Comprehensive Guide to John the Ripper. Part 7: Johnny – GUI for John the Ripper
Table of contents
In the previous parts, we have already learned about some of John the Ripper's features and options, as well as help files that generate hashes. But this is not all – we have not even considered all the helper files, a separate part will be devoted to them, in the same way as separate parts will be devoted to John the Ripper's options and its configuration files. That is, using this program is not very easy. In addition, not all users, especially Windows users, feel confident about the command line.
Johnny, a graphical interface for John the Ripper, was created to address these issues. In general, I do not really like graphical interfaces for powerful console utilities, since the GUI functionality is always less than the original program capabilities, flexibility is lost, some options in the graphical interface may not be implemented. And, most importantly, not knowing the meaning of the options and not understanding the features of various attacks, an inexperienced user will still not be able to reveal even the potential provided in the GUI. That is, if you do not know how to use the program at all, then even the GUI may not help you.
Nevertheless, Johnny is quite a thoughtful and very functional program, which, in addition to the existing capabilities of John the Ripper, tries to simplify the work with sessions, generate a file hash for cracking a password, and so on.
- automates hash generation
- makes it easier to run brute-force for users not familiar with the command line
- automates work with sessions
- there is no way to add your own command line options
- some options are not implemented, for example, temperature control
- it is impossible to view the status of the current session in interactive mode
You should understand that Johnny is only a program window that, depending on the options you choose, runs a command with John the Ripper, reads the result, processes it and shows you in its window. That is, in addition to installing Johnny, you also need to install John the Ripper. Moreover, everything said in the first part about installing drivers also applies to Johnny.
That is, the installation algorithm is as follows:
- Installing the driver for the video card
- Installing John the Ripper
- Installing Johnny
We will not dwell on the installation of drivers and John – if you have questions about these steps, then refer to the first part.
Installation on Kali Linux
sudo apt install johnny
Installation on Debian, Linux Mint, Ubuntu
sudo apt update sudo apt install g++ git qtbase5-dev git clone https://github.com/shinnok/johnny.git && cd johnny export QT_SELECT=qt5 qmake && make -j$(nproc)
Installation on BlackArch
The program is pre-installed on BlackArch. To install in minimal builds run:
sudo pacman -S johnny
There is currently an outdated version in the BlackArch repositories, to compile from the latest version source run the following commands:
sudo pacman -S gcc git qt5-base git clone https://github.com/shinnok/johnny.git && cd johnny export QT_SELECT=qt5 qmake && make -j$(nproc)
John the Ripper and Johnny for Windows can be downloaded from the official site as executable files. To get started, simply unpack the John the Ripper archive and perform a simple Johnny installation. But installed in this way John will not be able to use the video card for brute-force. The installation method shown below will make it possible to crack passwords using both the CPU and the GPU.
Start by installing Cygwin – go to the official website https://www.cygwin.com/ for that, download the setup-x86_64.exe file and install. If something is not clear about Cygwin, then for all the details, see the article “How to get started with Linux commands on Windows: Cygwin”.
Download the winX64_1_JtR.7z file from https://github.com/openwall/john-packages/releases/tag/jumbo-dev.
Unzip the contents of this archive into the C:\cygwin64\home\<USERNAME> folder, for example, my username is MiAl, so I unpack it to C:\cygwin64\home\MiAl\. Please note that you need to create a folder and copy files into it on behalf of a regular user, because during its work John the Ripper will try to write data to a .pot file in the same folder where the program is running. If you copied the JtR folder in the file manager with elevated rights, then this folder will belong to the Administrator and it is impossible to write anything into it or change the rights to it.
Now in the folder C:\cygwin64\home\<USERNAME>\JtR\run\ find cygOpenCL-1.dll file and rename it to cygOpenCL-1.dll.bac.
Then in the c:\Windows\System32 folder find the OpenCL.dll file and copy it to the C:\cygwin64\home\<USERNAME>\JtR\run\ folder.
Then, in the C:\cygwin64\home\<USERNAME>\JtR\run\ folder, rename the OpenCL.dll file to cygOpenCL-1.dll.
Then the same procedure must be repeated for the file in the C:\cygwin64\bin\ folder. That is, in the C:\cygwin64\bin\ folder, find cygOpenCL-1.dll and rename it to cygOpenCL-1.dll.bac. Then find the OpenCL.dll file in the c:\Windows\System32 folder and copy it to the C:\cygwin64\bin\ folder. Finally, in the C:\cygwin64\bin\ folder, rename the OpenCL.dll file to cygOpenCL-1.dll.
So that you understand why we are doing all this, take a look at the cracking speed on the central processor:
And on the speed of hacking on the video card, which became available thanks to the actions shown above with the substitution of files:
Make sure the installation was successful and that John can work with the video card:
To install Johnny open Cygwin – we'll be compiling Johnny from source.
curl https://raw.githubusercontent.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg install apt-cyg /bin
See also: apt-cyg – apt for Cygwin
apt-cyg install gcc-g++ git libQt5Core-devel make libQt5Gui-devel libGL-devel xorg-server xinit
Download the source code and compile the program:
git clone https://github.com/shinnok/johnny && cd johnny export QT_SELECT=qt5 qmake-qt5 && make -j$(nproc)
Run like this:
startxwin & export DISPLAY=:0.0 ~/johnny/johnny
Let's look at some examples of how to start password cracking on Windows in Johnny.
If you compiled Johnny from source, then the program will show them in Unix (Linux) style instead of the usual Windows paths and disks, so to make it easier for you, it is recommended to at least briefly familiarize yourself with Cygwin, at least read the section “How to access disks in Cygwin”.
