27752 total geeks with 3539 solutions
Recent challengers:
 Welcome, you are an anonymous user! [register] [login] Get a yourname@osix.net email address 



User's box

Forgot password?
New account

<strong><a href="http:/ /it.pens74.r u/">penna Montblanc</a ></strong> | <strong><a href="http:/ /it.pens74.r u/">penna Montblanc</a ></strong> | <strong><a href="http:/ /www.pens74. ru/it/">penn a Montblanc</a ></strong><b r> <title>Montb lanc Meisterstuck Finelin
<strong><a href="http:/ /it.copacosm etics.com/"> orologi</a>< /strong> | <strong><a href="http:/ /it.copacosm etics.com/"> orologi</a>< /strong> | <strong><a href="http:/ /www.copacos metics.com/i t/">orologi< /a></strong> <br> <title>Repli ca Tag Heuer orologi , im
[b][url=http ://it.watchr eplica.cn/]r eplica orologi di<strong><a href="http:/ /it.watchrep lica.cn/">re plica orologi di alta qualità</a> </strong><br > <strong><a href="http:/ /www.watchre plica.cn/it/ ">replica orologi di alta qualità</a> </strong><br >
<ul><li><str ong><a href="http:/ /www.watchre plica.cn/it/ ">swiss orologi meccanici movimento replica</a>< /strong></li ><li><strong ><a href="http:/ /it.watchrep lica.cn/">or ologi</a></s trong></li>< li><strong>< a href="http:/ /www.watchre plica.cn/it/ ">orologi</a ><
[b]<a href="http:/ /www.rolexwa tches.top/it /">swiss r<strong><a href="http:/ /www.rolexwa tches.top/it /">swiss replica orologi aaa +</a></stron g><br> <strong><a href="http:/ /www.rolexwa tches.top/it /">Orologi svizzeri replica</a>< /strong><br>

Donate and help us fund new challenges
Due Date: Nov 30
November Goal: $40.00
Gross: $0.00
Net Balance: $0.00
Left to go: $40.00

News Feeds
The Register
VPN users menaced
by port forwarding
LHC records biggest
bang ever with 1
EU privacy watchdog
calls for more
?processing of
personal data?
Walmart spied on
workers" Tweets,
blogs before
Amazon"s new drones
powered by Jeremy
Clarkson"s sarcasm
OLPC"s modular heir
hits the
crowdfunding trail
Is it a Loon or is
it a drone? Google
seeks experimental
radio license in US
Estonian vendor
sparks Li-Fi
hypegasm with
gigabit demo
Microsoft takes
PUPs behind the
shed with gun in
Google cloud outage
caused by failure
that saw admins run
it manually ... and
Diamond Nanothreads
Could Support Space
VW Officials Knew
Since Last Year of
Misleading Fuel
Economy Claims
Israel Meets With
Google and YouTube
To Discuss
Censoring Videos
Contractors or Not,
Seattle Uber
Drivers Might Get
Amazon Reveals New
Delivery Drone
Design With Range
of 15 Miles
Purdue Experiments
Student Loans
Facebook Expands
Parental Leave
Policy For All
Employees Globally
Ethics: A Good
Reason To Sit
Further Away From
Your Boss
Cortana Coming To
iOS, For 2000 Beta
Canadian, UK Law
Professors Condemn
Space Mining
Provisions of
Commercial Space
Article viewer

John the Ripper Tutorial

Written by:Renegade
Published by:thinkt4nk
Published on:2003-12-21 22:14:40
Search OSI about Security.More articles by Renegade.
 viewed 821993 times send this article printer friendly

Digg this!
    Rate this article :
John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly what they want. This tutorial is aimed at them.

I wrote this tutorial as best I could to try to explain to the newbie how to operate JTR. Remember, this is a newbie tutorial, so I wont go into detail with all of the features. JTR is a program that decyrpts Unix passwords using DES (Data Encryption Standard).

The Process
  • Step 1: Download JTR.

  • Step 2: Extract JTR. In windows use winzip. In unix type

    tar -xzf john-1.6.tar.gz

  • Step 3: In windows open the command prompt. Go to the Start menu, click Run, type 'command' (no quotes) and press enter.

    You with me? Good. Go to whatever directory to have JTR in. Type 'john' and press enter. A whole list of options will come up:

    John the Ripper Version 1.6 Copyright (c) 1996-98 by Solar Designer

    -single "single crack" mode
    -wordfile:FILE -stdin wordlist mode, read words from FILE or stdin
    -rules enable rules for wordlist mode
    -incremental[:MODE] incremental mode [using section MODE]
    -external:MODE external mode or word filter
    -stdout[:LENGTH] no cracking, just write words to stdout
    -restore[:FILE] restore an interrupted session [from FILE]
    -session:FILE set session file name to FILE
    -status[:FILE] print status of a session [from FILE]
    -makechars:FILE make a charset, FILE will be overwritten
    -show show cracked passwords
    -test perform a benchmark
    -users:[-]LOGIN|UID[,..] load this (these) user(s) only
    -groups:[-]GID[,..] load users of this (these) group(s) only
    -shells:[-]SHELL[,..] load users with this (these) shell(s) only
    -salts:[-]COUNT load salts with at least COUNT passwords only
    -format:NAME force ciphertext format NAME
    -savemem:LEVEL enable memory saving, at LEVEL 1..3

    You wont need most of these options. In fact, you don't really need any of these options. You can simply type 'john
  • [filename]'. The filename must include the .txt extension. This is the regular crack. It will use bruteforce to decrypt all of the passwords in the file. If you're an impatient ass you can use a word list. This is not as effective but it's quicker (more on that later).

    How to make a crackable file: Let's say that for some reason you have a DES encrypted password but no file. If you want to crack it (why else would you be here?) you need to make your own file. Just create a text file and paste in the password. Now put a username (just any old name will do) in front of it with a colon separating the two. It should look something like this:


    Save the file as crackme.txt (just an example) and go to the prompt and type 'john crackme.txt' (no quotes obviously). Now you just have to wait.

    Here are a list of the options and what they do.

  • single: Single crack mode. This is only recommended for weak passwords as it includes only a few rules and a small wordlist.

    Usage: john -single crackme.txt

  • wordfile: Uses a wordlist (basically a dictionary attack). What this does is tries every word in the list until it finds a match or you reach the end of the list. This is quicker than the default (bruteforce) attack, but I don't recommend this because it doesn't always find a match. More notes on wordlists below.

    Usage: john -wordfile:password.lst crackme.txt

  • rules: Lets you define the rules for using wordlists. I don't use wordlists, so if you want to use this option I wont help you. Ok, ok, I'm just lazy. Shoot me.

  • incremental: I like this method. It allows you to do a bruteforce attack
    under certain modes.

    Usage: john -incremental:alpha crackme.txt (only letters)
           john -incremental:digits crackme.txt (only numbers)
           john -incremental:lanman crackme.txt (letters, numbers, and some special characters)
           john -incremental:all crackme.txt (all characters)

  • external: This is a little complicated, so if you are lame don't mess with it. Basically this calls the options that are defined in the configuration settings. You can change these yourself, but I wouldn't recommend it unless you know what you're doing. No, I wont tell you how, go away.

    Usage: john -external:[MODE] crackme.txt (replace MODE with whatever the
    name of your mode is).

  • restore: Ok, let's say that you need to stop the crack in the middle. Press crtl+break. A file will be created in the JTR directory named 'restore' (no quotes doofus, and yes, no file extention). You can start the crack back up from that restore point. If you used the-session option you probably have a different filename.

    Usage: john -restore:restore

  • session: Use this if you know that you will have to stop JTR in the middle of a crack. It allows you to create a new file that holds the data of your session. You can then restore your session later.

