John The Ripper

Complete walkthrough for this room on TryHackMe, with explanations for the answers. Learn how to use John the Ripper — An extremely powerful and adaptable hash cracking tool

Hritesh J

4 min readJul 13, 2021

Task 1 — John who?

No answer needed here, just read through and click on completed!

Task 2 — Setting up John the Ripper

What is the most popular extended version of John the Ripper?

Jumbo John

Task 3 — Wordlists

What website was the rockyou.txt wordlist created from a breach?

rockyou.com

Task 4 — Cracking Basic Hashes

Before proceeding, download all the given task files.

What type of hash is hash1.txt?

MD5

Download the hash identifier using the below command

wget https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py`

Then simply launch the downloaded hash identifier usingpython3 hash-id.py

2. What is the cracked value of hash1.txt?

biscuit

The syntax is :

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt

Make sure to add raw- to tell john you’re just dealing with a standard hash type.

3. What type of hash is hash2.txt?

SHA1

Again, this can be found using the python3 hash-id.py .

4. What is the cracked value of hash2.txt

kangeroo

Syntax:

john --format=Raw-SHA1 --wordlist=/usr/share/wordlists/rockyou.txt hash2.txt

5. What type of hash is hash3.txt?

sha256

You should have figured out how to find the type by now :wink:

6. What is the cracked value of hash3.txt

microphone

Syntax:

john --format=Raw-SHA256 --wordlist=/usr/share/wordlists/rockyou.txt hash3.txt

7. What type of hash is hash4.txt?

whirlpool

8. What is the cracked value of hash4.txt

colossal

Syntax:

john --format=whirlpool --wordlist=/usr/share/wordlists/rockyou.txt hash4.txt

Task 5 — Cracking Windows Authentication Hashes

What do we need to set the “format” flag to, in order to crack this?

nt

2. What is the cracked value of this password?

mushroom

Syntax:

john --format=nt --wordlist=/usr/share/wordlists/rockyou.txt ntlm.txt

Task 6 — Cracking /etc/shadow Hashes

What is the root password?

1234

The task file includes a single file, containing 2 lines which are obtained from /etc/passwd and /etc/shadow of the target.

Now we have to create a file named local_passwd and add the first line of etchashes.txt to it.

Create another file names local_shadow and the second line of etchashes.txt to it.

To find the hash format we use:

unshadow local_passwd local_shadow > unshadowed.txt

Now a new file called unshadowed.txt is created which we can give to John.

john --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt

We get the crack the hash!

Task 7 — Single Crack Mode

What is Joker’s password?

Jok3r

We need to add the given username Joker to the text file

In the terminal type vim hash7.txt to open the file, then press i and add the username and exit the file using :wq

Now we can find out the hash type easily if you remember from the above tasks! (the python script). And then:

john --single --format=Raw-MD5 hash7.txt

Task 8 — Custom Rules

What do custom rules allow us to exploit?

Password complexity predictability

2. What rule would we use to add all capital letters to the end of the word?

Az”[A-Z]”

All the required hints for this answer is given in the task

Az -used to append characters

[A-Z] -this includes all the upper case letters

3. What flag would we use to call a custom rule called “THMRules”

— rule=THMRules

Task 9 — Cracking Password Protected Zip Files

What is the password for the secure.zip file?

zip2john secure.zip > secure_john.txt

We make the hash in a format which zip2john understands, and pass the output file (in this case secure_john.txt )to John using john secure_john.txt

2. What is the contents of the flag inside the zip file?

unzip the file and cd into the directory

Task 10 — Cracking Password Protected RAR Archives

What is the password for the secure.rar file?

We make the hash in a format which rar2john understands, and pass the output file (in this case secure_john.txt )using :rar2john secure.rar > secure_john.txt