Third party cookies may be stored when visiting this site. Please see the cookie information.

Penguin Fortress YouTube Channel

Understand Password Hacking with John the Ripper

Crack your own passwords to understand the risks

Learn how to keep your systems secure by understanding what hackers do.

Video Too Hot for YouTube

This video has been blocked from YouTube, although I am appealing that decision. Like many other videos on YouTube this video is intended to educate, and explains this in the context of the video. To follow the example in the video you already need root access so it is not something that a user could use to break into another system or person's account. The passwords that are cracked are simple passwords which the video explains how to avoid. Understanding this is a basic requirement for cybersecurity professions and is included in domain 3 of the CISSP study requirements.

The transcript is included below the video for you to decide yourself whether you think this is educational or "harmful or dangerous".

The video below shows how you can combine your password and shadow files into a single file, then pass the file through John the Ripper to launch a dictionary attack against the password file.

Transcript: Understanding Password Hacking with John the Ripper - Video Transcript

It explains the mechanisms that are used to protect your password (understand password hashes and the importance of the shadow file) and you can then use this technique to check how secure your passwords really are.

Please note that this should only be used against systems where you have appropriate permissions. Do not do use this to crack passwords that you don't own.

For more details about how username and password security work on Linux systems see the following guides:

Previous Linux passwd & shadow files
Linux passwd & shadow files
Next Stupid Password Rules
Stupid Password Rules