    Usage: john -session:[save to filename] crackme.txt

  • status: Shows how far you got before stoping a crack (provided you used the -session option).

    Usage: john -status:[filename]

  • show: Shows how many passwords have been cracked in a file and how many are left.

    Usage: john -show crackme.txt

  • test: Shows how fast JTR will work on your computer.

    Usage: john -test

  • users: Cracks the password only for the user or users you tell it to.

    Usage: john -users:User crackme.txt

  • groups: Cracks the passwords only for the group or groups you tell it to.

    Usage: john -group:lamers crackme.txt

  • shells: Cracks the passwords only for the shell or shells you tell it to.

    Usage: john -shells:shelly crackme.txt

  • salts: Cracks the salts that have at least the number of passwords you specify.

    Usage: john -salts:2 crackme.txt

  • format: JTR can decrypt many from many different formats, not just DES (but this is the most widely used one). Use this to force JTR to try a certain format.

    Usage: john -format:DES crackme.txt (force DES)
           john -format:BSDI crackme.txt (force BSDI)
           john -format:MD5 crackme.txt (force MD5)
           john -format:BF crackme.txt (force BF)
           john -format:AFS crackme.txt (force AFS)
           john -format:LM crackme.txt (force LM)

  • savemem: this tells JTR to automatically save your process at whatever
    level you specify from one to three.

    Usage: john -savemem:1 crackme.txt (save at level 1)
           john -savemem:2 crackme.txt (save at level 2)
           john -savemem:3 crackme.txt (save at level 3)

    How to use a wordlist with JTR: I'll assume you already have a wordlist in the JTR directory (it comes with password.lst, if you want to make your own I'll tell you how later). Go to the prompt and type 'john -wordfile:password.lst crackme.txt' (no quotes, damnit). If the password is in the wordlist, it will work. Otherwise, you deserve it for
    using a wordlist when you have bruteforce capabilities, shame on you.

    How to create a wordlist to use with JTR: First I will include a few lines of the wordlist supplied with JTR:

    #!comment: Common passwords, compiled by Solar Designer.

    The top line is a comment (duh). If you want to make a comment in your wordlist just follow the example. The other lines are passwords that the program will try when you use the wordlist. Put each password on a new line. In the event that you are too lazy to write your own wordlist you can download one (once again, I'm far too lazy to give you a link). It may or may not already be the right file format (.lst). If it isn't, just go to the prompt. Assuming the filename is lazy.txt, type 'rename lazy.txt lazy.lst'

    Piping Output: Remember the -show option? You can get JTR to save that
    output to a file. Just type 'john -show crackme.txt > crackinfo.txt'

    There's my guide. I have an FAQ below:

    Q: Can I mix options?
    A: Yes, certain options can be mixed. You can mix options as long asthey don't clash. Play around with it a while.

    Q: What does "Loaded 0 passwords" mean?
    A: There was a problem with either your password file or the syntax of your command. If you force BF decryption when your file has DES encryption it wont work. If your password file isn't made right it wont work.

    Q: What does "Password files required, but none specified" mean?
    A: Can you read? You can't just tell JTR to crack, you need to give it a file.

    Q: What does "Unknown cyphertext format name requested" mean?
    A: When you use the -format option you need to check that you typed the name of the format correctly.

    Q: How come when I typed 'john -users: login|uid crackme.txt' (which by the way is the usage shown in the list of option by JTR) I received this error:
    Option requires a parameter: "-users:"
    Bad command or file name
    A: The piping symbol you used (|) can mean two different things. In this case in means 'or'. You're supposed to use login OR uid. When you type it in a dos window, you are running two separate commands.

    Q: Can I speed up the bruteforce?
    A: Sure, just toss that old ass box of yours and get a new one.

  • Did you like this article? There are hundreds more.

    2003-12-23 23:07:16
    I think reading the /doc files included within the zip would be much more informative than... this.
    2003-12-24 19:44:28
    For your last Q&A... You make yourself sound like a crypto expert (re: "I'm lazy")...
    2005-07-12 20:58:13
    yeah but some serious ranking on google :)
    2005-08-02 15:03:14
    Whoa.. This is doing exceedingly well on google!!! But doesn't Regeneade visit here anymore?
    2005-12-05 16:43:45
    "JTR is a program that decyrpts Unix passwords using DES (Data Encryption Standard)."

    You mean it bruteforces by encrypting various words and trying to match them. You can't decrypt DES.
    2005-12-05 19:18:17
    I'd call it hashing rather than encrypting. I like this article less and less each time I read it, there are so many mistakes. However, I don't want the editors to touch it, since it's rules with Google rankings.
    2005-12-06 11:02:41
    what's the difference between savemem:1 , savemem:2, and savemem:3.
    2006-04-16 19:10:04
    2006-04-16 19:11:05
    Nice google rank, nothing is mentioned about other apps such as forkjohn (hidden in the chaos release). What about Djohn? :) Your not going to tell us about parellel external modes, oh well :P

    2006-06-21 10:39:31
    Error - "No password hashes loaded" is similiar to "Loaded 0 passwords" ?
    2006-07-25 06:00:43
    You said: "Go to whatever directory to have JTR in. Type 'john' and press enter".

    If i have it on the desktop, what do i do?
    2006-07-25 06:38:24
    You load up the command prompt, Go to whatever directory to have JTR in. Type 'john' and press enter
    2006-08-01 18:17:31
    you sure i wont get a virus from downloading it?
    2006-08-01 19:16:40
    You may well do, I wouldn't risk it if I were you.
    2006-08-02 09:16:12
    yeah winzip are very dodgy people.
    2006-08-02 17:57:31
    When itype"command" in run it comes out the command prompt.Then i choose my file JTR directory and push enter.Then when it comes out the command prompt it quickly dissapears,and i cannot see anything.Please Help Me.krste_2005@yahoo.com
    2006-08-03 09:12:45
    Use 'cmd', not 'command' for starters.
    2006-08-18 03:02:20
    the program itself is likely to be identified as a virus even though it is not technically one

    if you got it off the openwall site just tell your antivirus to ignore it...
    2006-09-02 13:20:36
    This is fucking useless like all the other bogus "User Guides" to JTR and the original readmes from the author of JTR. They're all written in geekspeak for other geeks who don't need the help in the first place. Thanks for wasting my time and the time of thousands of other people by pretending to provide assistance in using JTR.
    2006-09-02 13:37:07
    If you can't work it out, you shouldn't be using it, Mr
    2006-09-02 21:15:33
    D, do you realise that anon cowards would not be using a static IP ISP?
    2006-09-03 08:15:43
    I really don't think they're that smart. Besides, I just do it in the assumption they're idiots and it panics them into another dumb post.
    2006-09-04 08:16:30
    hey geeks!!
    i'm really a newbie to all of this... it's ok with this tutorial but how can we use it to crack a mail (Yahoo!, MSN) password with this software? and if not possible, do you guys know any method of doing it?... As i don't come by often here, it'd be great if you could send me an e-mail (kadioui_saad@hotmail.com)
    thanx guys
    2006-09-04 11:32:10
    2006-09-13 07:22:56
    please teach me how to hack masters....here's my add padawan_06@yahoo.com
    2006-09-13 08:10:21
    Hey, we recently discussed the latest in msn hacking.. http://osix.net/modules/forum/thread.php?id=13711
    2006-09-15 06:07:43
    hello guys,first off great for you to help out newbies....secondly im having some trouble,when i tyoe john in cmd it tells me that the john is not a recognise...okay you probable now the rest.....please help....
    2006-09-15 11:28:36

    Make sure you put the files in your windows folder . If you just extract it , it would create to maps , and that won't work .

