John The Ripper Cheatsheet

Cracking Modes # Dictionnary attack ./john --wordlist=password.lst hashFile # Dictionnary attack using default or specific rules ./john --wordlist=password.lst --rules=rulename hashFile ./john --wordlist=password.lst --rules mypasswd # Incremental mode ./john --incremental hashFile # Loopback attack (password are taken from the potfile) ./john --loopback hashFile # Mask bruteforce attack ./john --mask=?1?1?1?1?1?1 --1=[A-Z] hashFile --min-len=8 # Dictionnary attack using masks ./john --wordlist=password.lst -mask='?l?l?w?l' hashFile MISC & Tricks # Show hidden options ./john --list=hidden-options # Using session and restoring them ./john hashes --session=name ./john --restore=name ./john --session=allrules --wordlist=all.lst --rules mypasswd & ./john status # Show the potfile ./john hashes --pot=potFile --show # Search if a root/uid0 have been cracked john --show --users=0 mypasswdFile john --show --users=root mypasswdFile # List OpenCL devices and get their id ./john --list=opencl-devices # List format supported by OpenCL ./john --list=formats --format=opencl # Using multiples GPU ./john hashes --format:openclformat --wordlist:wordlist --rules:rules --dev=0,1 --fork=2 # Using multiple CPU (eg. 4 cores) ./john hashes --wordlist:wordlist --rules:rules --dev=2 --fork=4 Wordlists & Incremental # Sort a wordlist for the wordlist mode tr A-Z a-z < SOURCE | sort -u > TARGET # Use a potfile to generate a new wordlist cut -d ':' -f 2 john.pot | sort -u pot.dic # Generate candidate password for slow hashes ./john --wordlist=password.lst --stdout --rules:Jumbo | ./unique -mem=25 wordlist.uniq --incremental:Lower # 26 char --incremental:Alpha # 52 char --incremental:Digits # 10 char --incremental:Alnum # 62 char # Create a new charset ./john --make-charset=charset.chr # Then set the following in the John.conf # Incremental modes [Incremental:charset] File = $JOHN/charset.chr MinLen = 0 MaxLen = 31 CharCount = 95 # Using a specific charset ./john --incremental:charset hashFile Rules # Predefined rules --rules:Single --rules:Wordlist --rules:Extra --rules:Jumbo # All the above --rules:KoreLogic --rules:All # All the above # Create a new rule in John.conf [List.Rules:Tryout] l u ... | Rule | Description | |------------ |------------------------------------------------------- | | l | Convert to lowercase | | u | Convert to uppercase | | c | Capitalize | | l r | Lowercase the word and reverse it | | l Az"2015" | Lowercase the word and append "2015" at the end | | d | Duplicate | | l A0"2015" | Lowercase the word and append "2015" at the beginning | | A0"#"Az"#" | Add "#" at the beginning and the end of the word | | C | Lowercase the first char and uppercase the rest | | t | Toggle case of all char | | TN | Toggle the case of the char in position N | | r | Reverse the word | | f | Reflect (Fred --> Fredderf) | | { | Rotate the word left | | } | Rotate the word right | | $x | Append char X to the word | | ^x | Prefix the word with X char | | [ | Remove the first char from the word | | ] | Remove the last char from the word | | DN | Delete the char in position N | | xNM | Extract substring from position N for M char | | iNX | Insert char X in position N and shift the rest right | | oNX | Overstrike char in position N with X | | S | Shift case | | V | Lowercase vowels and uppercase consonants | | R | Shift each char right on the keyboard | | L | Shift each char left on the keyboard | | <N | Reject the word unless it is less than N char long | | >N | Reject the word unless it is greater than N char long | | \'N | Truncate the word at length N |