pwny.cc
Search…
Home
WEB ATTACKS
Misc
OAuth
Open Redirect
Command Injection
Local File Inclusion (LFI)
Insecure File Upload
Insecure Direct Object Reference (IDOR)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
XML External Entity (XXE)
SHELLS
Misc
Web Shells
Reverse Shells
Obfuscated Shells
SO
Linux
Windows
OTHER
Sandbox Escape
Cracking
Hashcat
John the Ripper
Powered By GitBook
John the Ripper

Tool

GitHub - openwall/john: John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
GitHub
John the Ripper Jumbo - Advanced Offline Password Cracker

Use of FILE2john

There are several scripts to convert any software format to john (keepass2john.py, zip2john.py, cisco2john.pl) located on john/run path. We use these scripts to create hash files that we can crack later with JTR.
1
#Example
2
python zip2john.py encrypted.zip > zip.hash
Copied!

John parameters

1
-f=[format] / --format=[format]
2
-w=[wordlist path] / --wordlist=[wordlist path]
Copied!

Attack examples

1
#Attack to md5 hash file
2
john -f=raw-md5 -w=/usr/share/wordlists/rockyou.txt md5.hash
3
4
#Attack to sha1 hash file
5
john -f=raw-sha1 -w=/usr/share/wordlists/rockyou.txt md5.hash
Copied!
Previous
Hashcat
Last modified 7mo ago
Copy link
Contents
Tool
Use of FILE2john
John parameters
Attack examples