    extract the content of run in your windows folder , that should work

    2006-10-02 18:47:41
    Anyone who doesn't understand this is a muppet. I'm not a geek.. use your fucking braincells, and don't moan cos you have nil initiative........... I've worked around the probs you numbskulls..
    2006-10-07 07:12:28
    just wanted to know...
    in some other tutorial i saw an option like:
    "john -i filename.txt"

    what does "-i" option do?
    2006-10-07 08:18:08
    I imagine it's just short for incremental
    2006-10-16 07:17:04
    I need john to crack longer password than 8 chars. I wrote an incremental field in /etc/john/john.conf file with MaxLen=16 parameter but John try max 8 chars long passwords.
    Has anybody any idea?
    Thanks a lot.
    2006-10-16 11:28:38
    dime que tengo que hacer para craquear un cervidor
    que me hiieron una y tengo que cobrarmela.........
    ayuda la necesito mi pana
    2006-10-25 04:10:36
    Hmmm...tried all those things but not sure how it can help newbie in most cases... ;?
    2006-10-27 12:27:56
    When using a wordlist JTR only uses the first 8 letters of the words in the list. Is there a way to increase wordlength in the wordlist mode?
    2006-10-27 19:54:28
    I think the 8 character thing's only with the DES/crypt() type hashing, because the crypt function only hashes the first 8 characters anyway - so trying longer strings would be silly. At least with MD5, it tries arbitrarily long strings.
    2006-10-29 07:34:38
    What is all the fuss? I am new to JtR And there was some useful tips on this site. I was able to write a shell script that I can run in backtrack that automatically selects what windows system your hacking then does bkhive, samdump2 then give you options for quick wordlist or 4 incremental options. I burned that script and backtrack2 to a 1 gig thumb drive. All I have to do is boot that f_cker up and and run my script. I timed myself and was able to crack all 9 passwords some in less than a minute some in 4 hrs.
    2006-11-20 05:25:25
    i am using JTR, I managed to figure out that just typying john in dos prompt doesnt work unless you type in the actuall name of the file in my case - john-386....anyway. Can anyone recommend a site that would help me write a simple program to crack a short password file...using the crypt()? Any help would be appreciated. thnx
    2006-11-30 19:38:15
    no encuentro la ruta para abrir jtr
    extraigo el archivo que descarge en el escritorio ahora que ago cual es la direccion
    porfavor respondan
    2006-12-26 08:56:07
    JTR crack shell accounts? If it does how can I do that?
    2006-12-26 10:59:36
    Shell accounts are easy with john, just type in "john --stdout --incremental >ipofserver".

    So for instance, 'john --stdout --incremental >' would eventually get you a shell account on You'll have to leave it a while, though, and it might not look like it's doing anything (it can take hours/days, but probably just a few hours)
    2007-01-04 00:03:42
    I need help, I can't even get the first part done. I extracted the john folder to the Windows folder, my desktop, and a few other places. I type in john in command prompt and it says it can't recognize it. Somebody please help.
    2007-01-04 00:20:51
    Okay, I ran the john-386.exe file.

    But it opens and closes command prompt right away. Why won't it stay open?
    2007-01-04 14:13:24
    It's me again, I used the dir command in command prompt. But it's saying system cannot find the file specified when I configure the path.
    2007-01-10 02:01:08
    hi i wand to hack some 1 is but i dont known hacking can u plz hack a password 4 me ok reply me on sawera_sahil@hotmil
    2007-01-10 02:03:20
    plz its so urget help me ou sawera
    2007-01-11 15:24:23
    How can i crack md5 hashes with john the ripper ?
    2007-01-13 22:07:01
    what a lame ass article. seriously! renegade is a dumass.
    2007-01-15 15:50:01
    How the hell... do you hack aim accounts with this?
    2007-01-19 19:42:05
    that guy is a total knobhead./
    2007-01-21 18:25:49
    how the hell do i find out someones myspace password and email?????!!!!!
    2007-01-22 15:22:19
    This is probably a stupid question. U need the file containing the encrypted passwords first, how do I get that shadow file, does john the ripper do this for you?
    2007-01-23 10:14:37
    I have the same question about cracking Facebook/My Space. I'm trying to practice on my own page. Any clues? How do you use JTR on a web site where you don't have a txt file with the encrypted password already. Is this impossible? Any clues?
    2007-01-27 18:38:59
    To all the people who ask "How can I crack someone's MySpace with this" or similar questions..
    You DON'T.
    Let's imagine, for a moment, that there were fixed steps that one could take to break into an account.
    The service providing that sort of account (e.g. MySpace) would presumably find out about it quickly and fix the problem.
    Sorry if I misrepresented anything here, btw
    2007-01-29 10:50:37
    Tis me the stupid question fella again. All I want to know is how to extract the hashed password files from the system(Red Hat Linux).Is there a program that does this or is this a feature of JTR
    2007-01-31 21:05:04
    Good guide for beginers like me to get started, am curious how long it takes to crack one des hash would have been nice to have a rough timescale of how long it takes included, still were soon see !
    2007-02-02 15:08:29
    Depending on your dictionary, the strength of the pass and chosen method it could take seconds hours or lifetime :)
    2007-02-02 15:10:45
    To the "stupid question fella" you need to exploite the site to get the passfile and then decrypt it with john
    I'm a total loser when it comes to exploiting so I can't give hilights ;)
    2007-02-09 16:52:29
    ... I forgot to mention above that I have the latest version ( yesterday ) "john-1701", so maybe this was never tested by anyone on DOS or WIN ? thanks.
    2007-02-10 05:46:01
    Is this program used to crack Windows pwds only or can we also use it for password protected applications as well? I am not saying cracking a software to make it licenced.
    2007-02-17 06:15:18
    does this thing work to crack passwords like myspace and aim? e-mail me kay.hathaway@comcast.net i really need help.
    2007-03-02 05:46:54
    I got a password I'm trying to crack, its salted too.
    I'm running JTR as shown above but for some reason it keeps showing
    gueesses: 0 time ?:??:??:?? <3> some number (6) trying : some words - some other words...
    is this right...??
    2007-03-02 06:48:40
    Weird, it doesn't just show the cracked password? Sounds like it's broken.
    2007-03-02 13:33:38
    nope it isn't....

    any chance I talk to someone offline on this....??
    i can be reached at akattalakis@gmail.com
    2007-03-03 14:14:55
    I'm a little confused about the password.txt file i'm supposed to load with JTR. I've been using airodump and have successfully captured a handshake from the target network. The thing is, its in a .cap file and I can't seem to figure out how to create a hashed .txt file from it. Out of frustration I tried to directly load the .cap file into JTR and i got the following response:

    Loaded 2 password hashes with no different salts (NT LM DES [32/32 BS])

    that's all i get. Then when I pressed ENTER on my keyboard I got what seems to be a process update:

    guesses: 0 time: 0:00:00:26 (3) c/s: 5024K trying:LUIQE95 - LUIQEV$

    If i press enter again it gives me a new update and the "time" and "trying" change (obviously) but the "guesses" always stays as 0. Is this what its supposed to be saying when its trying to crack a password?

    My biggest concern is how to turn a .cap file into a into a .txt hashed file. Help?
    2007-03-03 14:17:50
    It is supposed to say guesses '0' until it has cracked the password. Then guesses will become '1'.
    2007-03-03 15:16:33
    so everything is working properly then? I should just leave it running with my .cap file?

