Hot Topics
Cross-Site Request Forgery (CSRF): Complete Guide to Understanding and Prevention Cross-Site Request Forgery (CSRF): Complete Guide to Understanding and Prevention
SQLMap advanced cheat sheet for SQL injection testing SQLMap Advanced Cheat Sheet
Top 10 Vulnerability Scanners in 2026: Comprehensive Security Guide
Ultimate Recon-ng Cheat Sheet
Ultimate theHarvester Cheat Sheet

John the Ripper Cheat Sheet

Posted on by cybersamir
John the Ripper cheat sheet for password auditing and ethical hacking

John the Ripper Cheat Sheet

A comprehensive guide to hash cracking, format conversion, and rules.

1. Basic Cracking

The simplest way to start JtR. It will auto-detect the hash type.

Auto Crack

Attempts to crack using default modes and wordlists.

john hash.txt

Specifying Format

If John fails to detect the hash, specify it manually.

john –format=Raw-MD5 hash.txt
john –format=sha512crypt /etc/shadow
Pro Tip:

Use john --list=formats to see all available hash formats supported by your version.

2. Extracting Hashes (The *2john Tools)

John cannot crack raw files (like ZIP or SSH keys). You must first extract the “hash” into a text file using these tools.

Compressed Files

zip2john secure.zip > hash.txt
rar2john archive.rar > hash.txt
7z2john backup.7z > hash.txt

System & Keys

ssh2john id_rsa > hash.txt
pfx2john cert.pfx > hash.txt
putty2john key.ppk > hash.txt

Documents

pdf2john restricted.pdf > hash.txt
office2john report.docx > hash.txt

3. Wordlists & Rules

Most cracking is done using dictionaries. Rules “mutate” these words (e.g., adding “123” to the end).

Using a Wordlist

john –wordlist=/usr/share/wordlists/rockyou.txt hash.txt

Applying Rules (Mangling)

The “Jumbo” version of John has a powerful rule engine to modify words.

john –wordlist=rockyou.txt –rules hash.txt

Specific Rules

You can define custom rules in john.conf or use built-in sets like “KoreLogic”.

john –wordlist=rockyou.txt –rules=KoreLogic hash.txt

4. Advanced Modes

Incremental Mode (Brute Force)

Tries every possible character combination. Slow, but exhaustive.

john –incremental hash.txt
john –incremental=Alpha hash.txt

Mask Mode

Used when you know part of the password. (e.g., Starts with ‘Pass’, followed by 4 digits).

?d = digit, ?l = lowercase, ?u = uppercase, ?s = special.

john –mask=Pass?d?d?d?d hash.txt

Single Crack Mode

Uses the username and GECOS info (Full Name) from the hash file itself to guess passwords.

john –single hash.txt

5. Viewing & Managing

Show Cracked Passwords

John stores cracked passwords in its “pot” file. Use --show to view them.

john –show hash.txt
john –show –format=Raw-MD5 hash.txt

Restore Session

If you stopped a crack (Ctrl+C), you can resume it later.

john –restore

View John Configuration

Check which config options are active.

cat /etc/john/john.conf

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts