John the Ripper in Action
John is really easy to use, you just type “john” and the password file to crack and John takes off running. John will attempt to automatically detect the hashes from the password file. If it can’t it will prompt you to enter the correct encryption format using the “--format=” command. The following screenshot is an example of cracking a large SHA1 password dump using John:
➢ john [password_hash_list] --format=Raw-SHA1
As I mentioned earlier, for a CPU based cracker, John is fast. In the example above, I fed John a list of over 16 million hashes. It found over 2 million of the passwords I was trying to crack in about 15 minutes. After that, it just spun its wheels with no real progress. At this point I could have used some of John’s more advanced features to crack the list, but instead I moved on to Hashcat.
When you do crack a password hash file, any credentials that are recovered are stored...