> For the complete documentation index, see [llms.txt](https://www.hackbook.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.hackbook.io/privilege-escalation/passwords/john.md). # John //search in kali to be safe had malware last time.\ \ \ john tgthash.txt --fork=4 -w=/usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt\ \ **decrypt an encrypted ssh key:**\ $ /usr/share/john/ssh2john.py id\_rsa > id\_rsa.d\ $ john id\_rsa.d --wordlist=../rockyou.txt\ //then still ssh with the encrypted id\_rsa but use the cracked passphrase we found\ \ John comes with an extensive configuration file where password mutations can be defined. We must modify this file to get the settings we want or just add to it if we know something.\ \# nano /etc/john/john.conf\ \ \#john --wordlist=megacorp-cewl.txt --rules --stdout > mutated.txt\ \ \ \ Hash cracking:\ \ This will tell us what the hash type is. But this type of hash crack will take a long time to complete since it bruteforces the strings.\ \# john 127.0.0.1.pwdump\ \ Using a wordlist instead:\ \# john --wordlist=/usr/share/wordlists/rockyou.txt 127.0.0.1.pwdump\ \ \ If any passwords remain to be cracked, we can next try to apply john’s word mangling rules with the –rules parameter.\ \# john --rules --wordlist=/usr/share/wordlists/rockyou.txt127.0.0.1.pwdump\ \ In order to crack Linux hashes with john, you will need to first use the unshadow utility to combine the passwd and shadow files from the compromised system.\ \# unshadow passwd-file.txt shadow-file.txt > unshadowed.txt\ \# john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt\ \ John the Ripper shadow file\ `$ unshadow passwd.txt shadow.txt > unshadow.txt`\ `$ john unshadow.db`\ `# Hashcat SHA512 $6$ shadow file`\ `hashcat -m 1800 -a 0 hash.txt rockyou.txt --username` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.hackbook.io/privilege-escalation/passwords/john.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.