    Another question, since i'm using a .cap file and not an extracted hashed .txt file, what if my .cap file was to contain handshakes for more than one network? how does JTR request which one i want to crack?
    2007-03-03 20:55:37
    Hi, I am new at John. I've installed it but I don't understand how the copy of the password's file works. Where should I put it? I've tried to manipulate the passwd and master.passwd files inside /etc, but still nothing. Everytime I make a copy in the /run directory I get an empty one. Hope you could help, thanks
    2007-03-04 01:20:51
    put the password file where john.exe is located
    that is where i put mine.
    2007-03-04 17:16:45
    thanks. But I am using Unix with macintosh, OS 10.4. Passwords are shadowed. I got my sha1 hash inside
    Now, Following the john installing instructions; I am using the john's unshadow tool, replacing "unshadow /etc/passwd /etc/shadow > mypasswd" to "unshadow /etc/passwd /var/db/shadow/hash > mypasswd".
    What can I do? Should I copy the first 8 characters of the sha1, instead of the encrypted unix password in "/etc/passwd" file ?
    How does john's "unshadow" tool operates? Thank you osix.net
    2007-03-05 19:41:47
    i am new at the whole hacking thing and before i get critisized please remember that you were a noob once to please be kind thank you...how do you do this part specifically the directory part (You with me? Good. Go to whatever directory to have JTR in. Type 'john' and press enter. A whole list of options will come up: )
    2007-03-13 13:53:14
    can you get this integrated with ssh sessions?
    2007-03-18 14:59:11
    ok what the hell. i tried to run jtr. when i get to command prompt it just says c:\Documents and settings\hp_administrator no matter what i type.
    2007-03-18 16:11:46
    Sounds broken, try reinstalling Windows
    2007-03-21 00:24:41
    K so to run john I type \john1701\run\john-386
    and get the whole list of options.

    Then it tells me to just type 'john user.txt' (in this case I made my txt file containing the hash user.txt). However I think the tutorial is a bit outdated as john doesn't exist in the directory so I try 'john-386 user.txt' and still nothing.

    Any help here please.
    2007-03-21 07:11:01
    You're stupid, does that help at all?
    2007-03-22 11:17:06
    I need to edit rules used with wordlist. One of my coworkers said that this password is good, and I claimed that it is not. It was just one word reversed and "o" replaced with "0". As a demonstration I run John to show him how fast that password gets cracked. To my big surprise John didn't crack it immediately. I checked wordlist and word is there, so that should not be the problem. So it must be the rules.
    2007-03-22 19:37:42
    They're in the john.ini file, take a look at that.
    2007-03-26 04:30:17
    I don't get this, I've got this hash that's
    331 letters/numbers/whatever so I put it into a
    text file called pass.txt and opened up john, went to it's directory and wrote *john pass.txt* and it just
    says *no password hashes loaded*.
    2007-03-26 05:57:18
    Those rules are somewhat cryptic. Any documentation and/or howtos howto create rules? (better than "RULES" -file has). It could be interesting to create rules that apply to my language better than standard rules.
    2007-03-26 07:42:45
    RULES is a pretty extensive document that gives the complete syntax. What more do you need?

    And the guy before, you have a "331 letters/numbers/whatever" hash? What type of hash is that exactly?
    2007-03-26 08:01:52
    Encrypted I mean... I was also thinking that maybe I had to unshadow it or something? How do you get the
    shadow file for doing that?
    2007-03-26 12:26:35
    This is unrelated to John. It's not encrypted - it's base64 encoded. All it appears to be is an IRC script that will let other people control your client, or something. Shadow files are completely irrelevant, too.
    2007-03-26 12:28:25
    Oh ok :/ Do you have any idea of how to use it in IRC?
    2007-03-26 16:39:36
    You don't! It sounds much like it's just a script that will make you vuln to people taking over your client, especially since it's encoded. You should really go somewhere else for your smut - I know you sound desperate, but give it up on that string. I'm sorry I've not been able to help you be dirty.
    2007-03-27 03:35:03
    Alright, thanks for the help,
    2007-03-27 05:35:42
    RULES is a pretty extensive document that gives the complete syntax. What more do you need?

    I was just looking for some sort of tutorial or examples of how to tweak rules. If there isn't any, then I will figure that out myself.

    BTW. Current John is about year old. Any info about development? It could be nice to add rainbow table -support for John and still use wordlists and raw power incremental mode as last resort. Also multi-core processor support and that sort of things would be nice to see.
    2007-03-27 06:08:38
    Folks here are aware we're nothing to do with Openwall or the JtR project, right?
    2007-03-27 23:34:01
    It's an average article.It can be helpful to people who know what brute forcing is and can find their way around compiling, adding paths, etc.

    As to people asking how to get passwords to someones email accounts or social networking accounts; if you have to ask, you are not smart enough to do it.
    You definitely don't have the skills to penetrate the firewalls, IDS systems and other security measures deployed by the aforementioned entities, hack in to their database, find the tables that old the passwords hashes and retrieve them and then brute force them.

    2007-03-28 15:37:12
    Ok, so I have downloaded the JTR file, but I'm using windows. First off, in command promot, "john" (without the quotation marks) is not an operable program. I've unzipped the john-1.6 folder directly into my desktop. so my command prompt reads:

    c:\Documents and Settings\Emilio\Desktop>

    I've typed "john" following that, john-1.6, etc, and I can not seem to run the program. Any help?
    2007-03-29 05:26:48
    You're an idiot.
    2007-03-29 15:49:58
    Hiya, i'm looking for passwords to certain ...ahem adult websites, would this tool be useful in assisting me in my pervy endeavour? Thanks.
    2007-04-04 13:32:54
    OK, I'm going to spell it out.


    Good god, use something like Brutus or Hydra if you don't want to pay for your porn (or just delve into the magical world of torrents)...
    2007-04-07 07:28:41
    I can't really imagine a situation where you 'need' to get into someone else's mail account without some kind of court order.
    2007-04-07 12:45:45
    If you are an administrator and testing your employees passwords you would
    2007-04-07 14:38:19
    How is that "need[ing] to get into someone else's mail account"? That's an entirely different scenario, one which has many solutions available.
    2007-04-09 15:31:41
    Can someone help me with what it should look like when I try to run it and btw the file is in my desktop
    2007-04-13 01:05:00
    how do i get a password file for a facebook account. will pwdump work for html??? if so, how?
    2007-04-13 07:13:13
    On the person whose password file you want to get, post on their wall saying, "I'm a goddamn idiot" and it'll be e-mailed to you.
    2007-04-23 10:56:02
    he he he.... :-)
    2007-04-23 19:39:39
    I'm having the same problem that I've seen in some of the other posts -- and I think I've tried everything(except the correct way obviously). I have crack.txt in the same dir as John The Ripper. The John.exe opens fine - but when I try to load crack.txt(which contains one line-User:gyuJo098KkLy9- it says "No password hashes loaded" I've even changed crack.txt to open with John.exe, and tried every option available...so far failed every time. If someone could help me on this it'd be appreciated.

    Thanks in advance
    2007-04-25 18:42:08
    Yeah mine says no hashes
    2007-04-25 20:32:05
    well ,it seems that i am too dump to know how to obtain the encrypted password file for windows xp,in fact there are different types of password file i want to know how to obtain ,like zip ms word ,,,,,,etc ,can anyone teach me how ?????
    2007-05-11 05:26:44
    all you dumbasses used google to get here, why not try using it to get the answers you seek.

