{"id":50368,"date":"2022-05-23T09:10:38","date_gmt":"2022-05-23T01:10:38","guid":{"rendered":"https:\/\/version-2.com.sg\/?p=50368"},"modified":"2022-08-19T15:17:00","modified_gmt":"2022-08-19T07:17:00","slug":"john-the-ripper-pt-4","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2022\/05\/john-the-ripper-pt-4\/","title":{"rendered":"John the Ripper Pt.4"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"50368\" class=\"elementor elementor-50368\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<style>\n.post-content h3 { font-size: 24px; color: #4c4ef0; line-height: 1.7em; }\n.post-content h4 { font-size: 20px; color: #4c4ef0; line-height: 1.7em; }\n.post-content h5 { font-size: 18px; color: #4c4ef0; line-height: 1.7em; }\n.post-content h6 { color: #4c4ef0; line-height: 1.7em; }\n<\/style>\n\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max\" alt=\"\" width=\"958\" height=\"auto\"><\/p>\n\n<h3><strong>Intro<\/strong><\/h3>\nIn this article \u2013 the last in our John the Ripper series \u2013 we would like to focus on how we can use John to crack SSH keys, as well as mention some basics of Custom Rules.\n\n<h3><strong>SSH<\/strong><\/h3>\nWhat is SSH? When do we use it (or should)? How does it work, and what are some encryption techniques\/technologies that SSH has to offer?\n<p>Let\u2019s answer all of these questions briefly (it is a <em>very <\/em>big topic), before delving further into how john can leverage some of its functionalities to crack the SSH private key password of the <strong>id_rsa <\/strong>files.<\/p>\n<p>SSH stands for <em>Secure Shell<\/em>, and is a remote administration protocol, which gives us the ability to access, control, or modify our remote infrastructure (usually servers) over the Internet. You might want to remote to your clients server to troubleshoot something, or to deploy some code.<\/p>\n<p>Historically, SSH was created as a replacement for the much more insecure protocol called Telnet, which, even though with the same purpose, doesn\u2019t offer encryption. You can see why that might make some of us feel quite awkward. SSH encrypts all of our communication to and from the remote server, by the virtue of encryption. With SSH we can authenticate a remote user, for example.<\/p>\n<p>To use SSH, we can simply pull up the terminal (for MacOS\/Linux) and type:<\/p>\n<p style=\"text-align: center;\"><strong>ssh &lt;username&gt;@&lt;ip_address&gt; -p(port_number)<\/strong><\/p>\n<p>Where the username is the name of the user we wish to connect as, and the IP address being that of our server we are connecting to. For Windows we can use a SSH client, the most known one being <a href=\"https:\/\/www.putty.org\/\" target=\"_blank\" rel=\"noopener\"><span>PuTTY<\/span><\/a>.<\/p>\n<p>For example, if we were to connect as a user called <strong>john <\/strong>to our remote server at 184.121.23.43 at the default port (for SSH its port 22), we would give a command like this:<\/p>\n<p style=\"text-align: center;\"><strong>ssh <\/strong><a href=\"mailto:john@184.121.23.43\" target=\"_blank\" rel=\"noopener\"><strong><span>john@184.121.23.43<\/span><\/strong><\/a><strong> -p22<\/strong><\/p>\n<p>Regardless of our platform, once we\u2019ve issued our command, we will get a prompt asking for a password for the user we specified, in order to authenticate us. If the credentials are correct, we will be shown a command-line, that of our server we just got into.<\/p>\n<br><br>\n<h3><strong>SSH and John the Ripper<\/strong><\/h3>\nAs we\u2019ve already mentioned, we can use john to crack private key passwords of our <strong>id_rsa<\/strong> files. If our target has configured key-based authentication \u2013 which just means they are using their private key \u2013 <strong>id_rsa<\/strong> \u2013 as their key to authenticate against the server and to log in using SSH. Since this will generally require a password, we can once again use John to help us crack that password, so that we can authenticate over the SSH (by the usage of the said key).\n<p>Another tool (as <strong>zip2john<\/strong>, and <strong>rar2john<\/strong> previously \u2013 sound familiar?) john leverages, is a tool called <strong>ssh2john<\/strong>. The logic remains the same \u2013 <strong>ssh2john<\/strong> converts the <strong>id_rsa<\/strong> key to a hash that John can work with. The syntax is virtually the same as before:<\/p>\n<p style=\"text-align: center;\"><strong>ssh2john [id_rsa_file] &gt; [output_file]<\/strong><\/p>\n<p><strong>ssh2john \u2013 <\/strong>command to call our converter tool<\/p>\n<p><strong>id_rsa_file \u2013<\/strong> path to our file that we want to convert to a hash<\/p>\n<p><strong>output_file \u2013 <\/strong>here, we will store our output e.g. the hash that we\u2019ve created<\/p>\n<p>One small thing of note, before we look at our example. If your terminal tells you that <strong>ssh2john <\/strong>can\u2019t be found (<em>command not found<\/em> \u2013 meaning <strong>ssh2john<\/strong> is not installed &#8211; like in the image below)<\/p>\n<p><br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/pNkM0L7ne1B_juN-SuedtkmMKhKYh0ggMI7Rkvc8njW0eHhIAni6ANlCmPsvyRs3-zCqfAQOXC4NK522lE48KAelNu7BtkFEGFHTbYrzwktV-Rjaj1Rr5HXPgCi_oNEc_7amr7Jz\" width=\"201\" height=\"42\"><\/p>\n<p>Please note that you can still use <strong>ssh2john.py<\/strong>, which is basically the same thing, wrapped inside a Python script. Usually, <strong>ssh2john.py<\/strong> is located in <em>\/opt\/john\/ssh2john.py <\/em>or, in case you\u2019re using Kali, you can find it in <em>\/usr\/share\/john\/ssh2john.py<\/em>. Just remember to invoke your Python scripts by adding python\/python3 to your command line first. (as shown in the image below)<\/p>\n<p><br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/CvITgQaekzFL2pl1bzvAkR--GcSCm_1BFCuUnPU3UDI7CTi4AI7ivxV1AvohMAf-yLDSMDkYYr44mSYnWmLX-iIZwYjO14taQXdwguDkilT0VZzWf-oedtwBMgwIaasnLkpHDxmJ\" width=\"531\" height=\"64\"><\/p>\n<p>This also brings us to our example.