I placed my test files for cracking passwords in the C:\cygwin64\test\ folder, that is, for Cygwin, this is the /test path.
Johnny uses various helper programs and scripts to generate hashes, many of which are written in Python. Some of them are written in Ruby, Perl, or compiled programs. In order for you to be able to extract hashes from files for cracking, you need these environments to be installed. If you compiled Johnny from source, then these scripts use the interpreters in Cygwin. If you are using a version compiled for Windows (downloaded the installation file from the official site) Python and other interpreters must be installed on the system. Just in case, here are the relevant installation links:
- How to install Python and PIP on Windows 10. How to set up Python as a web server module
- How to install and use Ruby on Windows
- Installing Perl on Windows
The hash extraction scripts themselves are not supplied with Johnny, so before using the hash extraction function, you need to specify the path to the John the Ripper executable.
Let's start the X server:
Press Enter to see the command line prompt.
Let's set the value of the DISPLAY variable:
The main window of the program:
First of all, go to the Settings tab and specify the path to the John the Ripper executable.
If you installed the programs according to the instructions above in Cygwin, then the path to the executable file will look like /home/USERNAME/JtR/run/john.exe, for example, /home/MiAl/JtR/run/john.exe.
You can find out the path to the executable file on your system by running the following command:
Suppose I want to crack the password of an encrypted archive file-rar5.rar. You need to start by generating a hash that John the Ripper understands. To do this, in the menu, click “Open password file” → “Open other file format (*2john)”.
In “Choose file format” select the type of file for which you want to crack the password.
In “Save hashes to” specify any location where the generated hashes will be saved.
When you click on the button, the following window will open:
Double click on “/” to navigate to the root of the Cygwin filesystem. Then choose where you want to save the file. For example, in your user's home folder. Also come up with a name for the file.
Then provide the path to the file you want to crack.
When everything is ready, click the “Convert” button.
If all goes well, the hash will be added to Johnny's window under the Passwords tab.
Note that this hash is defined as two possible formats:
From the previous parts, you already know that they differ in that the first format means brute-force on the CPU, and OpenCL means brute-force on the GPU.
To select brute-force on a video card, go to the “Options” tab and select the desired variant in the “Current hash format” drop-down menu:
To launch the attack, click the “Start new attack” button in the menu.
On the “Console log” tab, you can monitor the progress.
The line “Device 2: GeForce GTX 1050 Ti” indicates that brute-force is being performed on the video card.
You can verify that the specified video card is actually under load during brute-force.
If the brute-force is successful, the password will be shown on the “Passwords” tab.
By default, John the Ripper will launch Single crack mode, then Dictionary Attack, and then Incremental mode. All attacks will be executed with John's default parameters. To optimize attacks and increase the chance of a successful attack, select a specific attack mode and set its settings.
To select a dictionary attack, go to Options → Wordlist. Click “Wordlist file” and specify the path to the dictionary file. John comes with a small dictionary located in the same folder as the john executable (for example, /home/MiAl/JtR/run/password.lst).
You can download the rockyou file with the following commands:
mkdir ~/dic curl https://kali.tools/files/passwords/leaked_passwords/rockyou.txt.bz2 > ~/dic/rockyou.txt.bz2 bunzip2 ~/dic/rockyou.txt.bz2 cat ~/dic/rockyou.txt | sort | uniq > ~/dic/cleaned_rockyou.txt
To find out the absolute path to the file, run:
realpath ~/dic/cleaned_rockyou.txt /home/MiAl/dic/cleaned_rockyou.txt
You can use it as a larger dictionary than the default one.
To launch the attack, click the button in the “Start new attack” menu.
In the console, you can see that the path to the dictionary is now specified in the launch command:
/home/MiAl/JtR/run/john.exe --format=ZIP-opencl --wordlist=/home/MiAl/JtR/run/password.lst --session=/home/MiAl/.john/sessions/05-25-21-08-20-52 /home/MiAl/hashes.lst
To select a mask attack, go to Options → Mask. In the “Mask” field, enter the desired mask.
To launch the attack, click the button in the “Start new attack” menu.
To crack the captured handshake, select “wpapcap” as the File Format.
If there are multiple handshakes in the capture file, then the hashes will be extracted for all of them. If you wish, you can uncheck the hashes for which you do not want to crack the password.
Select wpapsk or wpapsk-opencl as the hash type.
Error “python: can't open file 'C:/Users/MiAl/Downloads/JtR/run/wpapcap2john.py': [Errno 2] No such file or directory”
If you try to extract the Wi-Fi hashes of the handshakes in Johnny downloaded from the official site, then you will encounter an error:
Conversion failed python: can't open file 'C:/Users/MiAl/Downloads/JtR/run/wpapcap2john.py': [Errno 2] No such file or directory
This bug is fixed in the source code (https://github.com/openwall/johnny/commit/eb0fe02f18f77386316a9279fe74670a6ba147ee), so if you compiled Johnny from source, you won't have this problem.
The bottom line is that previously it was used a Python script wpapcap2john.py, and now it is used the wpapcap2john.exe binary file. I don't know how to fix this error without recompiling.
- Comprehensive Guide to John the Ripper. Part 6: How to brute force non-standard hashes (82.6%)
- Advanced wordlist generating techniques (75.1%)
- Comprehensive Guide to John the Ripper. Part 5: Rule-based attack (69.6%)
- Comprehensive Guide to John the Ripper. Part 3: How to start cracking passwords in John the Ripper (how to specify masks, dictionaries, hashes, formats, modes) (67.4%)
- Comprehensive Guide to John the Ripper. Part 4: Practical examples of John the Ripper usage (67.4%)
- How to protect GRUB bootloader with password (RANDOM - 1%)