    Wow, the only thing the internet did is show me exactly how many retards can own a computer.
    2007-05-24 23:01:18
    i cant seem to get past step 2. everytime i type in john into the command prompt, it says that john isn't recognised..help please!
    2007-06-05 17:52:08
    cn i ask i kno it says dat the above to download the jtr is free but is it acuali free to download thanks i wld be grategull if u cld tell me
    2007-06-10 11:39:51
    OK, I have already learned waaay more than I ever knew before about email, etc, since I found out my spouse has been cheating, but now he preety much keeps his laptap with him 24/7, and changed his outlook password , so I can't access his accoutn remotely. I think it is legal for me to read his email since he is my spouse, therefore I want to crack his password remotely, but everything I read above is literally GREEK, or would that be geek? (hee, hee) I can accept that I may clearly not have enough knowledge to be able to do this...Help, please, anyone! And, ok, I am a dumb newbie--I'll say it first. shh@comcast.net
    2007-06-14 05:36:36
    hi all,
    i wish to know how to crack yahoo passwork i think mmy girl she is cheating on me !
    please send medetails on how ttogo about it on nairobian_0@yahoo.com
    2007-06-17 16:01:25
    um hi i am trying to crack my old password with john the ripper and i am having diffaculties can some 1` help me
    2007-06-18 17:58:07
    ok...I'm as newbie as they get. I need major help. I've downloaded JTR, but now i'm trying to run it in the command prompt, but I can't seem to figure it out. PLEASE HELP ME!!!!!!!!!!!!
    2007-06-22 03:15:40
    John tells me that "no password hasches loaded". This is strange since in my JTR folder have a file with a username and the password (named pass.lst), which looks like this: hell:$1$Y0Cc8$dVJAvE5CyLKaQONpAKk5R

    i run john the following way:
    ./john wordlist:password.lst pass.lst

    This looks ok, doesen't it? So why does john tell me that no hasches are loaded? I already know the password and I actually added it to the wordlist. I did this just to check if I could get things working but obviously I can`t. Help please?
    2007-07-13 14:08:45
    I have John running and tested it against an exported windows password file where I already know the passwords. It did, in fact, crack them but reported them in all caps when the passwords actually have mixed case letters. For example, the actual password is "Dog7Dew" but John shows it as "DOG7DEW".

    The Windows login is case sensitive on this system In other words "GOG7DEW" won't work. What do I do now to get the correct case besides manually trying all the possibilities?
    2007-07-29 15:24:33
    im a neb at this so could you use this for myspace pawords if you know there email
    2007-07-31 08:24:20
    OK, i just read every comment above and nothing is working, I'm very new at cracking and i dont understand the "unix" part and i cant get past the extraction step(in other words cant open it) please help.
    2007-08-01 06:25:40
    P.S. (same guy from above) For all the people trying to get myspace passwords what are some examples to what JTR can get passwords too.
    2007-08-17 17:57:26
    i type john and nothing happens a big PROBLEM
    not internalor external command
    i unzip it like the way you said
    i go to the directory where it was
    and nothing happens
    so i decided to watch porn movies instead
    and i also masturbate
    its good no problem
    2007-09-07 05:04:34
    "john" is not recognized as an internal or external command, operable program or batch file.
    What am I doing wrong here? Please help me
    2007-09-08 19:17:17
    F..k me,i dont understand.where ever i click to download JTH (i mean in all available websites) comes up a warning message that its a virus!!!!.what do i do?download it anyway?or maybe i gop wrong site? can i get a link pleeeaaasee??? arunasemail@yahoo.co.uk
    2007-09-26 16:58:45
    I have a big problem i keep on getting an error that says i the file was not found i do put crackme.txt and i saved the file in the run folder as crackme.txt wat the hell am i doing wrong
    2007-09-26 22:09:09
    hi guys, listen, at the begining when he say:
    "Go to whatever directory to have JTR in. Type 'john' and press enter." he means to write in on the command? if so, what do i right i dont realy understant plz help :/
    2007-09-26 22:10:10
    hi guys, listen, at the begining when he say:
    "Go to whatever directory to have JTR in. Type 'john' and press enter." he means to write it on the command? if so, what do i write i dont realy understant plz help :/
    2007-10-05 22:52:31
    say u have it on desktop?
    cd\ to ure desktop and in to ure JTR folder and subfolders until u see john.exe when u run a DIR command, then type john
    2007-10-14 09:54:43
    How does that wor for MacOSX though?
    2007-10-17 19:12:51
    would like to search INCREMENTAL length=8 Only capital characters. That should not be hard to do ...but for me it is.
    In other words:I would like to use incremental mode with a custom char set. Could someone Please help me out...would appreciate is very much...!
    2007-10-23 23:10:03
    Anonymous wat u do is type C:\Desktop\john1701\run\john-368.com in the command prompt.
    2007-10-30 23:13:16
    Hello everyone, I need help:
    I have 3 files rar with password, every password is contained in "wordlist?" This type:
    Srtgertg: 453gf4e5f
    45 g45g45: g4g545g45
    45 tg455g: 563546356

    I open the prompt and I write: John pass.txt (pass. txt = Srtgertg: 453gf4e5f 45 g45g45: g4g545g45 45
    tg455g: 563546356)

    I wrong?

    Thanks in advance ^ ^
    2007-11-18 15:02:22
    Hello everybody, here is another dork spending hours of debate over something (supposedly) simple.
    How do I crack a simple md5 with JTR?

    I've tried sticking it inside a file, tried sticking it in a file with "User:*myhashhere*", I've tried somehow feeding it into JTR from the commandline, nothing seems to work!

    I've read through every single manual page about three times, and I don't see a single reference to the actual passwd file itself.

    Now this is seriously bothering me, since I should have gone to bed about 5 hours ago.

    2007-11-20 11:23:33
    last anonymous, the password is probably shadowed so you need to do is:
    unshadow /etc/passwd /etc/shadow > whatever.txt
    john whatever.txt
    ok so far with a MD5password but i cant do it with a .htpasswd :( anybody can help?
    2007-11-21 18:50:17
    2007-11-22 13:04:25

    which format is this
    2007-12-05 18:00:13
    This is MD5 !
    2007-12-15 16:58:59
    its not about passwords only how do you retrieve the username as well?
    2007-12-21 08:50:42
    i need help!!! i saved the run file in windows and when i type "C:\WINDOWS\run\john-386" the list appears. then right after when i type john it says that it is not a recognized command.
    2008-01-05 17:35:41
    I have done everything mentioned, can you belive i read all the comments, but i am still having a problem. I have some front page user names and passwords, i have save one to a .txt file which is in my jtr\run\ file, yet when i use JTR it cant find the file (which is called crackme.txt). I have tried all ways of C:\JTR\Run\john-386 --single crackme.txt. I am a noob at this, and i am sure the answer is a one liner, but can some one help

    2008-01-05 17:44:29
    No need to answer above sorted it, just got the "No passwords hashes loaded"
    For anyone else in the cmd. you type

    C:\JTR\RUN\JOHN-386.EXE -single C:\JTR\RUN\crackme.txt

    Now i just got to sort out the pasword hashes..!!

    2008-01-05 17:44:34
    No need to answer above sorted it, just got the "No passwords hashes loaded"
    For anyone else in the cmd. you type

    C:\JTR\RUN\JOHN-386.EXE -single C:\JTR\RUN\crackme.txt

    Now i just got to sort out the pasword hashes..!!

