Skip main navigation

Bypassing your First Password

In this video, Zanidd will explain how to use the open-source password cracking tool, John the Ripper, to crack a password.
6.7
Hello, world. I’m Zanidd, and welcome back to Hands On Passwords Cracking and Security. Today, we’re cracking our first password. To crack our password, we need john the ripper, the ripper we downloaded during the set last time then we can start cracking. What is john the ripper? John the ripper is an open source password cracking tool. We will use this tool for various reasons. One being that it’s already installed on Kali. It can do the major attacks like dictionary and brute force attacks. And it can crack many different password hashes and types. The tool itself is used in the console, and you call it with john, some options, and then ‘password_file’.
65.1
The ‘password_file’ is the file that stores the hashes that we’re trying to crack. John the ripper features multiple different cracking modes. One is the single crack mode, there’s the word list mode, the incremental mode, and the external mode. We will be mostly using word list mode and incremental mode. Incremental mode is a basic brute force attack in which will go into further in the next section. Word list mode, as the name implies, is a mode where we use the word list or a dictionary to crack the password, also known as dictionary attack, which we’ll look at later in a later section. For your first cracking, you will use a brute force attack. So, let’s get started. Crack your first password.
124.2
Last time, we cloned the gate repository which contains a lot of passwords files. Changing to the director of that repository, and then look for the easy directory. In the easy directory, there will be a file called MD5 passwords. Your first passwords will be in that file. So, your exercise right now is to try to crack the file with john the ripper using the incremental note. If you struggle with john, you can use john minus H, or man john, or just Google your problem, and you will find a solution. But to make things a little bit easier for you since we are
171.3
starting right now, this is the comment you have to enter: john–incremental, which will tell john to use the incremental mode. And then you enter the password_file all on the same line, then john will start cracking the password file. Just enter this command all on the same line in your comment
200.1
prompt using the right file: john–incremental tells john the ripper to use the incremental mode, which is a brute force attack. Then enter the path to your password_file, which would be ECMD5 passwords file, and let it run. John the ripper will then crack the passwords for you.
226.1
If you know what hash function has been used, you can even speed up the process with an additional option, but which one? I will tell you in the next section. But you can already Google for it or try it yourself. So, just try to crack the file, with john–incremental mode is in the easy and the five passwords. Once you’ve cracked the passwords, you can see what the passwords are by running another command which is john–show password_file. This will list all the broken hashes with the corresponding meaning. That’s it from today. Have fun with your exercise and good luck. Next time, we will take a look at brute force attacks, and go more into detail with john the ripper.

This step will explain how to use the open-source password cracking tool, John the Ripper, to crack a password.

We’ll be using John the Ripper for various reasons. For one, it is already installed on Kali, it can do major attacks, such as brute force and dictionary attacks.

Over to you: Using John the Ripper, attempt to crack your first password. Report back on the experience in the Comments section below.

This article is from the free online

Advanced Cyber Security Training: Hands-On Password Attacks

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education