In this video weâll demonstrate offline password cracking using John The Ripper tool.
Lets first change to the directory where John is located. Here you can see some important binaries used by John.
First weâll execute the âunshadowâ script which will merge the â/etc/passâ and â/etc/shadowâ files into a single file, called âcrack.dbâ. This file will be used by John for password brute force attack.
Letâs see the content of the crack.db file
You can see there are various option that can be used for cracking password using John.
You can see that the brute force attack we previously initiated is still under progress.
John has now discovered the password âtoorâ for the user ârootâ.
Now lets uses the ââshowâ switch to display the password in plaintext.
John stores the obtained passwords in the âjohn. Potâ file.
You can see that the dictionary attack (in console 2) has now been completed and john has revealed 4 passwords.
Youâll notice that the dictionary attack was much faster than the brute force attack ...