Teaching John The Ripper how to Crack MD5 Hashes
15 Comments Published January 17th, 2008 in Linux, howto, securityToday I was playing around with the well known password cracking tool John the Ripper (JtR) and was looking forward to crack some MD5 hashes. Unfortunately, John still not supports raw-MD5 out of the box and so I was searching the web for a solution. It took me some minutes until I found out, that there are unofficial patches for John’s source code and so I simply patched it and tried to compile. For any reason, I run into problems (doesn’t matter now what problems 
) and even after about half an hour searching the web for a solution I didn’t find anything. Then a few minutes later I found a simple howto for how to patch and compile John so that you won’t have any problems. The site which solved my problem was gurx.net and I couldn’t find it faster because it’s not written in English nor German. Now of course I’ll show you how to do it the gurx.net-way but with support for even many more algorithms than just MD5.
mkdir john
cd john
wget http://www.openwall.com/john/f/john-1.7.2.tar.bz2
tar -xvf john-1.7.2.tar
cd john-1.7.2
wget ftp://ftp.openwall.com/pub/projects/john/contrib/john-1.7.2-all-9.diff.gz
gzip -d john-1.7.2-all-9.diff.gz
patch -p1 < john-1.7.2-all-9.diff.gz
cd src
make
make clean linux-x86-any
Now you can use John out of the “run” directory.
./john -format=raw-MD5 /home/disenchant/md5_hashes_to_crack.txt
raw-MD5 means that you’ve got an input file (/home/disenchant/md5_hashes_to_crack.txt) like the following:
Alice:5f4dcc3b5aa765d61d8327deb882cf99
Bob:1c0b76fce779f78f51be339c49445c49
…
PS: My machine’s a Xubuntu Edgy but this should work with any Linux box 
15 Comments to “Teaching John The Ripper how to Crack MD5 Hashes”
- 1 Pingback on Apr 14th, 2009 at 1:12 am
Thank you, very helpful. Do you also have knowledge in building “clusters” with JtR? If so and if you know a good URL/Doc/Book/whatever, I’d appreciate it.
Hi Daniel,
it’s possible to build clusters for JtR but I never tried it yet. I think the following two papers will be helpful:
BackTrack John The Ripper MPI Instant Cluster
Parallelization of John the Ripper (JtR) using MPI
hi there,
i just get a hashed password from a VB forum.
b469daea560ba1c221f6532352742aac
the password is hashed in this way
MD5(MD5(pass).salt)
so do you think JTR can crack this passowrd? i have a database of users hashed passwords and each corresponding salt
where i can find this model [MD5(MD5(pass).salt)] in JTR?
Hi huraimel,
I’m very sorry but I don’t know if this is possible and if it is, I don’t know how to do it
If you find a solution, let me know.
Hi huraimel,
it seems, that according to the list of supported hashes, the tool PasswordsPro supports this kind of salted md5 hashes you’d like to crack.
sweet, cheers
just a note.. its now john-1.7.2-all-12.diff.gz
does this include MYSQL cracking too?
thanks!
Hi Tommy,
thanks for letting me know about the new patch
Yes it does include MySQL cracking.
Hi Disenchant,
Your post on how raw-MD5 text file should look like was extremely helpful. The new patch now has hmac-md5. Do you know how it has to be stored in order to be given it as an input to john.
Hi Ananth,
sorry I didn’t try hmac-md5 until now but if I find the correct syntax, I’ll post it into my blog
Thanks a lot for that. I have been trying for a couple of days now and could not break it. Looks like we need to have a # before the hex code.
Thank you very much!
This post saved me a lot of time
John is good for those stubborn hashes that you can’t crack with either rainbow tables or online MD5 Hash crackers.
I usually go about cracking hashes in this order:
1. Online crackers like http://www.netmd5crack.com
2. Wordlist attacks using something like cain and able
3. Rainbow tables – google rcracki
4. Brute force
Knowing how to use john is always good because it is fast.
Good writeup.
hmm, “tar -xvf john-1.7.2.tar” should be “tar -xvf john-1.7.2.tar.bz2″
and the link “wget ftp://ftp.openwall.com/pub/projects/john/contrib/john-1.7.2-all-9.diff.gz” goes not work anymore
ftp://ftp.openwall.com/pub/projects/john/contrib/john-1.6.37-raw-md5-1.diff.gz but I can’t make it work.
anybody?
Cocytus
Keep in mind that the version number may vary depending on what version you have…
Step 1. Download the source: wget ftp://ftp.openwall.com/pub/projects/john/1.7.2/john-1.7.2.tar.bz2
Step 2. Unpack the source: tar jxvf john-1.7.2.tar.bz2
Step 3. Change directory into the directory which was created: cd john-1.7.2
Step 4. Download the patch: wget ftp://ftp.openwall.com/pub/projects/john/contrib/john-1.6.37-raw-md5-1.diff.gz
Step 5. Unpack the patch: gunzip john-1.6.37-raw-md5-1.diff.gz
Step 6. Apply the patch: patch -p1 john-1.6.37-raw-md5-1.diff.gz
Step 7. Change directory into src: cd src
Step 8. Compile for your arch (run “make” to see a full list on targets): make generic
If you can’t find a file, browse the FTP site. If you’re having trouble with decompressing or patching, read the manual. If the build fails (step
it’s probably something with the code check Google.