John the Ripper (a.k.a. JtR, or simply john) is a popular fast password cracker for both Linux and Windows. It is quite useful for identifying weak passwords. By weak, I mean ones that do not take a long time to crack. In this article I will show you how to install and use John the Ripper utility to crack weak passwords.


If you do not have john installed by default then do not worry, just read on, as in this section I will explain in detail how to get john installed. Lets start with a no fuss install procedure, i.e. lets use a package manager such as Apt or Yum. To install john using Apt run the following command.

sudo apt-get install john  # ©2021

The output of the installer is shown below.

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed: john
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 547kB of archives.
After unpacking 1155kB of additional disk space will be used.
Get:1 gutsy/main john 1.6-40.1ubuntu2 [547kB]
Fetched 547kB in 0s (1183kB/s)
Selecting previously deselected package john.
(Reading database ... 142662 files and directories currently installed.)
Unpacking john (from .john_1.6-40.1ubuntu2_i386.deb) ...
Setting up john (1.6-40.1ubuntu2) ...

If you are using Yum package manager, then try the following command instead.

sudo yum install john  # ©2021

You could also compile and install john from source distribution. First, you will need to download the source code from Use wget for that.

wget  # ©2021

The output of wget will look something like this:

Connecting to||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 691706 (675K) [application/octet-stream]
Saving to: `john-1.7.2.tar.bz2'

100%[=======================================================>] 691,706  --.-K/s in 0.06s

23:22:35 (10.7 MB/s) - `john-1.7.2.tar.bz2' saved [691706/691706]

Note that at the time of writing of this article the current version of john was 1.7.2. You may wish to check for the latest version at and get that. Anyhow, once you have the sources, extract the tar.bz2 archive using tar as follows.

tar xjf john-1.7.2.tar.bz2  # ©2021

Then go into the source sub-directory.

cd john-1.7.2/src  # ©2021

Once there, run make.

make  # ©2021

This will produce a long list of supported architectures, a fragment of which is shown below.

To build John the Ripper, type: make clean SYSTEM
where SYSTEM can be one of the following:
linux-x86-sse2           Linux, x86 with SSE2 (best)
linux-x86-mmx            Linux, x86 with MMX
linux-x86-any            Linux, x86
linux-x86-64             Linux, AMD x86-64 with SSE2
generic                  Any other Unix-like system with gcc

Pick one that suits you (i.e. one matching your architecture) and use it as follows to build john.

make clean linux-x86-any  # ©2021

Once the compilation process is complete go the the run subdirectory.

cd run  # ©2021 

List its content using ls.

ls -la  # ©2021

It should look something similar to the following.

total 1228
drwx------ 2 florin florin   4096 Nov 22 00:03 .
drwx------ 5 florin florin   4096 May 22  2006 ..
lrwxrwxrwx 1 florin florin      4 Nov 22 00:03 unafs -> john
lrwxrwxrwx 1 florin florin      4 Nov 22 00:03 unique -> john
lrwxrwxrwx 1 florin florin      4 Nov 22 00:03 unshadow -> john
-rw------- 1 florin florin 341064 Dec 17  2005 all.chr
-rw------- 1 florin florin 232158 Dec 17  2005 alnum.chr
-rw------- 1 florin florin 131549 Dec 17  2005 alpha.chr
-rw------- 1 florin florin  40391 Dec 17  2005 digits.chr
-rwx------ 1 florin florin 212440 Nov 22 00:03 john
-rw------- 1 florin florin  15087 Mar  2  2006 john.conf
-rw------- 1 florin florin 215982 Dec 17  2005 lanman.chr
-rwx------ 1 florin florin    785 Dec  2  1998 mailer
-rw------- 1 florin florin  22346 Dec 17  2005 password.lst

The built john binary should be there along with some test files. To check that john is working correctly, execute the following command from the run subdirectory.

./john --test  # ©2021

This will produce test results for various encryption algorithms.

Benchmarking: Traditional DES [24/32 4K]... DONE
Many salts:     143872 c/s real, 145619 c/s virtual
Only one salt:  125004 c/s real, 137066 c/s virtual

Benchmarking: BSDI DES (x725) [24/32 4K]... DONE
Many salts:     3164 c/s real, 4733 c/s virtual
Only one salt:  3902 c/s real, 4505 c/s virtual

Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw:    2416 c/s real, 3481 c/s virtual

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw:    216 c/s real, 233 c/s virtual

Benchmarking: Kerberos AFS DES [24/32 4K]... DONE
Short:  95129 c/s real, 134363 c/s virtual
Long:   366100 c/s real, 392697 c/s virtual

Benchmarking: NT LM DES [32/32 BS]... DONE
Raw:    1927K c/s real, 2594K c/s virtual

Copy the john binary to some executable path for future use. Voilà!

Using john to find weak passwords (i.e. to crack passwords)

Type in john at the shell. This will produce john’s detailed usage information.

Created directory: /home/florin/.john
John the Ripper password cracker, version
Copyright (c) 1996-2006 by Solar Designer and others

--single                   "single crack" mode
--wordlist=FILE --stdin    wordlist mode, read words from FILE or stdin
--rules                    enable word mangling rules for wordlist mode
--incremental[=MODE]       "incremental" mode [using section MODE]
--external=MODE            external mode or word filter
--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
--restore[=NAME]           restore an interrupted session [called NAME]
--session=NAME             give a new session the NAME
--status[=NAME]            print status of a session [called NAME]
--make-charset=FILE        make a charset, FILE will be overwritten
--show                     show cracked passwords
--test                     perform a benchmark
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
--salts=[-]COUNT           load salts with[out] at least COUNT passwords only
--format=NAME              force ciphertext format NAME: DES/BSDI/MD5/BF/AFS/LM
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3

Basically john is used as follows.

john [options] password-files  # ©2021

Lets begin by adding a new user called test.

sudo useradd test

Now lets set test’s password to something really easy (i.e. something that is in john’s password dictionary, and thus will get broken real quick). How about… joes? Run:

sudo passwd test  # ©2021

and enter joes as a password.

Enter new UNIX password: joes
Retype new UNIX password: joes
passwd: password updated successfully

On modern Linux systems, passwords are shadowed, i.e. password hashes are stored in the /etc/shadow file. You will need root privileges to access this file. An example fragment of this file is given below.


Run the following command to get crack’n…

sudo john /etc/shadow  # ©2021

Now, each time you press enter, john will print out the password it is currently trying, as shown below. Also shown below is one password found: joes.

Loaded 3 passwords with 3 different salts (FreeBSD MD5 [32/32])
guesses: 0  time: 0:00:00:02 85% (1)  c/s: 3231  trying: R9999909
guesses: 0  time: 0:00:00:03 0% (2)  c/s: 2992  trying: bond007
joes             (test)
guesses: 1  time: 0:00:00:21 19% (2)  c/s: 2636  trying: school!
Session aborted

john caches found passwords so that you can request them at a later time without a delay. Use the following command to see cached passwords.

sudo john --show /etc/shadow  # ©2021

The output of the above command is shown below.

1 password cracked, 2 left

For more detailed usage examples see


  • What is your reaction?
  • powered by Verysign
  • like
  • unmoved
  • amused
  • excited
  • angry
  • sad
Zona de mobile
34 articole
In context

  • Comment
  • powered by Verysign

Nici un comentariu inca. Fii primul!