This is a really basic tutorial, but if you don't know how to use John, it may just help you.

Note: This tutorial is potentially illegal, and I urge you not to use it on anything except password recovery for yourself or others (with their permission) or the testing of the security of your own passwords. I take no responsibility for anything you do with this - you're on your own if you do something bad with it.


John The Ripper is a password recovery utility, almost essential to any password cracking you have to do. It can crack more or less any password you can think of in a decent timeframe (if it's a poor password).

But how do you use such a wonderful tool? Well, I recommend downloading it to C:\John and copying all the binary files to the C:\John folder (as opposed to C:\John\bin).

Now, open command prompt, and type the following:


Not hard. Now type the word "John". It should bring up a menu of options like this:


Okay, so now what? Well, find the password you want to crack! It needs to be in standard format, IE: "admin:1aw/2g.a2" (not a real password, just an example). If you use PwDump2, it'll dump NT hashes in the proper format, and you can use those to crack.

Save the password you want to crack in a file like "pw.txt" or "password.txt" in the C:\John folder. Now to decide what method you want to use on it. John allows you to use either a wordlist or bruteforce techniques to recover passwords. Say you have a decent wordlist, and you want to try it against the file first. To do so, type the following:


This will testing the wordfile against the password file.

But, FiSh, it said it didn't find the password! My wordlist was huge! Well, if you're testing your password for its security, be proud. Users probably can't find your password in a dictionary file. High five. If your password was found in a dictionary file, consider getting a new, more secure one.

Okay, but what if it wasn't in there and you still need to recover it? Well, then you will use the bruteforcing aspect of John. Type the following:


That's it! At any point, just press a key and it will tell you how quickly it's going. To stop, press Ctrl-C. To show cracked passwords, type


If there's anything else you need to know about John, ask me here. Enjoy your new knowledge, ye hacker, you.

very good tutorial and i like the use of humor and pictures. also if u have (legit) access to the computer you can just try to find the password in the cache. of course you need admin like priveleges for this

Ah, but this lets you crack so much more. You can test your .htpasswd for weak passwords, along with other ones.

I have enjoyed Jane the stripper for quite some time .

here is another i wrote a few years back...similar with images

http://www.how-to-hack.org/intro1.html

pretty nice tutorial

http://www.governmentsecurity.org/forum/in...topic=6525&st=0

Here is another tutorial, made by our specialist RELiC. Recommended.