Cracking linux password with john the ripper – tutorial

By | May 14, 2013

John the ripper - crack passwords

John the ripper is a popular dictionary based password cracking tool. It uses a wordlist full of passwords and then tries to crack a given password hash using each of the password from the wordlist. In other words its called brute force password cracking and is the most basic form of password cracking. It is also the most time and cpu consuming technique. More the passwords to try, more the time required.

John is different from tools like hydra. Hydra does blind bruteforcing by trying username/password combinations on a service daemon like ftp server or telnet server. John however needs the hash first. So the greater challenge for a hacker is to first get the hash that is to be cracked. Now a days hashes are more easily crackable using free rainbow tables available online. Just go to one of the sites, submit the hash and if the hash is made of a common word, then the site would show the word almost instantly. Rainbow tables basically store common words and their hashes in a large database. Larger the database, more the words covered.

But still if you want to crack a password locally on your system then john is one of the good tools to try. John is in the top 10 security tools in Kali linux. On ubuntu it can be installed from synaptic package manager.

In this post I am going to show you, how to use the unshadow command along with john to crack the password of users on a linux system. On linux the username/password details are stored in the following 2 files


The actual password hash is stored in /etc/shadow and this file is accessible on with root access to the machine. So try to get this file from your own linux system. Or first create a new user with a simple password. I will create a new user on my linux system named happy, with password chess.

[email protected]:~# adduser happy
Adding user `happy' ...
Adding new group `happy' (1001) ...
Adding new user `happy' (1000) with group `happy' ...
Creating home directory `/home/happy' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for happy
Enter the new value, or press ENTER for the default
	Full Name []: 
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] y
[email protected]:~#

For demonstration purpose, its better to use a simple password so that you do not have to wait too long. Now that our new user is created its time to crack his password.


The unshadow command will basically combine the data of /etc/passwd and /etc/shadow to create 1 file with username and password details. Usage is quite simple.

[email protected]:~# unshadow

[email protected]:~# unshadow /etc/passwd /etc/shadow > ~/file_to_crack

We redirected the output of unshadow command to a new file called file_to_crack.

crack with john

Now this new file shall be cracked by john. For the wordlist we shall be using the password list that comes with john on kali linux. It is located at the following path


You can use your own password lists too.

[email protected]:~# john --wordlist=/usr/share/john/password.lst ~/file_to_crack 
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Loaded 2 password hashes with 2 different salts (sha512crypt [64/64])
chess            (happy)
guesses: 1  time: 0:00:00:21 DONE (Tue May 14 06:47:58 2013)  c/s: 300  trying: sss
Use the "--show" option to display all of the cracked passwords reliably
[email protected]:~#

So in the above command john was able to crack the hash and get us the password "chess" for the user "happy". Now john was able to crack, only because the password "chess" was present in the password list. If it were not there then john would have failed.

Use the show option to list all the cracked passwords.

[email protected]:~# john --show ~/file_to_crack 

1 password hash cracked, 1 left
[email protected]:~#

The 1 password that was left, was of user root. No password in the provided wordlist could crack it.

Without wordlist

The simpler way to crack password with john without using a password list is like this

[email protected]:~# john  ~/file_to_crack

According to the documentation

This will try "single crack" mode first, then use a wordlist with rules, and finally go for "incremental" mode.

Check the documentation on MODES.

Last Updated On : 8th August 2013

Related Post

One thought on “Cracking linux password with john the ripper – tutorial

Leave a Reply

Your email address will not be published. Required fields are marked *