Password cracking with John the Ripper on Linux

How to crack Linux passwords using john the ripper?

Crack Linux password using brute-force attack. It will consume CPU and time.

How to Crack Linux password , Follow below steps to crack Linux password using brute-force attack

Installation procedure in Debian or Kali Linux

#apt-get install john

Centos / Redhat & Fedora

You can choose a suitable package to OS version at

#rpm -ivh

We are going to create a Linux account(test) to crack the password using the tool john the ripper. For the demo purpose, we are assigning test account password test123

#useradd test
#passwd test

There are two files maintain by the operating system to store user schema: /etc/passwd and password encrypted : /etc/shadow

shadow : – Stores, passwords encrypted
passwd : – Stores user profile details and associated home folder

Let’s create a folder “/demo” to copy /etc/passwd & /etc/shadow files to /demo

#mkdir /demo
#cd /demo
#cp -rp /etc/passwd /etc/shadow

The password list database of the Kali Linux located in /usr/share/wordlists/ or you can copy from online.

Under the /usr/share/wordlists/rockyou.txt by default it’s .gz format , we are going to use rockyou.txt to crack the password.

There are other password list database files for a variety of services, we are going to use rockyou.txt

Switch to
#cd /usr/share/wordlists/

#gunzip rockyou.gz

Below command will show you the line count of rockyou.txt file
#wc -l rockyou.txt

Run the command ‘unshadow’ , it will combine two files (passwd and shadow) and redirect the output to a file. “>” The symbol used to redirect the output to a file.
#unshadow passwd shadow > mypass

Run the command “ls” to list the files . I shoud find the file “mypass”

Brute-force the password attack through a password file which contain well known passwords. It may take hour , day or week based on password complexity

#john –wordlist=/usr/share/wordlists/rockyou.txt mypass


Use –format-crypt

#john “–format=crypt” –wordlist=/usr/share/wordlists/rockyou.txt mypass

Once the password cracked, below command list the cracked passwords

#john –show mypass

John the ripper perform the operation in the workspace .john under /root/

#cd /root/.john



Watch , Password cracking with John the Ripper on Linux

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + = 12