John the Ripper is a decrypting program for passwords. Although it has many

functions we will be looking at using it as a decryper for password files
you possess.

We will be looking at Password Files which you have put on your Hard Disk
- PREPARATION
SHORTCUT TIP FOR WINDOWS 95
PASSWORD FILES
- DECRYPTING
JTR MODES
SINGLE MODE
WORDFILE MODE
INCREMENTAL MODE
ALPHA
DIGITS
ALL
SHOW MODE – Saving the Decrypted Files
- ADVANCED COMMANDS
STOPPING JTR
RULES
SESSION and RESTORE
- JTR QUICK REFERENCE

——————–

. ———–
PREPARATION
———–
1. Download the correct version of JTR, use win32 for Win 95/98
2. Extract the zip File into a Directory
3. Make sure you have your Password Files in the same directory

—————————
SHORTCUT TIP FOR WINDOWS 95
—————————
1. Right Click on the [Start] Button, and choose Open
2. Double Click on [Programs] Folder
3. Right Click and Copy, [MS-DOS Prompt]
4. Close the [Programs] Folder
5. Right Click and Paste on the Desktop, a [MS-DOS Prompt] should appear
6. Right Click on the [MS-DOS Prompt] icon and choose Properties
7. Click on the Program Tab
8. In the box next to Working (It should have C:WINDOWS in there) Change
it to the Directory of where-ever the Program JOHN.EXE has been
extracted
9. Click on the [OK] button
10. Test what you have done by Double Clicking on the Icon, If you wish to
rename [MS-DOS Prompt] to JTR, then do so

————–
PASSWORD FILES
————–
A. Naming
I personally name my files with a p extension, some people use txt
eg If i had the password file to Dannis’, I would name it danni.p
The reason is that p stands for password file, I then name my decrypted
password files with a txt extension
It is really up to you what you name your password files, just remember
that the names should be less than 8 characters
eg likethis.p
B. Where should I put them?
Always have the password files you have found in the same directory as
JOHN.EXE, Its just easier to handle them that way

———-
DECRYPTING
———-
Depending on what JTR version you have downloaded, you have to change into
the directory JOHN.EXE is

———
JTR MODES
———
There are 3 main modes we will be dealing with
-single, -wordfile, -incremental

[KEYS]
[passfile] – this is the name of your password file
[wordlist] – this is the name of your wordlist
[output] – this is the name of the file you will name when you want to
save your decrypted passwords

———–
SINGLE MODE
———–
Single Mode attempts to find the weakest of all the passwords. This is one
of the fastest methods.

SINGLE MODE SYNTAX
john -single [passfile]
or you could use
john -si [passfile]

Example:
If you found a [passfile] and named it danni.p then you would type
john -si danni.p

Take a look at SCREEN SHOT OF A JTR SESSION

————-
WORDFILE MODE
————-
Wordfile Mode is the next quickest method. It requires the use of a wordlist
The wordlist must be in a single wordlist and not a combo list

WORDFILE SYNTAX
john -wordfile:[wordlist] [passfile]
or
john -w:[wordlist] [passfile]

Example:
If you found a [passfile] and named it danni.p and you had a [wordlist]
named mydict.txt then you would type

john -w:mydict.txt danni.p

Take a look at SCREEN SHOT OF A JTR SESSION

—————-
INCREMENTAL MODE
—————-
Incremental mode is the slowest mode and will try to decrypt every pass in
your passfile, as this can take days, months even years, I would use it as
a last resort

There are 4 basic commands we will be dealing with
digits, alpha, all, and leaving it blank

DIGITS mode
This will try to decrypt all the Passwords that are in numbers

ALPHA mode
This will try to decrypt all the Passwords that are letters only

ALL mode
This will try to decrypt all the Passwords, whether they are in numbers, in
letters or some special characters (@!^&…etc)

WITH NO MODE SELECTED
This will basically do everything to try to decrypt the password file

SYNTAX
john -i [passfile]
john -i:DIGITS [passfile]
john -i:ALPHA [passfile]
john -i:ALL [passfile]

Example:
If you found a [passfile] and named it danni.p
john -i danni.p
john -i:DIGITS danni.p
john -i:ALPHA danni.p
john -i:ALL danni.p

Take a look at SCREEN SHOT OF A JTR SESSION

When running in this mode, If you ever want to stop it push CTRL – C

————————————–
SHOW MODE – Saving the Decrypted Files
————————————–
Finally, once JTR has finished its decrypting process, you will be ready
to enjoy the results. These you will save in a file name of your choice.

