John the Ripper

Classic password hash cracking tool with wordlist attacks, rules, and brute-force modes

IntermediateInteractive Dual Perspective

John the Ripper (JtR) is one of the most popular and versatile password hash cracking tools. Originally developed in 1996, it supports hundreds of hash and cipher types, making it essential for password auditing and penetration testing.

JtR uses CPU-based cracking with highly optimized algorithms. It can automatically detect hash types and choose appropriate attack strategies, or be manually configured for targeted attacks.

🔴 RED TEAM: Offensive Usage

Extract password hashes from compromised systems, crack them to gain plaintext credentials, escalate privileges, and move laterally. Use rules and mutations to crack complex passwords efficiently.

🔵 BLUE TEAM: Defensive Usage

Audit organizational password policies by testing password strength, identify weak passwords before attackers do, validate hash storage mechanisms, and measure time-to-crack for compliance reporting.

🟣 PURPLE TEAM: Collaborative Testing

Red cracks captured hashes while Blue monitors detection systems. Test password policy effectiveness, measure detection capabilities for credential theft, and improve hash storage practices together.

Interactive Simulation

Configure hash types, wordlists, and crack passwords with real-time progress

Crack Configuration

Hash Type

Attack Mode

CPU Cores (--fork)

4 cores

Apply Rules (--rules=Jumbo)

Command:

john --format=NT --wordlist=rockyou.txt --rules=Jumbo --fork=4 hashes.txt

John the Ripper

Theory & Concepts

Overview & Fundamentals

🔴 RED TEAM: Offensive Usage

🔵 BLUE TEAM: Defensive Usage

🟣 PURPLE TEAM: Collaborative Testing

Hash Types & Formats

Attack Modes & Strategies

Essential Commands

Real-World Examples

Interactive Simulation

Crack Configuration