Hello friends, have you ever got a password-protected zip, PDF, or any MS Office file like Word, Excel, or Powerpoint ? and you don’t know the password of that file. So how you can open it or crack its password? In this article, I’ll tell you how to crack passwords with John The Ripper.
What is John The Ripper?
John the ripper is an open-source password cracking tool originally designed for UNIX operating systems. But, now this password cracking tool can be run on fifteen different platforms. It can crack various encrypted password formats, like crypt/enigma password hash types commonly found on Linux and Windows operating systems. One can also crack passwords of compressed zip or RAR files or any document files like PDF.
Installing and Using John The Ripper
In the doc directory of John, you’ll find steps to install it in your operating system. Follow those steps and install John in your system. After that, you’ll be ready to crack passwords with John.
Cracking Zip Passwords With John
Let’s assume that your password-protected a zip file and you forgot its password. So how to find its password with John. Right now I’m on Kali Linux and John is pre-installed in Kali. First, we need to extract the password hash from the zip file using the zip2john tool. zip2john comes with John the ripper package.
Open your terminal and navigate to the directory where the zip file is located. In my case, it is on the Desktop.
Type the below command, this will extract the hash from the zip file using the zip2john tool and then save it in hash.txt.
zip2john one.zip > hash.txt
When extracting password hash from rar file use
rar2john or for pdf files use
After extracting the hash in a file. Like here, we extracted the password hash to a file named hash.txt. Now use john to crack the password from this hash.txt using the command below.
john --format=zip hash.txt
Again, if the file is in another format specify that format and then the hash file. It will take time according to the password strength. If it is simple, it will be cracked in seconds. Like here password was 1234 (highlighted in red) so it did not take that much time.
So this is how you can crack passwords of files using john the ripper.
Cracking Linux Password
You can use john to crack the password of a Linux user’s password. Passwords of Linux users are saved in a shadow file located in the /etc directory. In shadow, file passwords are saved in an encrypted format.
sudo john /etc/shadow
By typing the above command john will start a dictionary attack on the hashes that are stored in the shadow file. But, it will take so much time because we’ve not specified that format. So john will try all formats in order until it founds and cracks the password with the correct format.
We can make things simple and less time-consuming for john, by just specifying the correct format. So Linux password hashes are in crypt format. So the above command with the format specified will look the same as the command below.
sudo john --format=crypt /etc/shadow
In the above image username and password is highlighted in red. It is showing one user because previously it has cracked another user. So john is not going to crack it again. To view the saved cracked passwords you can use
Using John The Ripper, one can crack passwords of any file. John needs a password hash to find the password so make sure to use the 2john tool to extract the password hash from that files. You can also watch the video available below.
Youtube Video: Crack Passwords With John The Ripper