SHOW SYNTAX
john -show [passfile]>[output]

Example:
If you found a [passfile] and named it danni.p, you decide you want to name the
decrypted password file or [output] to danni.txt

john -show danni.p>danni.txt

Now you can open danni.txt in a TEXT EDITOR
You will see something like this

italia:italiano
makoto:makotox
PADWICK:PADWICKH
kelley:kelleyaj
bechtel:jbechtel
mequery:queryme
seeeee:meeeee
stevewm:stevenm

8 passwords cracked, 246 left

Hopefully you will get more passwords than the example though

—————–
ADVANCED COMMANDS
—————–
Here are a few more commands which prove handy when using JTR

————
STOPPING JTR
————
If at anytime you wish to stop the decrypting process then
Hold down the [ CTRL ] key and Push the [ C ] key

—–
RULES
—–
This command is used with the Wordfile Option, without it JTR will try only
the words in your wordlist. When this is activated it will try variations as
outlined in the john.ini file. This is also quite slow

RULES SYNTAX
john w:[wordlist] -rules [passfile]

——————
SESSION & RESTORE
——————
Decrypting by now you will notice can become a long a slow process, JTR
allows you to save save and restore sessions. A session is like a snap
shot of what you are decrypting. It remembers what file you used, and
where you were at if you decide to stop it. session can be used with any
of the main modes.

SESSION & RESTORE SYNTAX
john -restore
john -restore:[session name]
john -session:[session name]

[session name] is any name you choose

EXAMPLE
——-
Lets say you want to decrypt a file named danni.p

OK you’ve used the -si mode, which was quick
With your trusty wordlist file named biglist.txt you next run the -w mode

FINAL NOTES
———–
There are many other features that JTR uses, that are Advanced, these can be
found in the DOC folder in JTR, just use a text editor to open and read them
We were only concerned with getting at least 50% of the passwords. This may
be achieved by SINGLE and WORDFILE modes
SPEED is dependant on your CPU, If you screen looks like its frozen and
doing nothing, just hit any key a couple of times, you will see a mini
progress report.
Speed is also dependant on the size of your password file and the number of
salts, A salt can be thought of as a slightly different way to encrypt a
file. As there are many ways to encrypt a single password

——————-
JTR QUICK REFERENCE
——————-
[KEYS]
[passfile] – this is the name of your password file
[wordlist] – this is the name of your wordlist
[output] – this is the name of the file you will name when you want to
save your decrypted passwords
: – whenever you see a colon then use it in the command
- – whenever you see a minus sign then use it in the command
> – whenever you see this sign then use it in the command
[] – DO NOT INCLUDE THESE IN THE COMMAND

SINGLE MODE
john -si [passfile]
WORDFILE MODE
john -w:[wordlist] [passfile]
INCREMENTAL MODES
john -i [passfile]
john -i:ALL [passfile]
john -i:DIGITS [passfile]
john -i:ALPHA [passfile]
SHOW MODES
john -show [passfile]>[output]

Loaded 254 passwords with 85 different salts (Standard DES [32/32 BS])
italia (italiano)
makoto (makotox)
PADWICK (PADWICKH)
kelley (kelleyaj)
bechtel (jbechtel)
mequery (queryme)
seeeee (meeeee)
stevewm (stevenm)
guesses: 8 time: 0:00:01:23 100% c/s: 25771 trying: zcatcatk – zcatcatz