|
|
@@ -7,6 +7,7 @@ tags: [cracking, passwords, john]
|
|
|
# Password/Hash Cracking - John the Ripper
|
|
|
|
|
|
* [Basic Usage](#basic-usage)
|
|
|
+ - [Common Formats](#common-formats)
|
|
|
* [Advanced Usage](#advanced-usage)
|
|
|
- [Modes](#modes)
|
|
|
- [Wordlist Mode](#wordlist-mode)
|
|
|
@@ -37,9 +38,39 @@ john --show hash.txt
|
|
|
```
|
|
|
john --restore
|
|
|
```
|
|
|
+* Start in incremental mode
|
|
|
+```
|
|
|
+john --incremental=<MODE> hash.txt
|
|
|
+```
|
|
|
+* Start in external mode
|
|
|
+```
|
|
|
+john --external=<MODE> hash.txt
|
|
|
+```
|
|
|
+
|
|
|
|
|
|
* ² Session Information is stored in `$HOME/.john/`.
|
|
|
|
|
|
+### Common Formats
|
|
|
+
|
|
|
+By default, john will try to detect the hash(es) that are supplied.
|
|
|
+This mode can be overwritten by specifying the format with the `--format` flag.
|
|
|
+
|
|
|
+Common formats are:
|
|
|
+
|
|
|
+- raw-md5 (MD5)
|
|
|
+- raw-sha1 (SHA1)
|
|
|
+- raw-sha256 (SHA256)
|
|
|
+- crypt (Linux /etc/shadow hash)
|
|
|
+- wpapsk (WPA PSK Hash)
|
|
|
+- bcrypt/scrypt
|
|
|
+- ...
|
|
|
+
|
|
|
+
|
|
|
+* All formats can be viewed with the following command:
|
|
|
+```
|
|
|
+john --list=formats
|
|
|
+```
|
|
|
+
|
|
|
|
|
|
## Advanced Usage:
|
|
|
|
Hans Martin