John the Ripper

Offline Password Cracker

🔐 John the Ripper क्या है?

John the Ripper (JtR) एक very fast and powerful offline password cracking tool है। इसका काम है password hashes को crack करना — यानी hash से original password find करना।

👉 Offline password cracking का सबसे popular tool — various hash types को crack कर सकता है।

🔑 John क्या-क्या कर सकता है

Hash Cracking

MD5, SHA1, SHA256 आदि hashes crack

Shadow File

Linux /etc/shadow passwords crack

Windows Hashes

NTLM, LM hashes crack करना

Wordlist Attack

Dictionary attack mode

Incremental Mode

All possible combinations try

Format Detection

Auto hash type detect करता है

⚙️ Kali NetHunter / Termux में John install

aptInstallation Commands

System Update

apt update

Install John the Ripper

apt install john

Verify Installation

john --version

💻 Basic Commands (Use)

👉 Commands को एक-एक करके use कर सकते हो:

Basic Wordlist Attack

john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

Show Cracked Passwords

john --show hashes.txt

Incremental Mode (Brute Force)

john --incremental hashes.txt

Specify Hash Type (MD5)

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

Single Crack Mode (User Info Based)

john --single hashes.txt

🌐 Real Example (Practical समझ)

Example🎯 MD5 Hash Crack Scenario

First, create hash file:

echo "5f4dcc3b5aa765d61d8327deb882cf99" > hashes.txt

(This is MD5 hash of "password")

Crack the hash:

john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md5 hashes.txt

👉 यह hash file में दिए गए hashes को wordlist से match करके passwords find करता है

📊 Output समझो

मान लो output कुछ ऐसा आता है:

Using default input encoding: UTF-8
Loaded 1 password hash (Raw MD5 [MD5 256/256 AVX2 8x3])
Warning: detected hash type "Raw MD5", but you specified: raw-md5
Proceeding with specified hash type raw-md5
password (?)
1g 0:00:00:00 DONE (2024-01-15 10:30) 1/3 (0.00g/s) 23.6Kp/s 23.6Kc/s 23.6KC/s password..123456
Use the "--show" option to display all of the cracked passwords reliably

🧠 इसका मतलब:

password

Password Found!

hash: 5f4dcc3b5aa765d61d8327deb882cf99 → password: "password"

1/3

Success Rate

1 hash cracked out of 1 total hashes

23.6Kp/s

Processing Speed

23,600 passwords per second थे test किए गए

👉 Cracking speed depends on:

  • • Hash type complexity (MD5 fast, bcrypt slow)
  • • CPU power और system performance
  • • Wordlist size और password complexity

🔥 Advanced Options

Custom Rules Mode

john --wordlist=/usr/share/wordlists/rockyou.txt --rules hashes.txt

Session Save & Resume

john --session=my_session --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

Resume Previous Session

john --restore=my_session

Format List

john --list=formats

Crack Windows Hashes (NTLM)

john --format=nt --wordlist=/usr/share/wordlists/rockyou.txt ntlm_hashes.txt

👉 यह advanced options आपको flexible cracking strategies देते हैं → success rate बढ़ती है

⚠️ Important Warning

बिना permission किसी भी hash को crack करना illegal है

Practice के लिए use करो:

  • अपने own passwords के hashes test करो
  • Practice hash generators (online MD5 tools से)
  • CTF challenges और practice labs

⚡ Time Complexity: Complex passwords (special characters, length 12+) बहुत time लेते हैं। Patience required!

🧩 Related Tools

Hydra

Online password attacks

Hashcat

GPU-accelerated cracking

CeWL

Custom wordlist generator

Crunch

Pattern-based generator

💡 Simple समझ

John = "Hash का Decoder"

यह scrambled code (hash) को original password में convert करता है — जैसे एक puzzle solve करके hidden picture दिखाई देती है।