1. John the Ripper is a fast password cracker for UNIX/Linux and Mac OS X..
Its primary purpose is to detect weak Unix passwords, though it
supports hashes for many other platforms as well. There is an official
free version, a community-enhanced version (with many contributed
patches but not as much quality assurance), and an inexpensive pro
version.John is different from tools like hydra. Hydra does blind bruteforcing
by trying username/password combinations on a service daemon like ftp
server or telnet server. John however needs the hash first. So the
greater challenge for a hacker is to first get the hash that is to be
cracked. Now a days hashes are more easily crackable using free rainbow
tables available online. Just go to one of the sites, submit the hash
and if the hash is made of a common word, then the site would show the
word almost instantly. Rainbow tables basically store common words and
their hashes in a large database. Larger the database, more the words
covered.This post brings out screen shots showing usage of the tools with screenshots step wise....in Kali Linux
/etc/passwd
/etc/shadow
In the screenshot below I create a user by the name of lima and create a short password for testing the tool
The unshadow command will basically combine the data of /etc/passwd and
/etc/shadow to create 1 file with username and password details. Usage
is quite simple as seen below :
Now this new file shall be cracked by john. For the wordlist we
shall be using the password list that comes with john on kali linux. It
is located at the following path/usr/share/john/password.lst
So the password cracked is "test"