Skip to content

hashcat john

Marcel Schmalzl edited this page Dec 27, 2023 · 3 revisions

John the Ripper (JtR)

Penetration testing tool. Compared to hashcat computation is more CPU-based.

Install

sudo snap install john-the-ripper
# john tools can be found here: /snap/john-the-ripper/<version>/run/

# Did not install tools like pdf2john for me (only via snap)
sudo apt-get install john

hashcat

Penetration testing and password cracking tool. Computation more GPU-based compared to JtR.

  • On Windows using WSL you cannot use GPU support; install a native version of hashcat together with the CUDA SDK Toolkit (for NVIDIA) to make use of your GPU.

Available hashes

https://hashcat.net/wiki/doku.php?id=example_hashes

Example use

Recover pdf password

/snap/john-the-ripper/<version>/run/pdf2john.pl /path/to/pdf
./pw_protected_pdf.pdf:$pdf$1*2*40*4294967292*1*16*46e7e30ee4795b94046bd79bec1d8068*32*1b09289b5975d8a8dccc30fe296e2ad3f0c79877f11ea65de3a8fe9892fda0d0*32*1aa771c2867a919f3360d0f668e5d7428b4acd8fc56d6ce15fb3f62f05479aff

Hashcat only needs the hash (remove <filename>:).

Needed hashcat mode is 10700:

hashcat -m 10700 ./pw_protected_pdf.pdf -O
Clone this wiki locally