<\/p>\n<p>In order to do the cracking, we\u2019ve first created a new private\/public key-pair using <strong>ssh-keygen <\/strong>(image below)<\/p>\n<p><br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/HFhsFvB9wbSRZ3VyR_ar6JXSBr4-0IlgieqT8cpew-LWKQwAL9_24_tYj0rwTqqmwEPtnpN8XVr_eCsxqAOfI_Fb177SkRTe_MrqFo8mbLKYDV5XHbPygZ3UydfUoy4pPK6W16am\" width=\"370\" height=\"279\"><\/p>\n<p>(Spoiler alert! We\u2019ve used the passphrase <strong>banana<\/strong>)<\/p>\n<p>All that\u2019s left now is to do some john magic.<\/p>\n<p>First, we run our Python version of the <strong>ssh2john <\/strong>conversion tool \u2013 as shown below (which is the same image as above)<\/p>\n<p><br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/CvITgQaekzFL2pl1bzvAkR--GcSCm_1BFCuUnPU3UDI7CTi4AI7ivxV1AvohMAf-yLDSMDkYYr44mSYnWmLX-iIZwYjO14taQXdwguDkilT0VZzWf-oedtwBMgwIaasnLkpHDxmJ\" width=\"436\" height=\"53\"><\/p>\n<p>Simply, we\u2019ve asked Python to run the script called <strong>ssh2john<\/strong>, which can be found in the <em>\/usr\/share\/john\/ssh2john.py<\/em> path\u2026 again, if you\u2019re not on Kali, this would be <em>\/opt\/john\/ssh2john.py, <\/em>and then we\u2019ve given the path to our newly created (banana-protected) private key \u2013 \/<em>root\/.ssh\/id_rsa \u2013 <\/em>which we\u2019ve redirected to an output file on our Desktop, called KeyHash.txt.<\/p>\n<p>Now we are ready, and should have all we need in order for John to crack our private key password for us.<\/p>\n<p>We invoke John, using our trusty <strong>rockyou.txt<\/strong> wordlist, and let it do its thing:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x\" style=\"float: left;\" width=\"456\" height=\"225\"><\/p>\n\n<p>&nbsp;<\/p>\n<p>Lo and behold, 29 seconds after, John has returned to us with the correct output &#8211; <strong>banana<\/strong>, cracking our password successfully!<\/p>\n\n<h3><strong>Custom Rules<\/strong><\/h3>\nSimilarly to the single crack mode that we\u2019ve covered in <strong>part 2<\/strong> of our series (word mangling, or variations of a word, where we change the letters to capital letters, numbers, etc.) we can also define our own sets of rules in similar fashion. John will then use our newly created rules to create passwords. This can be quite useful if we know (or suspect) the password structure of whatever it is that we\u2019re attacking.\n<p>With this we can integrate capital letters, numbers, symbols&#8230; same as for the single crack mode. Also, this can prove to be rather useful for us, since organizations sometimes enforce password policies in order for them to be a bit less susceptible to dictionary attacks.<\/p>\n<p>This is exactly what an attacker might leverage to their advantage! As we all know people tend to make similar passwords, or even reuse them, and adding numbers and capital letters, or symbols can make it so they meet the password policy\u2019s requirement (complexity). Still, <strong><em>Babyblue1!<\/em><\/strong> is not an example of a secure password by any means!<\/p>\n<p>So, if an attacker knew about the password structure, used a bit of Social Engineering on the target they\u2019ve picked (some employee of the company perhaps), they could then easily connect the dots and compromise the system \u2013 gain a foothold into your now compromised organization.<\/p>\n<p>Password rules are usually located in the <em>\/<\/em><strong><em>etc\/john<\/em><\/strong> path, in a file called <strong>john.conf<\/strong>. Another path could be <em>\/<\/em><strong><em>opt\/john<\/em><\/strong><em>.<\/em><\/p>\n<p>To create our rule, the first line is used to create a name for the rule, which we can later invoke with John. It looks something like this:&nbsp;<\/p>\n<p><strong>[List.rules:Babyblue]<\/strong><\/p>\n<p>Then, we need to use a regex style pattern in order to define our rule further:<\/p>\n<p><strong>A0<\/strong> \u2013 prepends the word with characters we defined<\/p>\n<p><strong>c<\/strong> \u2013 capitalization of the character (position based!)<\/p>\n<p><strong>Az<\/strong> \u2013 appends the word with any characters we defined<\/p>\n<p><strong>u<\/strong> \u2013 convert to uppercase<\/p>\n<p>Now we just need to decide where and what we want to be changed. To define what\u2019s going to be prepended or appended, we put that in square brackets [] &#8211; in the order of usage!<\/p>\n<p>We end up with something similar to this:<\/p>\n<p><strong>cAz\u201d[0-9] [!