John the Ripper is a fast password cracker currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latter requires an additional patch). Its main purpose is to detect weak Unix passwords. John the Ripper is designed to be both versatile and fast. It combines multiple hacking modes into one program and is fully customizable to your specific needs (you can even define your own hacking mode using the built-in compiler that supports a subset of the C language). In addition, John is available for several different platforms, allowing you to use the same cracker everywhere (you can even continue a hacking session you started on another platform). Cracked passwords will be output to the terminal and stored in a file called $JOHN/john.pot (in the documentation and in the configuration file for John, “$JOHN” stands for John’s “home directory”; which directory it actually is depends on how you installed by John).
The $JOHN/john.pot file is also used to avoid downloading hashes of passwords you’ve already cracked the next time you run John. While hacking, you can press any status key, or ‘q’ or Ctrl-C to abort the session, saving its state to a file ($JOHN/john.rec by default). If you press Ctrl-C a second time before John has time to finish processing your first Ctrl-C, John will immediately terminate the session without saving. By default, the state is also saved every 10 minutes to allow recovery in the event of a failure. These are just the most essential things you can do with John.
John the Ripper can only crack hashes – he can’t directly work with encrypted files. The program cannot open, for example, an office document, enter a password there, etc. This is a solvable problem – we need to calculate (extract) the hash for the file we are interested in. John himself does not know how to do this. Support utilities are required. You can get acquainted with their list, for example, by typing the command:
- script files in /usr/share/john/
- and binary files in /usr/sbin/
- script files in the directory /usr/lib/john/
- binaries in /usr/bin/