# Dictionnary attack
./john --wordlist=password.lst hashFile
# Dictionnary attack using default or specific rules
./john --wordlist=password.lst --rules=rulename hashFile
./john --wordlist=password.lst --rules mypasswd
# Incremental mode
./john --incremental hashFile
# Loopback attack (password are taken from the potfile)
./john --loopback hashFile
# Mask bruteforce attack
./john --mask=?1?1?1?1?1?1 --1=[A-Z] hashFile --min-len=8# Dictionnary attack using masks
./john --wordlist=password.lst -mask='?l?l?w?l' hashFile
MISC & Tricks
# Show hidden options
./john --list=hidden-options
# Using session and restoring them
./john hashes --session=name
./john --restore=name
./john --session=allrules --wordlist=all.lst --rules mypasswd &
./john status
# Show the potfile
./john hashes --pot=potFile --show
# Search if a root/uid0 have been cracked
john --show --users=0 mypasswdFile
john --show --users=root mypasswdFile
# List OpenCL devices and get their id
./john --list=opencl-devices
# List format supported by OpenCL
./john --list=formats --format=opencl
# Using multiples GPU
./john hashes --format:openclformat --wordlist:wordlist --rules:rules --dev=0,1 --fork=2# Using multiple CPU (eg. 4 cores)
./john hashes --wordlist:wordlist --rules:rules --dev=2 --fork=4
Wordlists & Incremental
# Sort a wordlist for the wordlist mode
tr A-Z a-z < SOURCE | sort -u > TARGET
# Use a potfile to generate a new wordlist
cut -d ':' -f 2 john.pot | sort -u pot.dic
# Generate candidate password for slow hashes
./john --wordlist=password.lst --stdout --rules:Jumbo | ./unique -mem=25 wordlist.uniq
--incremental:Lower # 26 char
--incremental:Alpha # 52 char
--incremental:Digits # 10 char
--incremental:Alnum # 62 char# Create a new charset
./john --make-charset=charset.chr
# Then set the following in the John.conf# Incremental modes[Incremental:charset]File=$JOHN/charset.chr
MinLen=0MaxLen=31CharCount=95# Using a specific charset
./john --incremental:charset hashFile
Rules
# Predefined rules
--rules:Single
--rules:Wordlist
--rules:Extra
--rules:Jumbo # All the above
--rules:KoreLogic
--rules:All # All the above
# Create a new rule in John.conf[List.Rules:Tryout]
l
u
...
| Rule | Description ||------------ |------------------------------------------------------- || l | Convert to lowercase || u | Convert to uppercase || c | Capitalize || l r | Lowercase the word and reverse it || l Az"2015"| Lowercase the word and append "2015" at the end || d | Duplicate || l A0"2015"| Lowercase the word and append "2015" at the beginning || A0"#"Az"#"| Add "#" at the beginning and the end of the word || C | Lowercase the first char and uppercase the rest || t | Toggle case of all char || TN | Toggle the case of the char in position N || r | Reverse the word || f | Reflect (Fred --> Fredderf)||{| Rotate the word left ||}| Rotate the word right ||$x| Append char X to the word || ^x | Prefix the word with X char ||[| Remove the first char from the word ||]| Remove the last char from the word || DN | Delete the char in position N || xNM | Extract substring from position N for M char || iNX | Insert char X in position N and shift the rest right || oNX | Overstrike char in position N with X || S | Shift case|| V | Lowercase vowels and uppercase consonants || R | Shift each char right on the keyboard || L | Shift each char left on the keyboard || <N | Reject the word unless it is less than N char long || >N | Reject the word unless it is greater than N char long ||\'N | Truncate the word at length N |