How it works...
John (and every other offline password cracker) works by hashing the words in the list (or the ones it generates) and comparing them to the hashes to be cracked and, when there is a match, it assumes the password has been found.
The first command uses the --wordlist option to tell John what words to use. If it is omitted, it generates its own list to generate a brute force attack. The --format option tells us what algorithm was used to generate the hashes, and if the format has been omitted, John tries to guess it, usually with good results. Lastly, we include the file that contains the hashes we want to crack.
We can increase the chance of finding passwords by using the --rules option because it applies common modifications ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access