John the Ripper

Basic Syntax

john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

Common Options

Option	Description
`--wordlist=`	Wordlist file
`--rules`	Apply default rules
`--format=`	Force hash format
`--show`	Show cracked passwords
`--list=formats`	List supported formats
`--single`	Single crack mode (username mangling)
`--incremental`	Brute-force all combos

Identify Hash Format

john --list=formats | grep -i ntlm
john --list=formats | grep -i sha

Or auto-detect:

john hash.txt

Extract Hashes (*2john Tools)

John includes tools to extract hashes from various file types.

SSH Private Key

ssh2john id_rsa > hash.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

ZIP File

zip2john protected.zip > hash.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

RAR File

rar2john protected.rar > hash.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

7-Zip

7z2john protected.7z > hash.txt

PDF

pdf2john protected.pdf > hash.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

Office Documents (Word, Excel, PowerPoint)

office2john protected.docx > hash.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

KeePass Database

keepass2john Database.kdbx > hash.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

PFX / PKCS#12

pfx2john certificate.pfx > hash.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

Kerberos TGS (Kerberoast)

kirbi2john ticket.kirbi > hash.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

BitLocker

bitlocker2john -i disk.img > hash.txt

GPG Key

gpg2john private.key > hash.txt

Mozilla Firefox

mozilla2john key4.db > hash.txt

Common Cracking Workflows

Linux /etc/shadow

unshadow /etc/passwd /etc/shadow > unshadowed.txt
john unshadowed.txt --wordlist=/usr/share/wordlists/rockyou.txt

Windows NTLM

john --format=NT hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

MD5

john --format=raw-md5 hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

SHA256

john --format=raw-sha256 hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

bcrypt

john --format=bcrypt hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

Rules

# Default rules
john hash.txt --wordlist=rockyou.txt --rules

# Specific ruleset
john hash.txt --wordlist=rockyou.txt --rules=KoreLogic

# List rule sets
john --list=rules

Show Results

john --show hash.txt
john --show --format=NT hash.txt

Potfile

# Location
~/.john/john.pot

# View
cat ~/.john/john.pot

Quick Reference — *2john Tools

Tool	Source
`ssh2john`	SSH private keys
`zip2john`	ZIP archives
`rar2john`	RAR archives
`7z2john`	7-Zip archives
`pdf2john`	PDF files
`office2john`	MS Office docs
`keepass2john`	KeePass databases
`pfx2john`	PFX certificates
`kirbi2john`	Kerberos tickets
`bitlocker2john`	BitLocker volumes
`gpg2john`	GPG keys
`mozilla2john`	Firefox key4.db

John vs Hashcat

Feature	John	Hashcat
GPU support	Limited	Excellent
*2john extractors	Built-in	Not included
Exotic formats	Better	Fewer
Speed (GPU)	Slower	Faster
Default rules	Better	Manual

Use John for extracting hashes and exotic formats. Use Hashcat for GPU-accelerated cracking.

Documentation Index

​Basic Syntax

​Common Options

​Identify Hash Format

​Extract Hashes (*2john Tools)

​SSH Private Key

​ZIP File

​RAR File

​7-Zip

​PDF

​Office Documents (Word, Excel, PowerPoint)

​KeePass Database

​PFX / PKCS#12

​Kerberos TGS (Kerberoast)

​BitLocker

​GPG Key

​Mozilla Firefox

​Common Cracking Workflows

​Linux /etc/shadow

​Windows NTLM

​MD5

​SHA256

​bcrypt

​Rules

​Show Results

​Potfile

​Quick Reference — *2john Tools

​John vs Hashcat

Basic Syntax

Common Options

Identify Hash Format

Extract Hashes (*2john Tools)

SSH Private Key

ZIP File

RAR File

7-Zip

PDF

Office Documents (Word, Excel, PowerPoint)

KeePass Database

PFX / PKCS#12

Kerberos TGS (Kerberoast)

BitLocker

GPG Key

Mozilla Firefox

Common Cracking Workflows

Linux /etc/shadow

Windows NTLM

MD5

SHA256

bcrypt

Rules

Show Results

Potfile

Quick Reference — *2john Tools

John vs Hashcat