How to Extract Password from password hashes with Johnny

If you have already read my article on john the ripper you know how hackers can hack passwords provided they can get access to the password hashes. Now I hope you know how to get password hashes or least what password hashes are. But using john the ripper is a pain. It is all terminal black and white boring stuff. How can I crack passwords without all that?

Must read: Hacking passwords with android phones

Well, Johnny has the answer you want.

Introducing Johnny the GUI version of john the ripper. It is available by default in Kali Linux. You can install it in windows if you want.

To install johnny just download Johnny setup from the official website.

You also need john the ripper setup file which you can download from here.

Now open and install johnny like any other app.Once you are done with that now you need to set up Johnny. To do this extract john the ripper in a folder.

Use johnny settings to locate and connect both john the ripper and johnny.

Now that both are connected to each other you can start hacking passwords with the GUI interface.

For this demo tutorial, we will be using the DEFCON challenge list which is a listed of hashed passwords we need to crack. It has over 50000 account passwords which we will crack in less than 2 hours.

So without further ado, let’s get cracking

Step 1:

Import hashes

Start Johnny and import the hashes with the open password file option

Hashes imported

Step 2:

Find a word list

Download a good wordlist from the internet. I’m using the two billion possible passwords wordlist which you can download from here.

Step 3:

Select the wordlist

Go to the wordlist section and select the downloaded wordlist.

Step 4:

Hash type selection

Now by default, the most used type of hash will be auto-selected for cracking for the rest you need to select the type manually.

Step 5:

Start cracking passwords

Now as you see sha1 is my auto-selected type. Once this is selected click on start attack, and the password cracking should start. It is easy to crack passwords as long as you have patience.

Step 6:

Changing hash type

Once you have cracked all the possible hashes of a certain type. Change the hash format to type a different type of hash. And again start cracking.

Step 7:

Done done done

By the time you have tried all the hash types in Johnny. You will have cracked over 50000 passwords. Do note you do need some patience. It took me 2 hours depending on my pc speed. If you have a better pc you will be able to do it faster.

Congratulations on hacking and completing the 50000 account challenge!!!

So how does it all work?

Well, what occurs is that Johnny automated the process of cracking passwords and, using our wordlist, began comparing the hashes of passwords with the hashes present in the challenge list. As evident in the images below, these passwords are by no means easy to guess or excessively simple; nonetheless, they were susceptible to easy hacking. In simpler terms, hackers can successfully breach almost any password with a robust wordlist.

How do I protect my account password?

• Beware of phishing attacks
• Use two-factor authentication for everything (all websites you use)
• Make a password with a minimum of 12 characters. Bigger the password harder it is to crack. Those 12 characters should not be present in the dictionary.
• Check if your email was ever compromised. Visit https://haveibeenpwned.com/ website and check your email if it was ever compromised.
• Stay alert and improve your knowledge by reading articles on the hacking world.

Don`t miss: How to secure your accounts from hackers

 Q1. Can Johnny hack any password hash?

Technically speaking, yes, it can be possible provided you fulfill all the requirements to crack the password. For instance, if you have a complicated password present in the wordlist dictionary you are using, you can easily hack it. Additionally, if you are aware of the exact length of the password, hacking that password becomes simple.

 Q2. Is this tool free to use?

Yes, users can use this version for free, while a separate paid version is available for those who require additional features. I haven’t tested the paid version yet, which offers numerous features. According to my assessment, the free version is satisfactory, unless you are a professional hacker utilizing it for business purposes.

Q.3 Can you use this tool online?

No, this is an offline password cracking tool to crack hashes. It cannot perform online password cracking attacks. You need to use hydra for online password cracking.

Q.4 Can you hack facebook and Instagram with this tool?

Yes, you can hack any website as facebook and Instagram provided you get the hashes of the facebook and Instagram password. You cannot crack any online passwords with this tool.

Q.5 Can someone crack any password hash?

Only when the corresponding password is discovered can hashes be cracked. If the password is both large and highly unique, and it does not exist within a wordlist, your security level becomes significantly enhanced. This is why we consistently recommend that our users maintain extended and intricate passwords for their accounts. Our recommended minimum password length is 12 characters.

Q.6 Do websites have similar password hashes?

Yes, but the database stores them. If one can extract the database, accessing the passwords becomes easy. However, professional websites maintain robust security and prevent such straightforward hacking. This tool does not facilitate online password cracking.

soon we are going to add hacking courses so don’t forget to support us . !