Basic Usage
sources: Offensive Security Cheatsheet
john hashfile.txt
john --wordlist=/path/to/your/wordlist.txt hashfile.txt
john --format=ntlm hashfile.txt
john --format=bcrypt hashfile.txt
ssh2john decrypt SSH private key
ssh2john id_rsa > crack.txt
john --wordlist=/usr/share/wordlists/rockyou.txt crack.txt
openssl rsa -in id_rsa
#Enter pass phrase for id_rsa: PASSWORD_HERE
gpg2john - Decrypted PGP file
gpg --import name.asc
gpg2john name.asc > hash
john --format=gpg --wordlist=/usr/share/wordlists/rockyou.txt hash
gpg --decrypt somecredentials.pgp # Enter the password found above.
zip2john - Decrypt ZIP files
zip2john somezipname.zip > zipname.hash
john zipname.hash
7z e somezipname.zip
# Enter password (will not be echoed): PASSWORD_HERE
keepass2john
rar2john
Wordlist Mode | Dictionnary attack
Dictionnary attack using default or specific rules
./john --wordlist=password.lst --rules=rulename hashFile
./john --wordlist=password.lst --rules mypasswd
Mangling Rules Mode (hybrid)
Incremental mode (Brute Force)
./john --incremental hashFile
./john --incremental hashfile External mode (use a program to generate guesses) ./john --external: hashfile
Loopback mode (use POT as wordlist)
./john --loopback hashFile
./john --loopback hashfile Mask mode (read MASK under /doc) ./john --mask=?1?1?1?1?1?1?1?1 -1=[A-Z] hashfile -min-len=8
Hybrid Mask mode
Mask bruteforce attack
Dictionnary attack using masks
Markov mode (Read MARKOV under /doc)
---First-generate-Markov-stats:
./calc_stat wordlist markovstats
---Then-run:
./john -markov:200 -max-len:12 hashfile --mkv-stats=markovstats