# John The Ripper **Room Link:** ### Hash ID Great tool that the room provides, use it to identify the hash type when John can't identify the hash by itself. ``` wget https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py ``` ## Walkthrough ### Cracking Basic Hashes **What type of hash is hash1.txt?** According to hash-id MD5 is the most likely format. ``` cat hash1.txt python3 hash-id.py 2e728dd31fb5949bc39cac5a9f066498 ```

**What is the cracked value of hash1.txt?** ``` john --format=raw-md5 hash1.txt ```

**What type of hash is hash2.txt?** SHA-1 is the most likely possible hash. ``` cat hash2.txt python hash-id.py 1A732667F3917C0F4AA98BB13011B9090C6F8065 ```

**What is the cracked value of hash2.txt** ``` john --format=raw-sha1 hash2.txt ```

**What type of hash is hash3.txt?** ``` cat hash3.txt python hash-id.py D7F4D3CCEE7ACD3DD7FAD3AC2BE2AAE9C44F4E9B7FB802D73136D4C53920140A ``` ![](/files/kfsuN9wp3IeenD82IGfg) **What is the cracked value of hash3.txt** ``` john --format=raw-sha256 hash3.txt --wordlist=/usr/share/wordlists/rockyou.txt ```

**What type of hash is hash4.txt?** ``` cat hash4.txt python hash-id.py c5a60cc6bbba781c601c5402755ae1044bbf45b78d1183cbf2ca1c865b6c792cf3c6b87791344986c8a832a0f9ca8d0b4afd3d9421a149d57075e1b4e93f90bf ``` ![](/files/qOgvTdAmBcXy3US7WDcZ) **What is the cracked value of hash4.txt** ``` john --format=raw-sha512 hash4.txt --wordlist=/usr/share/wordlists/rockyou.txt ``` SHA-512 didn't work.

Hash was Whirlpool which hash-id also thought it could be. ``` john --format=whirlpool hash4.txt --wordlist=/usr/share/wordlists/rockyou.txt ```

### Cracking Windows Authentication Hashes **What do we need to set the "format" flag to, in order to crack this?** Flag should be set to NT ``` python hash-id.py 5460C85BD858A11475115D2DD3A82333 ```

**What is the cracked value of this password?** ``` john --format=nt ntlm.txt --wordlist=/usr/share/wordlists/rockyou.txt ```

### Cracking /etc/shadow Hashes **What is the root password?** ``` john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt etchashes.txt ```

### Single Crack Mode Identified the hash as MD5 and added Jokers username to the file. ``` cat hash7.txt python hash-id.py 7bf6d9bb82bed1302f331fc6b816aada vi hash7.txt ```

``` john --single --format=raw-md5 hash7.txt ```

### Cracking Password Protected Zip Files ``` zip2john secure.zip > secure_john.txt john --wordlist=/usr/share/wordlists/rockyou.txt secure_john.txt ```

### Cracking Password Protected RAR Archives ``` /opt/john/rar2john secure.rar > secure_john.txt john --wordlist=/usr/share/wordlists/rockyou.txt secure_john.txt ```

### Cracking SSH Keys with John ``` /opt/john/ssh2john.py idrsa.id_rsa > id_john.txt john --wordlist=/usr/share/wordlists/rockyou.txt id_john.txt ```

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://jeffgthompsons-organization.gitbook.io/red-team/walkthroughs/tryhackme/john-the-ripper.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.