    2008-01-06 18:13:55
    could someone please help

    iv made a user.lst file for my hashes and i only have "one" in there its a md5 hash (i think) and iv entered it like this:


    i know that works for DES hashes as iv used it but do i need to change soemthing for md5 hashes

    i ask becasue when i type "john-386 w=passwords.lst users.lst" it says its loaded 2 password hashes with no different salts even though i only have one password hash

    and when i try "john-386 format:MD5 users.lst it tells me that theres no hashes .... "no hashes loaded"

    can anyone tell me where im going wrong
    2008-01-14 23:28:28
    Hey can someone please help, I am trying to hack this internet's WEP password. I am trying to get into this network so I can use their WiFi connection, how do I use JTR to figure out the password?! help would be greatly appreciated if you could email me at kninepuppie@gmail.com
    2008-01-26 05:05:40
    IM SO GODAM ANNOYED! What the hell does he mean by this? "You with me? Good. Go to whatever directory to have JTR in. Type 'john' and press enter. A whole list of options will come up"

    How can i go to the directory with JTR in it, and what do i type "john" into at that point?!
    2008-02-12 02:39:15
    dude I tried all this and it said unable to load main program what the heck
    2008-02-13 02:12:24
    it might be a good idea, everybody, not to post actual pass hashes
    2008-02-27 13:51:12
    i have the follwoing password i wana decrypted helpppp ..... its to important to open it the password is

    i will wait pls help me
    2008-03-24 22:18:16
    Ok, I got JTR and I opened Command Prompt.. and I try to go to the location but it keeps saying it's not recognized as an internal or external command. Do I need to put JTR in a certain location?
    2008-03-31 11:23:49
    Thanks for all the help i git from this site i now have " Loaded one passwword hash Free bsd 32/32 "
    and the cusor is blinking.
    Does that mean the programme is working ?
    How will i know when it is finished ?

    2008-04-10 05:22:58
    hi guys pretty plis one quaestion how c ome im tryng to type john to get the list iw as soupuse to get and is telling me that is not reconognized as aninternal or external program or batch file .
    Ms thing :-)
    2008-05-06 14:59:45
    Incredible. This thread is clearly aimed at people who do NOT understand how to do this, so when someone comes along who, amazingly, does NOT understand it some fuckhead calls them 'stupid'.

    I don't understand hacking either, but having a masters degree in biophysics I daresay I understand that a bit mmore than said fuckhead(s), so does that make them stupid too? Or does just their having nothing better to do than rubbish people trying to find info qualify them right off :-)))

    Anyway, thanks guys for some helpful stuff on here, and as somebody else said, if you think the OP did a poor job, do it yourself, better! At least he spent a bit of time trying to be helpful.
    2008-06-01 13:14:59
    hey guys...i'm new with this...
    can anybody tell me where to get the password file?...
    2008-06-04 03:01:24
    Go to whatever directory to have JTR in. Type 'john' and press enter......can someone please tell me in greater detail how to do this???
    2008-06-05 10:30:05
    hey just got this and i cant even get it to work i get it open and have my text file to crack but im stuck does the password.lst actually work ive tried lots to get it to work but dont have a clue wot im supposed to be doing any help feel free to email me at figaeater@hotmail.com thanks
    2008-06-09 19:25:56
    nice google rank.

    The author comes off like a "knobhead," ture, but some of the OMGCanUcrackThIsHotMailACCt ppl are almost as annoying.

    All in all, not a bad tut if you ignore the ego. Then again, I've used JTR before.
    2008-06-18 05:30:47

    1. Strangely enough, when I load a pw, it says: loaded 1 password hash and when I press a key it says: ''Guesses 0 trying blabla1 - duckatell34'' or something like that.. I really don't know how long to wait or if it will even eventually come up with something...

    2. I'm trying to hack my way from the wwwboards folders into the administration of sites, using: john -pwfile:hehe.txt -wordfile:WF.txt to cript it to UNIX, as have I included: '':-2:-2:anonymous NFS user:/:/bin/date'' behind the password and user making it look like: ''Admin:asd345sd3:-2:-2:anonymous NFS user:/:/bin/date'' to prepare it for UNIX encryption.

    I could really use some help on this if anyone knows anything on the subject, please contact me via: bjarnidk@hotmail.com (Messenger) or perhaps answer here, although this is my first visit here and I don't know if I'll ever come back :)

    Hoping to discuss hacking with you, sincerely me.
    2008-06-27 23:07:22
    got it totally working thanks
    2008-08-13 02:25:09
    anonymous is acting like he is a noob. cant you see that he is giving out like 4 of 5 different im accounts. he is trying to find your ip then attack. look. at the begining he acted like a total noob. then at the end went for more knowledgeable people by speaking more advanced. basically he is trying to act like a noobie to fake people into going to one of those IM messengers and putting him down for being a noob while in all reality he is attacking the offender
    2008-08-23 06:40:16
    Someone earlier was asking how to do this for a linux system, and I can help here, if it uses the Grub bootloader. On Linux and Mac, the password hashes are stored in the /etc/passwd file, and in order to access the system, you don't even need another device, you can access it in single user mode. When the bootloader comes up, press e on the kernel line to edit it, and add "init=/bin/bash" to the end of the line. (remove "splash" if it is there) then hit "b" to boot into single user mode. Now you can either copy /etc/passwd onto a flash drive or something, or just look at it, then write everything down, but that's a pain.
    2008-08-23 12:04:42
    They've started putting hashes back in /etc/passwd? Or have we gone back a decade?
    2008-09-21 21:44:56
    hey my command window wont let me go 2 the directory with JTR. idk y. can u tell me wat 2 type exactly in the command window

    2008-09-29 00:48:45
    2008-09-29 09:28:13
    Can someboby please help me on how to enter into another password protected computer within the same network without physically accessing that computer.
    Please email me at jephnigga1@yahoo.com
    2008-09-29 23:37:49
    cud sum1 plz help i get in to c:\john1701\run and that it i trype joh it says JOHN is not a blah blah blah
    2008-10-17 10:16:16
    Is it possible to set JTR to check only a specific password length?
    2008-10-17 21:31:16
    In the john.ini file if i add the line:
    EXTRA = !@#$
    in the [Incremental:Alnum]
    does it mean that John will test digits, alphabets and characters i specify in the EXTRA statement
    2008-10-27 21:42:26
    I'm sorry to say this, but as I read this page I'm astonished at how many RUDE people are allowed to post here without anything being done about it... you call people "dumb","knobheads", and whatnot, plus the tone you people take against newbies is just shameful. Gentlemen, I've only been around for a good year or so, so I've a lot of catching up to do, but... DO NOT FORGET THAT YOU ONCE STARTED OUT AS NEWBIES JUST LIKE EVERYONE ELSE. And even if you feel the need to make people do some serious googling before asking questions: BE POLITE, FOR FUCK'S SAKE!!!!!!! Being such magnificent geeks in this world must make you quite unloved and unwanted back on planet Earth, but try not to take it out on everyone else, it just shows you for the unadjusted social derelicts you really are!!!
    2008-11-09 17:57:42
    Hi All,
    I have to agree with the last comment.
    I followed the tutorial and everything worked fine.
    My password is fairly secure, and I can remember it!
    Thanks for a very helpful tutorial as the man pages can be a bit unhelpful to someone such as myself with limited time and intelligence.
    2008-12-07 23:05:48
    hi i do not understand how to run this program but i was just wondering if anyone knows how to get into photobucket i lost my password and cannot get into it now if anyone knows how message me at bhansol@hotmail.com thanks
    2008-12-22 02:31:38
    Funny how some people just refuse to expend a little energy using their brains. I don't mean to offend anyone but how tough is it to extract the executable and run it from the command prompt pointed to a text file? Maybe it seems overwhelming but this is a tool designed to test the integrity of passwords - some of you people are so excited about hacking some stranger's website that you forget how to think...
    2009-01-22 11:23:23
    for people who keep asking stuff that's already been answered like "what doe's he mean type john then enter" the question's have been answered,just take your time reading the thread.

    while i'm here could some one post a link to a legit working "none virus" JTR please

    thank's original poster for info.
    2009-02-12 21:04:08
    Solution for not working MD5-Cracking might be, that your version of JOHN does not support a hex-coded raw-MD5


    alternatively try this tutorial:
    2009-03-03 00:28:52
    2003-12-23 23:07:16 <- First post's date

    2009-02-12 21:04:08 <- Last post's date

    Reading through this was wonderful amusement.

