John
John the Ripper is a versatile password cracking tool. It can automatically detect the hash type and use various methods, including dictionary attacks and brute-forcing, to recover plain-text passwords from their hashed representations. Many different file types and services have companion scripts (*2john) to extract crackable hashes.
Basic Usage
Cracking SSH Private Keys
First, use the ssh2john.py script to extract the hash from a password-protected SSH private key. Then, use John the Ripper to crack the extracted hash.
python3 ssh2john.py SSH.private > ssh.hashTo view the cracked password after a successful attempt, use the --show flag.
john ssh.hash --showCracking Protected Office Documents
Use the office2john.py script to extract the hash from a protected Microsoft Office file, such as a .docx document.
office2john.py Protected.docx > protected-docx.hashNext, run John against the resulting hash file with a wordlist to find the password.
john --wordlist=rockyou.txt protected-docx.hashCracking Protected PDF Files
The pdf2john.pl script converts a password-protected PDF file into a crackable hash format.
pdf2john.pl PDF.pdf > pdf.hashThen, use John with a wordlist to crack the PDF's password.
john --wordlist=rockyou.txt pdf.hashCracking Protected ZIP Archives
To crack a password-protected ZIP file, first use zip2john to generate a hash from the archive.
zip2john ZIP.zip > zip.hashThen, use John with a wordlist to find the password for the ZIP file.
john --wordlist=rockyou.txt zip.hashCracking BitLocker Encryption
The bitlocker2john script extracts recovery key data from a BitLocker-encrypted volume, such as a Virtual Hard Disk (.vhd) file.
bitlocker2john -i Backup.vhd > backup.hashesAfter extracting the hash, you can use John to attempt to crack it, typically with a wordlist or other cracking modes.
john --wordlist=wordlist.txt backup.hashes