John is a password cracking tool that has multiplatform support
John is arguably an inferior tool to hashcat but is easier to work with
It supports 4 different modes. It starts with the first mode and works its way down
- Single Crack mode
- wordlist mode
- incremental mode
- external mode
Single crack mode
-single
this uses variations of account name /etc/passwd account information
It applies various hybrid alertations of the fields to creat its guesses.
Wordlist Mode
-wordlist filename
uses dictionary wordlist file with hybrid to generate permutated password guesses
This mode relies on dictionary terms for guesses
Incremental mode
-incremental
Uses brute force guessing
This tries all possible character combos to determine the password. This is a brute force attack. This mode could run forever
External mode
-external
uses an external program to generate guesses
This is optional. It relies on external programs to assist in guessing
The autosense feature within John can help determine the correct formatting needed for cracking.
It can autodetect the following formats
- Windows LANMAN
- OpenBSD’s Blowfish
- FreeBSD’s MD5
- BSDI’s extended DES
- Standard and double-length DES
The Jumbo patch adds support for Windows NT hashses.
Cracked passwords are printed on the screen and stored in the file john.pot
Make sure to delete the john.pot file if you are testing in your environment
Look for john.pot files while pentesting