    2009-03-28 20:58:08
    2009-04-13 12:23:39
    I was able to install John using the package manager in Ubuntu. Either Synaptic or directly for the impatient with
    sudo apt-get install john

    A couple of years ago I would have thought that it would be very strange to ship a tool like this with the operating system, right there at your fingertips with a minimum of effort. If there was one tool I had to spend time googling and downloading manually, this would be it - and yet, no, there it is, right there! But then, I guess that's just the Linux way isn't it? To have everything instantly at your fingertips.

    Anyway I digress.

    Once it was installed I noticed it was in my path so it was fully usable immediately, by typing "john" anywhere at all.

    Furthermore, to view the more up to date manual of course you can type
    man john

    or even
    info john

    And there's always the obvious:

    which lists all the usage options.

    For those wondering how long it will take them, here is how John performs on my system. Note that I had a lot of other processes running, particularly during the "Standard DES" benchmark:

    /tmp$ john -test
    Benchmarking: Standard DES [48/64 4K]... DONE
    Many salts: 220646 c/s real, 241936 c/s virtual
    Only one salt: 230348 c/s real, 230810 c/s virtual

    Benchmarking: BSDI DES (x725) [48/64 4K]... DONE
    Many salts: 8097 c/s real, 8488 c/s virtual
    Only one salt: 7541 c/s real, 7633 c/s virtual

    Benchmarking: FreeBSD MD5 [32/32]... DONE
    Raw: 4092 c/s real, 4209 c/s virtual

    Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
    Raw: 253 c/s real, 253 c/s virtual

    Benchmarking: Kerberos AFS DES [48/64 4K]... DONE
    Short: 229273 c/s real, 229273 c/s virtual
    Long: 644147 c/s real, 648035 c/s virtual

    Benchmarking: NT LM DES [48/64 4K]... DONE
    Raw: 1847948 c/s real, 1847948 c/s virtual

    It broke the password "cat" instantly.
    Testing against a real password file with proper passwords, it's got nothing so far. The passwords are alphanumeric and that might be the cause; I could have to switch to brute force (although I'm in no rush).
    It's been going for an hour now, so this could take a week or two, I don't know as I don't normally do this sort of thing.

    I already have a list of all the passwords in the file so i will know whether it got it right. They're all semi-difficult passwords like red69apple; I suppose that's adequate for most purposes.

    I'm sure this goes without saying but if you have to ask "Can this break into a friend's MSN account" then please stop being an idiot. If you want to be a hacker then learn a programming/scripting language, then you won't have to ask questions like these.

    If it's not important enough to you to learn a new language, re-evaluate your goals. Go take up a sport or work on your car. Get a girlfriend. John The Ripper is not for you.

    PS I had to use javascript on to use this form, it would have been nice if it was at least mentioned somewhere near the form.
    2009-04-20 17:16:11
    Man never use apt-get for john its really outdated version you'll get in return

    Download the latest Unix source from official site http://www.openwall.com/john/

    Read doc's about compiling

    You'll gain 10x speed

    BTW its not that hard ;
    2009-04-22 08:50:38
    If you have to ask, you are not smart enough to do it. You definitely don't have the skills to penetrate the firewalls, IDS systems and other security measures deployed by the aforementioned entities, hack in to their database, find the tables that old the passwords hashes and retrieve them and then brute force them. flash games
    2009-04-22 08:51:03
    If you have to ask, you are not smart enough to do it. You definitely don't have the skills to penetrate the firewalls, IDS systems and other security measures deployed by the aforementioned entities, hack in to their database, find the tables that old the passwords hashes and retrieve them and then brute force them. flash games
    2009-05-17 18:30:41
    ...I'm just glad I never joined this discussion board. People who look for pages like this probably aren't system admins yet. They're looking to learn; maybe become one some day. Some are looking for porn or otherwise up to no good (or trying to break into Facebook; a point of advice to those who plan to use this for illegal stuff: don't. The people you see on the news who are caught are inexperienced nerdowells just like you. Any decent system admin would know you're doing naughty things in their backyard before the program loaded to your screen. So if the trollfest in here has not soured you to JTR, a reminder that script kiddies + servers = jailtime hopefully will), but I'm sure a lot of the users that have been snubbed so rudely here are just trying to learn how to do things with their PC, or been given a legitimate task. Thats why I came in here; looking for info on this program because I have never needed to crack (legitimately or been inclined to illegally) these security features before.

    Even the Woz learned from other peoples' experience. A great man stands on the shoulder's of others. You didn't learn what you know siting in the dark with nothing but the box. You had a book, a guide, a guru. Calling people stupid every other posted comment may make you feel superior, but it only shows how ignorant you are of your own learning process.

    You don't even realize that you needed help to. When the time comes that you need it again, I can only pray you will receive a better response than those you have given.
    2009-05-18 17:54:18
    "so if you are lame don't mess with it" "No, I wont tell you how, go away" This Renegade is a complete tool. He probably thinks of himself when he is punching the puppet late at night. I should kick the snot out of him and take his lunch money.
    2009-06-30 13:50:34
    Wow - this site is cheaper than therapy! All these bad mouthed geeks and thin-skinned newbies; I must be in the right place.

    I realise that being anonymous sucks and for more reasons than Freud or Jung can name, so I promise to sign up with a real name if I spend more than 10 minutes here.

    I'm using John on Windows with a password file dumped from Pwdump2. I'm trying to set it up as a scheduled tool to scan the network for insecure passwords and such. After a bunch more scripting than a man with a life would want to do, I just discovered when testing passwords that John doesn't want to do any work with passwords over 14 characters long and happily tells me that he loaded 1 password hash (good for him) and his day is done.

    Does John only work with passwords of 14-characters or less (presumably in the LM hash) or am I missing something really obvious?

    Thanks in advance for any useful help and any entertaining assaults on my intelligence.
    2009-07-01 13:25:33
    Depends which hashing algorithm you want john to use surely? Windows doesn't store passwords over 14 characters as LM hashes so there's no point - it uses NTLM after 14 characters. N.B. Vista stores the passes as NTLM hashes by default now that they've realised that a small child can break LM hashes due to the way in which they are created.

    In fact, as I understand it, to create the LM hash the plaintext password is cut into two 7-character sections (with the 2nd one padded with 0s to make it up to 14 characters) and each section is then hashed separately and the two hashes then concatenated to form the final hash. Thus there is actually no need to use above 7 characters for breaking an LM hashed pass with John as you can just split the LM hash in two and bruteforce/dictionary attack each section independently, greatly reducing the computation time necessary.

    John apparently has inbuild detection of the hashing algorithm used to generate the ciphertext, however you can explicitly specify it using the command line switch '--format=<insert_ciphertext_format_here>' the accepted formats are given on the John man page.

    Hope that helps
    2009-07-10 00:22:33
    hi, completely new to this game.... need to crack an orange mobile account as believe my husband is playing away from home.... will john do this for me ??
    Thanks in advance
    2009-07-24 16:16:42
    if in JTR/run folder is deleted file john-384 result on cmd run will be:
    <<<No password hashes loaded>>>

    with this(john-384) file everything works. campare your jtr.rar and jtr folder if nothing is delated by antivirus.
    2009-09-28 02:21:43
    got cygwin jtb and it still wont work on xp or vista how do i make it work
    2009-09-28 06:07:05
    can you show me the unix type i cannot see it
    2009-10-07 11:06:00
    hello...how can i get a password file?
    2009-10-12 21:00:00
    This is truely incredible. I wrote this article at least ten years ago, I was fresh out of high school I believe. This isn't the first site, nor was it the last, that this article was posted on. I did not do all of the postings. It's on forums, other sites, and forwarded in emails.

