John the Ripper: Jack’s Geeky Brother?
No relation to that Ripper, although the name does make John the Ripper sound like a villain from a true crime podcast. Instead of sneaking through foggy alleys in London, this Ripper lives in your terminal window, quietly breaking passwords.
John the Ripper, aka John, is a powerful, open-source password-cracking tool used by ethical hackers, red teamers, and cybersecurity enthusiasts. In this post, I’ll walk you through some installation steps and basic usage of the tool.
Installation
The first step on getting started with John is getting it installed on your system. I’m going to cover installation using a VirtualBox and a Kali Linux Distro, but if you would like to install it without then feel free to head to the Openwall website to install the program. Be sure to grab the Jumbo version as this one has more features than the other one, the Core version. Here is a link to their installation instructions.
Step 1
Head to VirtualBox and choose your package, depending on your OS. I use Windows, so I will grab that one. Once the download is finished, go ahead and run the installer and go through the steps.
Step 2
Head to kali.org and install a pre-built virtual machine. Be sure to choose VirtualBox since that is what we are using for this example. Once that is installed, open the directory where you have the file saved, and click the kali .vbox file and it should open automatically into VirtualBox.
Step 3
Start your Kali instance by clicking “Start” at the top, enter these login credentials:
User – kali
Password – kali
Now, let’s make sure John the Ripper is installed. It usually comes pre-installed with Kali, but just to be sure, open a terminal and type:
johnIf it runs without issues and you see something similar to the screen below—voilà! You’re all set and ready to have some fun.
──(kali㉿kali)-[~]
└─$ john
John the Ripper 1.9.0-jumbo-1+bleeding-aec1328d6c 2021-11-02 10:45:52 +0100 OMP [linux-gnu 64-bit x86_64 AVX2 AC]
Copyright (c) 1996-2021 by Solar Designer and others
Homepage: https://www.openwall.com/john/
Usage: john [OPTIONS] [PASSWORD-FILES]
Use --help to list all available options.
Basic Usage
One thing to note is that we are going to be using the rockyou.txt as a wordlist to compare the hashes to. This list contains over 14 million commonly used passwords and it was extracted from the RockYou data breach in 2009. This .txt file will come with your Kali instance so there is no need to download anything.
Now that we have everything setup, lets start cracking some hashes. The basic syntax for commands are
john [options] [file path] - john: This calls John the Ripper
- options: Choose the cracking mode, wordlist, format, etc.
- filepath: This is the file that has the hash you want to crack
I want you to create a directory on your desktop in your VM and call it “hashes”. In here, create 2 separate files and 1 hash in each of them. Here are the hashes:
c378985d629e99a4e86213db0cd5e70d75328ef481b4a7a0b3513179d2780c64d9ae2186Now lets run through how to crack these. In your terminal, navigate to where you stored the hashes. Let’s try entering in the following command:
john --wordlist=/usr/share/wordlists/rockyou.txt hash1.txtYou will notice that nothing happened and should see some warnings or errors.
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "Raw-SHA1-AxCrypt"
Use the "--format=Raw-SHA1-AxCrypt" option to force loading these as that type instead
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "Raw-SHA1-Linkedin"
Use the "--format=Raw-SHA1-Linkedin" option to force loading these as that type instead
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "ripemd-160"
Use the "--format=ripemd-160" option to force loading these as that type instead
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "has-160"
Use the "--format=has-160" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (Raw-SHA1 [SHA1 256/256 AVX2 8x])
No password hashes left to crack (see FAQ)
This is because ol’ John occasionally does not automatically recognize the hash. Because of this, we are going to need to identify the hash first before going forward. Let’s use a free online hash identifier here. Once on the website, just put in your hash and it will tell you the type of hash. Now that we know the type of hash1, we can specify the type in the terminal and hopefully crack the hash and get the password. Let’s update our command in the terminal.
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txtUsing default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8x3])
Warning: no OpenMP support for this hash type, consider --fork=2
Press 'q' or Ctrl-C to abort, almost any other key for status
chocolate
1g 0:00:00:00 DONE (2025-05-15 13:19) 100.0g/s 38400p/s 38400c/s 38400C/s 123456..michael1
Use the "--show --format=Raw-MD5" options to display all of the cracked passwords reliably
Session completed.
IT WORKED! We got a hit, we are the best hacker to ever walk the planet. You can see that when John compared the hash to the rockyou.txt, it got a match — chocolate. Hash number 2 is a little different, but we should be able to get a match. Let’s first figure out the type of hash from the link posted above. This time, it’s different, so we will need to adjust our command in the terminal.
john --format=raw-sha1 --wordlist=/usr/share/wordlists/rockyou.txt hash2.txtUsing default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8x3])
Warning: no OpenMP support for this hash type, consider --fork=2
Press 'q' or Ctrl-C to abort, almost any other key for status
bubbles
1g 0:00:00:00 DONE (2025-05-15 13:19) 100.0g/s 38400p/s 38400c/s 38400C/s 123456..michael1
Use the "--show --format=Raw-MD5" options to display all of the cracked passwords reliably
Session completed.
We updated the format to “sha1” instead of “md5” this time to account for the hash type and we got another hit — bubbles.
Next Steps
These are just the basics — John the Ripper is a powerhouse with a lot more to offer. To go further with John the Ripper, explore features like single crack mode, which uses login information to generate smart guesses, and create custom rules in the john.conf file for more targeted attacks. John can also crack passwords on protected ZIP files, SSH private keys, and other file formats when using the Jumbo version.