PsychoticSheepDec 5
FOSS Advent Calendar - Door 6: Cracking Passwords with John the Ripper

Today we explore John the Ripper, one of the most powerful and flexible open-source password-cracking tools. It is widely used for security testing, digital forensics, and understanding how weak passwords can be recovered.

John works by taking a password hash and trying to recover the original password. It can do this in different ways, for example through brute force, where every possible combination is tried, or through wordlists, where John tests passwords from a predefined dictionary. When the generated hash matches the original, the password is revealed.

This tool is perfect for learning about cybersecurity, testing the strength of your own passwords, or experimenting with how attackers might attempt to crack weak credentials.

Pro tip: try using both brute force and a wordlist. You’ll immediately see how effective wordlists can be compared to testing every combination.

Which hashing algorithm gives you the most headaches?

Link: https://github.com/openwall/john

#FOSS #OpenSource #Linux #CLI #Terminal #JohnTheRipper #CyberSecurity #PasswordCracking #SecurityTools #HashCracking #Pentesting #EthicalHacking #DigitalForensics #Unix #Infosec #NerdContent #TechNerds #AdventCalendar #OpenTools #FOSSAdvent #adventkalender #adventskalender
CycloneAug 26, 2025

Did you know, John the Ripper can use hashcat rules?

Unlike hashcat’s simple -r flag, JtR requires some manual setup in a conf file. @freeroute posted a step-by-step guide explaining how to do this.

https://forum.hashpwn.net/post/2718

#jtr #john #JohnTheRipper #hashcat #rules #hashcracking #infosec #howto #hashpwn

Yumechi | ゆめち   Jul 18, 2025
Trying to beat #johntheripper  on scrypt ​

Found a trick that got me 113c/s over 76c/s
CycloneMar 4, 2025

After seeing yescrypt hashes appear in CMIYC a while back, I started developing a yescrypt cracker in pure Go. Since then, yescrypt has become the default /etc/shadow hash for many popular linux distros such as Debian, Ubuntu, RHEL, Fedora, and Arch (to name a few), but hash cracking support for this algo has been limited to JtR -- until now.

Here's a sneak peek of the yescrypt_cracker POC:

https://forum.hashpwn.net/post/446

#yescrypt #hashcracking #cyclone #hashpwn #hashcat #cmiyc #jtr #johntheripper #golang

patproFeb 3, 2025

1236 emails envoyés à autant d’utilisateurisses dont j’ai pu casser le mot de passe lors d’un audit.
Si tout se passe bien, demain j’aurais de la lecture.

#hashcat #JohnTheRipper #motdepasse #RSSI

Blue DeviL // SCTDec 23, 2024

A CMD script to crack password protected ZIP, RAR, 7z and PDF files, using JohnTheRipper.

https://github.com/illsk1lls/ZipRipper

#zipcrack #password #passwordcracking #JohnTheRipper

GitHub - illsk1lls/ZipRipper: A CMD script to crack password protected ZIP, RAR, 7z and PDF files, using JohnTheRipper.

A CMD script to crack password protected ZIP, RAR, 7z and PDF files, using JohnTheRipper. - illsk1lls/ZipRipper

GitHub
halil denizNov 4, 2024

Writing Your Own Rules in John the Ripper
https://denizhalil.com/2024/11/04/custom-rules-john-the-ripper/

#cybersecurity #ethicalhacking #tools #johntheripper #cheatsheet #pentesting

Custom Rules in John the Ripper: Enhancing Password Cracking - Deniz Halil

Learn how to write custom rules in John the Ripper to enhance password cracking. Unlock the power of JtR for complex password hashes and advanced security measures.

Deniz Halil
aoAug 19, 2024
Or you can bug #chatgpt for my #bowlroll pass lol

It cracked it as soon a I told it about just the hint.

You could also #bruteforce the #pass with #johntheripper
M begins a nameJun 30, 2024

Currently 18 hours into a password file crack against one of my VMs, because WHAT WAS THAT ROOT PASSWORD I USED?

I don't care that I could have reset it within 5 minutes, *I must know*

#linux #imightbeunstable #johntheripper

stfJun 3, 2024

I was wondering if there is already #GPU #accelerated #bruteforcers for hash-to-curve
https://datatracker.ietf.org/doc/rfc9380/ out there?
and going beyond just "simple" h2c, 2hashdh prf H(pwd, H2c(pwd)^k) seems to be popular, might as well also inquire about their support. #opaque is one case where this is being used.

does anyone know?

#hashcat #johntheripper /cc @epixoip

RFC 9380: Hashing to Elliptic Curves

This document specifies a number of algorithms for encoding or hashing an arbitrary string to a point on an elliptic curve. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.

IETF Datatracker