    Yes, it sucks. I had only just found out what a computer was. I was 14 (yes, I graduated high school at 14). Please stop emailing me about this. Do not add me to msn. I have no interest in teaching you "how to hack". Do people even know what that phrase means? If you can't figure out how to use JTR from this and/or the manual, you're in the wrong field. Go play sports or something.
    2009-10-12 21:02:41
    I'm sorry, that was an impersonation of me, I really do want everyone to email me asking as many questions as I can. I'm eager to teach everyone. So remember, email me! Hackers Unite!
    2009-10-12 23:24:58
    It's the fourth match for John the Ripper, and I bet it ranks highly for a few other choice terms. No idea how it happened, but pretty awesome rankings.
    2009-10-13 10:07:37
    "John The Ripper Tutorial" returns this first, osix seems to do quite well in google rankings
    2009-10-19 19:13:00
    I got the list up and everything using john1701\run\john-386
    but now i dont know how to make it get to tell me my admins pass (btw : getting pass because admin forgot it and only other acc is a limited so [this is a till-pc] its pretty much useless without admin .. please reply or send message to tomz35@hotmail.com please please plaeses
    2009-10-25 05:41:41
    Can JTR be use to hack lets say youtube?
    2009-10-26 18:15:55
    If you had the password hashes stored in the db, maybe. But JTR takes a hash and checks each password against the hash until it finds a match. So JTR was meant to be used once you have access to the system and the password file.
    2009-11-02 03:10:21
    this tutorial is lame ! I like the part where he say : Ok, ok, I'm just lazy. Shoot me. !
    so why did u do this tutorial ?! :)))
    skids die in hell !
    2009-11-13 15:22:52
    Hello, how does it work in EBCDIC password?
    2009-11-13 20:09:47
    need to install john for my homework, i just need to pass this homework. what do i type in the command line after copying the files under the run folder to a separate directory? btw, i'm not a tech guy, and i am using windows xp.
    2009-11-30 16:47:09
    Hi everyone. Is there a way that jtr shows me or list only the uncracked hashes?
    2009-12-02 02:54:26
    Hi people, the same as anonymous above.I have to merge all my pf, use jtr and save only the uncracked. My question is if there is there a command or a way to do so
    2009-12-23 07:51:23
    How much time does it need to crack a password in incremental mode + numbers and letters and some secial characters ? It brake password with just numbers for less then 10 minutes but can not brake letters and numbers for 22 hours!
    2009-12-27 22:21:03
    about JTR, if you tried a brute force alpha but without succes
    but you need to find it so you do bruteforce all char that would mean that all JTR would try all the alpha combinations to because alpha is a part of all. is there a way to say that JTR can skip all the combinations that only contain alpha chars?
    2010-01-01 23:51:09
    How do you chmod it under Windows98? Sometimes it gives you a chmod error.
    2010-01-06 06:40:48
    what the fuction of jtr?and it's can use in windows XP
    2010-01-07 22:21:01
    Wow so many script kiddies that don't even know how to use a command line. to all the Anon's saying this is lame, you are all lame and stupid. If you can't figure it out jst go load your GUI up and go back to playing video games
    2010-01-13 12:51:37
    >what the fuction of jtr?and it's can use in windows XP

    To crack weak passwords. Yes you can run it from Windows XP.
    2010-01-13 12:53:48
    > Can JTR be use to hack lets say youtube?

    No. Well, I dont know what hash function youtube stores its users passwords in, but I suspect you wont get far asking the company to provide them to you.
    2010-02-16 14:08:35
    Excellent proggie. It actually works. It gave me the password in 3 days time.
    I'm looking for a multiprocessor version for Windows.
    2010-02-18 08:16:18
    will JTR work on .plist files?
    2010-02-19 03:02:03
    thanks for the tutorial it worked great. if theres someone who cant follow this simple tutorial they definately shouldn't be using John the Ripper.
    2010-02-24 17:16:21
    Just a quick tip:

    For people over the last 3 years coming here and asking the same questions, NO! It will NOT work on ANY website without ANY knowledge of programming or scripting. So, screw off.

    Another thing, JTR is NOT an interface-based program. If you don't know how to get to cmd, piss off. If you don't even know what cmd is, piss off.

    For people that actually know what they're talking about, yes this can be very useful for password recovery, more mainly used for a *NIX system, in my opinion, as the password files need to be constructed as such.

    If you're looking for a password recovery tool that can be used for Windows passwords, you can use something called "Cain & Abel."

    Good tutorial.

    2011-02-26 05:50:19
    How could I use it to Brute force to a another PC on my network? Btw really nice article.
    2011-03-04 10:51:11
    nice article, too bad it kinda sux for beginners since there are no screen shot.
    2011-03-11 11:45:15
    Yes, it should not be used by beginners. Use this instead:
    2011-04-05 20:40:50
    2011-04-16 00:02:56
    Hey.... I need the password to arsha_jackson@yahoo.com I am willing to pay 100.00 dollars for it by paypal... if you can assist me with this reply to greanpenniez@yahoo.com thanks.
    2011-05-05 05:03:24
    I bloged about password cracking and John the Ripper here: http://codebazaar.blogspot.com/2011/05/why-we-need-strong-p4ssw0rds.html
    2011-05-09 01:00:18
    if someone crack this .htpasswd it will be great, I couldnt manage it with JTR on win xp, it just sucks, nothing happened.

    2011-05-10 08:05:50
    2011-05-10 10:20:24
    if someone crack this .htpasswd it will be great, I couldnt manage it with JTR on win xp, it just sucks, nothing happened.Dress code or more accurately are written and more often not unwritten rules with regards to clothing Clothing like other aspects of uman physical appearance has a social significance different rules
    2011-05-19 19:44:14
    Hi , where do i have to put "crackme.txt" JTR can't find it even in "...\RUN\crackme.txt"
    2011-06-05 13:20:27
    REally piss poor attempt. The author has shown their limited skills and tried to act "elite" by saying "I wont show you". For the learners among here, there are much better tutorials, including on youtube where the educator is respectful and knows what they are doing
    2011-06-22 17:22:15
    hey how can i add the crack file i put john crack.txt and it says it is not a runable program
    Anonymously add a comment: (or register here)
    (registration is really fast and we send you no spam)
    BB Code is enabled.
    Captcha Number:

    Blogs: (People who have posted blogs on this subject..)
    PSP on Mon 7th Sep 10am
    I was going to write an article on PSP NIDS, but when i started doing it, it felt as if it dropped a little short of what i wanted it to be, and wasn't particularly long (or interesting to people not associated with the PSP Scene). I did write about it
    Backdoor.W32.Small.PF Analysis on Mon 7th Jan 3am
    Malware Analysis on Sun 5th Aug 3am
    Hello all, in here (http://iamhalsten.thecoderblogs.com/200 7/07/23/malware-analysis/) you can find my latest analysis paper for a malware I've analyzed. The paper is extensively and comprehensively documented. Have fun reading it. -- halsten http://i
    AVG's Restore File As... on Wed 30th Aug 1pm
    It is possible to restore infected files from the vault to the 'computer' using the option 'Restore File As'. So I restored as 'blah.xyz' the wmf file AVG found the other day and I put it on the desktop. My surprise was to discover that AVG restored

    Test Yourself: (why not try testing your skill on this subject? Clicking the link will start the test.)
    Cryptography by TroPe

    This test will cover Symmetric cryptography, public keys, key management, and some questions on cryptanalysis. If you know a little something about Crypt stuff, give this test a shot!

    Your Ad Here
    Copyright Open Source Institute, 2006