<div class="sect1"> <h2 id="_install">Install</h2> <div class="sectionbody"> <div class="sect2"> <h3 id="_from_you_package_manager">From you Package Manager</h3> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">$ sudo apt update $ sudo apt install john</code></pre> </div> </div> </div> <div class="sect2"> <h3 id="_from_source_code">From Source Code</h3> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">$ git clone https://github.com/magnumripper/JohnTheRipper.git $ cd JohnTheRipper/src $ ./configure && sudo make -s clean && sudo make -sj4 $ cd ../run</code></pre> </div> </div> </div> <div class="sect2"> <h3 id="_addition_7z">Addition: 7z</h3> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">$ sudo apt install p7zip $ sudo apt install libcompress-raw-lzma-perl</code></pre> </div> </div> </div> </div> </div> <div class="sect1"> <h2 id="_crack_password_when_you_know_a_part_of_it">Crack password when you know a part of it</h2> <div class="sectionbody"> <div class="paragraph"> <p>Let’s say you installed JtR from source code.</p> </div> <div class="sect2"> <h3 id="_rules_and_wordlist">Rules and WordList</h3> <div class="paragraph"> <p>add this to <code>./john.conf</code>:</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">[List.Rules:myrule] # as-is : # append a number : $[0-9] # append 2 numbers : $[0-9]$[0-9] # prepend a number : ^[0-9] # prepend 2 numbers : [0-9][0-9] # prepend a number and append a number : ^[0-9]$[0-9] # capitalize c # capitalize and append a number c $[0-9] # capitalize and append 2 numbers c $[0-9]$[0-9] # capitalize and prepend a number c ^[0-9] # capitalize and prepend 2 numbers c [0-9][0-9] # capitalize and prepend a number and append a number c ^[0-9]$[0-9] # capitalize and prepend "nothing exotic" and append a number c ^[0-9A-Za-z#!]$[0-9]</code></pre> </div> </div> <div class="paragraph"> <p>I’ve added comments above the rules so you can understand the syntax. Adjust it to your needs.</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">$ echo "abcchji" > wordlist</code></pre> </div> </div> <div class="paragraph"> <p>Now, put your basic password candidates in a file (I called it wordlist). In order to apply those rules and generate your custom wordlist, call <code>john</code> specifying your <code>custom</code> ruleset in the <code>--rules</code> attribute:</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">$ ./john --wordlist=wordlist --stdout --rules:custom > longlist Using default input encoding: UTF-8 Press 'q' or Ctrl-C to abort, almost any other key for status 1282p 0:00:00:00 100.00% (2023-08-29 12:06) 42733p/s !Abcchji9</code></pre> </div> </div> <div class="paragraph"> <p>Depending on your rules, the wordlist will contain all corresponding combinations.</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">~/$ wc longlist 1282 1282 12776 longlist
~/$ cat longlist abcchji abcchji0 abcchji1 abcchji2 abcchji3 abcchji4 abcchji5 … (truncated) !Abcchji4 !Abcchji5 !Abcchji6 !Abcchji7 !Abcchji8 !Abcchji9</code></pre> </div> </div> </div> <div class="sect2"> <h3 id="_hash_and_passwird">Hash and Passwird</h3> <div class="paragraph"> <p>Now get the hash info of you zip file:</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">$ ./zip2john /path/to/your/zip_file.zip > hash</code></pre> </div> </div> <div class="paragraph"> <p>Finally, run JtR with the argument <code>--wordlist=longlist</code> against you zip file.</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-sh" data-lang="sh">$ ./john --wordlist=longlist ./hash Using default input encoding: UTF-8 Loaded 1 password hash (Zip archive encryption [SHA256 256/256 AVX2 8x AES]) Cost 1 (iteration count) is 524288 for all loaded hashes Cost 2 (padding size) is 14 for all loaded hashes Cost 3 (compression type) is 0 for all loaded hashes Cost 4 (data length) is 130 for all loaded hashes Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status !Abcchji9 (zip_file.zip) 1g 0:00:04:02 DONE (2023-08-29 12:48) 0g/s 62.34p/s 62.34c/s 62.34C/s !Abcchji4..!Abcchji9 Use the "--show" option to display all of the cracked passwords reliably Session completed.</code></pre> </div> </div> </div> </div> </div>