renamed cracking_john-the-ripper.md to password-cracking-john.md

cheatsheets/security/passwords/password-cracking-john.md

@@ -0,0 +1,151 @@
+---
+title: Password/Hash Cracking with John
+categories: [cheatsheets]
+tags: [cracking, passwords, john]
+---
+
+# Password/Hash Cracking - John the Ripper
+
+* [Basic Usage](#basic-usage)
+    * [Common Formats](#common-formats)
+* [Advanced Usage](#advanced-usage)
+    * [Modes](#modes)
+        * [Wordlist Mode](#wordlist-mode)
+        * [Single Crack Mode](#single-crack-mode)
+        * [Incremental Mode](#incremental-mode)
+
+
+* John: [https://www.openwall.com/john](https://www.openwall.com/john)
+* Documentation: [https://www.openwall.com/john/doc/](https://www.openwall.com/john/doc/)
+
+
+## Basic Usage:
+
+* Basic Command structure: `john [OPTIONS] <hash-file>`
+* Using a wordlist to crack
+
+```
+john --wordlist=rockyou.txt hash.txt
+```
+*  Specifying the hash-format (`--format`)
+
+```
+john --wordlist=rockyou.txt --format=md5 hash.txt
+```
+* Showing the cracked password²
+
+```
+john --show hash.txt
+```
+* Restore an interrupted session (when canceled with Ctrl-C or q)²
+
+```
+john --restore
+```
+* Start in incremental mode
+
+```
+john --incremental=<MODE> hash.txt
+```
+* Start in external mode
+
+```
+john --external=<MODE> hash.txt
+```
+
+* ² Session Information is stored in `$HOME/.john/`.
+
+### Common Formats
+
+By default, john will try to detect the hash(es) that are supplied.
+This mode can be overwritten by specifying the format with the `--format` flag.
+
+Common formats are:
+
+- raw-md5 (MD5)
+- raw-sha1 (SHA1)
+- raw-sha256 (SHA256)
+- crypt (Linux /etc/shadow hash)
+- wpapsk (WPA PSK Hash)
+- bcrypt/scrypt
+- ...
+
+
+All formats can be viewed with the following command:
+
+```
+john --list=formats
+```
+
+
+## Advanced Usage:
+
+### Modes
+
+### Wordlist Mode
+
+Simples mode, just specify a wordlist with `--wordlist=<file>`
+
+If the wordlist should be sorted, use the following command:
+
+```
+tr A-Z a-z < SOURCE | sort -u > TARGET
+```
+
+### Incremental Mode
+
+* Really powerfull mode
+* Tries all possible character combinations
+* Charset, Minum and Maximum Length must be specified
+    - Defined in johns configuration file located at `$JOHN/john.conf`
+* Must be defined as:
+
+```
+[Incremental:WPA_PSK]
+File = $JOHN/utf8.chr
+MinLen = 8
+MaxLen = 12
+CharCount = 192
+```
+* Predefined Modes are
+    - ASCII
+    - LM_ASCII
+    - Alpha
+    - Digits
+    - Lower/Upper
+    - LowerNum/UpperNum
+    - LowerSpace/UpperSpace
+
+### External Mode
+
+An external cracking MODE can be defined in `$JOHN/john.conf`.
+The sections contains source-code (subset of C) that is compiled when john is starting up in that particular mode.
+This functionality is used/applied to generate target passwords.
+
+An example would be:
+
+```
+[List.External:Filter_ASCII]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < 0x20 || c > 0x7e || i > 13) {
+		word = 0; return;
+	}
+}
+```
+
+* Supported/Called C functions
+
+```
+init()		called at startup, should initialize global variables
+filter()	called for each word to be tried, can filter some words out
+generate()	called to generate words, when no other cracking modes used
+restore()	called when restoring an interrupted session
+```
+* In the `filter()` call, the global variable word can be changed
+* if `word == 0`, the word is skipped
+