In this part of the Useful CTF Commands series, we’ll take a closer look at another valuable tool often used in CTFs—and occasionally in real-world scenarios as well: John the Ripper (commonly known as John).
John supports a wide range of password hashes, including UNIX, Windows, Kerberos, ZIP, PDF, and more. It offers several attack modes:
- Dictionary Attack: Tries passwords from a predefined wordlist.
- Brute-Force Attack: Systematically attempts all possible combinations.
- Rule-Based Attack: Combines words from lists with rules, e.g., appending numbers or special characters.
One of John’s main strengths is its flexibility and extensibility—you can add custom wordlists, rules, or even modules to support new hash formats.
In this post, we’ll cover:
- Cracking passwords using [wordlists]
- Recovering passwords for GPG-encrypted keys
For more information take a look at the documentation of john: https://www.openwall.com/john/doc/
⚠️ Note: As always in this blog series—especially when using John—remember that it should only be used in legal scenarios, such as penetration testing or auditing your own systems. Cracking someone else’s passwords without permission is illegal.
Unix Password cracking using Wordlists
Unix Password Bruteforcing
GPG Password Cracking
$ ls ~/.gnupg/private-keys-v1.d/armored_key.asc
# 1) Convert the exported key to a John-compatible hash
$ gpg2john armored_key.asc > hash.txt
# 2) Crack the hash using John with a wordlist (e.g. rockyou, used most of the time in ctf competitions)
$ john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt