John The Ripper (JtR) is a password cracking program.

Basic Usage[edit]

Dumb Brute Force[edit]

To brute force a password and to have John iterate through all the possible sequences:

john --incremental --stdout

This defaults to the incremental mode parameters. You can specify a different mode, say to use only integers:

john --incremental=digits --stdout

Bruting with an External Program[edit]

You can pipe the brute force attack to an external program if for some reason you can't get John to do what you want (or can't figure it out like me).

# john --incremental=pstoken --stdout | php ps_token.php
Warning: only 95 characters available
Press 'q' or Ctrl-C to abort, almost any other key for status
461129p 0:00:00:12 0.00% 38109p/s 193943
310782743p 0:02:16:18 0.00% 38001p/s nwse1
2261868112p 0:16:37:32 0.00% 37790p/s 19247alo
4776112800p 1:11:14:38 0.00% 37643p/s bhhkjlp
5206822839p 1:14:28:20 0.00% 37594p/s wbgbc4
11620906919p 3:13:55:52 0.00% 37565p/s gum169el
31289171898p 9:15:38:00 0.00% 37522p/s gr151a3l
60311716304p 18:15:25:27 0.00% 37443p/s J33kf$
72576164735p 22:10:24:35 0.00% 37443p/s 6i j4by
78982186373p 24:10:20:30 0.00% 37417p/s lockil2342
124039752199p 38:10:27:37 0.00% 37351p/s krc200aka
198093070970p 61:13:53:35 0.00% 37232p/s kh2qvox9
252081870440p 78:10:47:15 0.00% 37190p/s azy03j2b

TODO: How do you resume?

Further Reading[edit]