHYA

 Password Cracking
using John the Ripper
CONTENTS 1. Introduction

2. Features

3. Use Cases

4. Counter Measures

5. Advantages & Disadvantages

6. Implementation
INTRODUCTION
What is John the Ripper?

John the Ripper is a widely used open-source password-cracking

software.
It was designed to test password strength, brute-force encrypted
(hashed) passwords, and crack passwords via dictionary attacks.
John the Ripper was released in 1996. And was made open source
in 1997.
It was created by a developer known by the pseudonym Solar
Designer (Alexander Peslyak).
INTRODUCTION
Key Features -

Password Cracking: John the Ripper can crack password hashes using
various techniques.
It supports a range of hashing algorithms like MD5, SHA-1, and more.
Customizable: Users can configure it for specific cracking scenarios.
Performance: Known for its speed and efficiency.

System Compatibility -

Supported Platforms: Available for Unix, Windows, and more.

Open Source: It's open-source software, which means it's free and
customizable.
 Salted Hashes: When dealing with salted hashes, John the Ripper is capable
of recognizing and processing the salt. Salt is a random value added to each
password before hashing, and it prevents attackers from using precomputed
tables like rainbow tables. John the Ripper includes different "formats" for
Features

various salted hash types. For example, if you have salted SHA-256 hashes,
John the Ripper will use the appropriate format to handle them.

Static Value (Pepper): A "pepper" is a fixed value added to each password

before hashing, which is different from "salt" as it doesn't change for each
user. Handling pepper with John the Ripper typically requires a bit more
manual setup. You would need to modify the tool to incorporate the pepper
into the cracking process. Depending on how the pepper is applied, you
might need to create custom rules or use scripts to combine it with
password candidates.
 Password Security Assessment: Security professionals can use John the Ripper
to assess the strength of user passwords within an organization. By cracking
weak passwords, they can identify areas where security improvements are
needed.
Uses

Security Auditing: System administrators and IT security teams can perform

routine password audits using John the Ripper to ensure that users are
following password policies and to detect any weak or easily guessable
passwords.

Research and Development: Researchers and security experts can use John the
Ripper to study and analyze password security, as well as to develop and test
new password-cracking techniques and defenses.
 Penetration Testing: Ethical hackers and penetration testers use John the
Ripper to test the security of systems and networks by attempting to crack
passwords. This helps identify potential vulnerabilities and weak points in the
security infrastructure.
Uses

Password Recovery: John the Ripper can be used to recover lost or forgotten
passwords, such as when someone needs to regain access to their own account
or data.

Security Training and Education: John the Ripper can be used as a teaching
tool in security training and education to demonstrate password security
concepts, the effectiveness of strong passwords, and the techniques used by
attackers.
COUNTER MEASURES Strong Password Policies
Complexity: Promote complex, non-dictionary-based passwords.
Length: Encourage longer passwords (at least 12 characters).

Hashing Algorithms
Use Strong Algorithms: Choose bcrypt, scrypt, or PBKDF2 over weaker
ones like MD5 or SHA-1.
Slow Hashing: Slow down the hashing process to deter cracking attempts.

Two-Factor Authentication (2FA)

Implementation: Encourage or require 2FA wherever possible.
Additional Security Layer: Mitigates password vulnerabilities.
COUNTER MEASURES
Password Managers
Usage Promotion: Promote password managers for generating and
storing complex passwords.
Convenience and Security: Help users maintain strong, unique passwords.

Patch and Update

Regular Updates: Keep software and systems up to date with security
patches.
Vulnerability Mitigation: Prevent exploitation of known vulnerabilities.

Whole disk encryption can prevent an intruder from accessing the OS and
passwords stored on the system.
 Versatility: John the Ripper is known for its versatility and the wide range of
password hashes and encryption algorithms ( SHA ,MD5 ,Bcrypt ,etc) it can
Advantages of JTR

crack. Moreover it can crack hashes for a variety of files types such as .zip,. rar,
.pdf , office files and many more.

Variety of Attack Modes: It offers various attack modes, including dictionary-

based attacks, brute-force attacks, and hybrid attacks.

Parallel processing: John the ripper supports parallel processing by using a

large number of threads to reduce the computation time ( typically 10 or 12 ).
We can increase or decrease the threads using --fork flag.

Offline Password Cracking: John the Ripper excels in offline password

cracking, making it suitable for testing the strength of stored password
hashes in various systems and databases.
 Limited Online Capabilities: John the Ripper is primarily designed for offline
password attacks, which means it is not as well-suited for online attacks
against live network services as Hydra.
Drawbacks of JTR

No guarantee of success: It is computationally infeasible to always get the

password as the approaches used by john are mainly brute force. If the
control goes to incremental mode then it tries all possible combinations
which make take much time.

Dependency on wordlists: John the Ripper primarily relies on wordlists, and

the effectiveness of the tool is highly dependent on the quality and
comprehensiveness of the wordlist used. If the target password is not in the
wordlist, John the Ripper may not succeed in cracking it.

Limited to Dictionary and Rule-Based Attacks: John the Ripper primarily

uses dictionary-based and rule-based attacks. It may not be as effective in
cases where passwords are generated randomly or based on unpredictable
factors.
Hash Types Supported
 IMPLEMENTATION

CRACKING PASSWORD OF .ZIP

FILES
Cracking the password of .zip file using default
wordlist of john the ripper
Cracking the password of .zip file using
custom (rockyou.txt) dictionary.
 IMPLEMENTATION

CRACKING PASSWORD OF GIVEN

HASHES
Using Single Mode to crack the MD5 Hashes
Using Default Wordlist Mode to crack the MD5
Hashes
Using Custom Wordlist Mode to crack the MD5
Hashes
Using Incremental Mode to crack the MD5
Hashes
 IMPLEMENTATION

CRACKING PASSWORD OF LINUX

User password in Linux

From the initial days of Unix, passwords were stored in a file called as
/etc/password. And a major loophole in this single file, is that the file is
world readable. Which means any user in the system can read that file
User password in Linux

passwords are now saved in /etc/shadow file in Linux. This /etc/shadow

file is only accessible by root.
 $1$ is Message Digest 5 (MD5)
$2a$ is blowfish
$5$ is 256-bit Secure Hash Algorithm (SHA-256)
$6$ is 512-bit Secure Hash Algorithm (SHA-512)
$y$ (or $7$) is yescrypt
none of the above means DES

Using unshadow to combining the information

from passwd and user
Using word list (rockyou.txt) to crack the user
password
Thank You