John the Ripper

John the Ripper is an excellent password cracker available at

This program will help system and network administrators identify users with weak passwords, and illustrate the need for secure password practices (e.g. MD5 passwords, shadow passwords, and NIS passwd maps that do not contain the password hash).

Installing on Linux:

1. wget
2. tar zxvf john-1.6.tar.gz
3. cd john-1.6/src
4. make linux-x86-any-elf
5. cd ../run (change to directory containing john executable)

Note: if you are using shadow passwords (very likely on any modern UNIX system), you will need access to the /etc/shadow file on the target system. /etc/shadow contains the password hash needed to crack the password and is by default only readable and writable by the root user.

To crack a UNIX shadow file named shadow using John's default order of cracking modes:

./john shadow

or run John in the background with a very low priority:

nice -n 20 ./john shadow &

Cracked passwords will be displayed on STDOUT (if running interactively) as well as stored in a file named john.pot. To display passwords already cracked by John, use the following command (assuming a password file named shadow):

./john -show shadow

Please employ the secure password practices listed above, and educate users on choosing strong passwords.

Back to

Last modified: 01/02/2003