What is John The Ripper ?

John the Ripper is a free password decryption tool. Originally designed for the Unix application, it can run on fifteen different platforms (eleven of which are specific versions of Unix architecture, DOS, Win32, BeOS, and OpenVMS). It is among the most widely used password-checking and cracking systems as it combines multiple passwords split into a single package, automatically scans password types, and includes custom ones. It can be used against a variety of encrypted formats including many types of crypt password hash commonly found in various versions of Unix (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT / 2000 / XP / 2003 LM hash. Additional modules have expanded their ability to enter MD4-based hashes and passwords stored on LDAP, MySQL, and others.

Types fo Attack ?

One of the methods John can use is to attack the dictionary. It takes samples of the text (usually from a file, called a glossary, containing words found in the dictionary or the original cracked passwords), encrypting them in the same way as the test password (including encryption algorithm and key), and comparing the output with the encrypted string. It can also make various changes to dictionary words and try this. Many of these changes are also applied to John's single attack mode, which changes the corresponding text (such as username with a encrypted password) and looks for variations compared to hashes.

John also offers a powerful mode. In this type of attack, the system goes through all the plaintexts, pulls one by one and compares it to the input hash. John uses the alphabet tables to try plaintext containing the most commonly used characters. This method is useful for cracking passwords that do not appear in the dictionary glossary, but takes longer to get started.

Why is Password Cracking John the Ripper legal?

What is the real purpose of John the Ripper? Includes many password cracking techniques for password cracking. Now, is it 100% guaranteed that that will work? As long as you have endless time. Only passwords that are at risk of cracking are the weak ones.

So, if you need to prove that all your passwords in your organization actually follow your password policy, you can hire a white criminal, who will probably use John the Ripper (or other software) to properly configure and use your active data clone for a few days. Output: weak passwords cracked. That will tell you two things:

1. Your password policy is strong enough.

2. Which users / services do not follow your policy properly. If so, you may want to look at the first number.

So, with that being said, I see no reason why John the Ripper should be considered illegal.

(and that could be just one reason)

Video: https://youtu.be/g5oXN4ngdSI

How To Install and Use John Tool :

Step 1 :-  First you need to Open the Linux . After installation you need to open and type the apt-get update and hit Enter. Then type the command apt-get upgrade to upgrade the termux. Install John the Ripper Tool

apt-get install john

Step 2 :-  Open John the Ripper. Installation Complete 


Step 3 :-  Cracking Password Protected ZIP/RAR Files. Next Your Zip File Password MD5 Hash File Generator

zip2john yourfile.zip>Hash.txt

Step 4 :-  Run and Decrypting MD5 Hash File

john Hash.txt

WorldList File Location