@%$]\u201d<\/strong><\/p>\n<p>After that, all that\u2019s left is to add our rule to our usual command, by adding this flag: <strong>&#8211;rule=Babyblue<\/strong>.<\/p>\n<p>We would end with a command like this:<\/p>\n<p style=\"text-align: center;\"><strong>john &#8211;wordlist=\/usr\/share\/wordlists\/rockyou.txt &#8211;rule=Babyblue target_file_path<\/strong><\/p>\n<p>Of course, there are many resources out there, and we would suggest first checking out <a href=\"https:\/\/www.openwall.com\/john\/doc\/RULES.shtml\" target=\"_blank\" rel=\"noopener\"><span>these<\/span><\/a> <a href=\"https:\/\/github.com\/openwall\/john\" target=\"_blank\" rel=\"noopener\"><span>two<\/span><\/a>, if all this talk about custom rules has piqued your interest.<\/p>\n\n<h3><strong>Conclusion<\/strong><\/h3>\nSome finishing thoughts before we close out this series about John the Ripper. As we\u2019ve seen from some of our examples and stuff that what was mentioned in the series, John offers a lot of flexibility and versatility, but, as always, in order to leverage this great tool to its maximum potential, there\u2019s a lot of ground to be covered \u2013 this does not mean you need a PhD in Cryptography, of course, just a lot of trial and error!\n<p>We wish you happy (&amp; safe) password cracking!<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Intro In this article \u2013 the last in our John the Ripper [&hellip;]<\/p>","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-50368","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>John the Ripper Pt.4 - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"John the Ripper Pt.4 - Version 2\" \/>\n<meta property=\"og:description\" content=\"Intro In this article \u2013 the last in our John the Ripper [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-23T01:10:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-19T07:17:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/lh4.googleusercontent.com\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/john-the-ripper-pt-4\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"John the Ripper Pt.4\",\"datePublished\":\"2022-05-23T01:10:38+00:00\",\"dateModified\":\"2022-08-19T07:17:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/john-the-ripper-pt-4\\\/\"},\"wordCount\":1393,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/john-the-ripper-pt-4\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4\",\"name\":\"John the Ripper Pt.4 - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max\",\"datePublished\":\"2022-05-23T01:10:38+00:00\",\"dateModified\":\"2022-08-19T07:17:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4#primaryimage\",\"url\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max\",\"contentUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/john-the-ripper-pt.4#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"John the Ripper Pt.4\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"John the Ripper Pt.4 - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4","og_locale":"en_US","og_type":"article","og_title":"John the Ripper Pt.4 - Version 2","og_description":"Intro In this article \u2013 the last in our John the Ripper [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4","og_site_name":"Version 2","article_published_time":"2022-05-23T01:10:38+00:00","article_modified_time":"2022-08-19T07:17:00+00:00","og_image":[{"url":"https:\/\/lh4.googleusercontent.com\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"Written by":"version2hk","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/05\/john-the-ripper-pt-4\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"John the Ripper Pt.4","datePublished":"2022-05-23T01:10:38+00:00","dateModified":"2022-08-19T07:17:00+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/05\/john-the-ripper-pt-4\/"},"wordCount":1393,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4#primaryimage"},"thumbnailUrl":"https:\/\/lh4.googleusercontent.com\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/05\/john-the-ripper-pt-4\/","url":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4","name":"John the Ripper Pt.4 - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4#primaryimage"},"thumbnailUrl":"https:\/\/lh4.googleusercontent.com\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max","datePublished":"2022-05-23T01:10:38+00:00","dateModified":"2022-08-19T07:17:00+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4#primaryimage","url":"https:\/\/lh4.googleusercontent.com\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max","contentUrl":"https:\/\/lh4.googleusercontent.com\/MQ2SKWYWUl93ArwGBtLZYzG_eCYpF4ImbN73bJVQam49MRcihbTO3dJ9WivWSV90O08sIJXBQ5wnW-Tw-Es9qg4LmkHGYTTm2JVk2Ja2X2PTSQCDLORF5ipmH4QY6QYG3OESXs4x?tr=w-1800,c-at_max"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/john-the-ripper-pt.4#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"John the Ripper Pt.4"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/en\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-d6o","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/50368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=50368"}],"version-history":[{"count":1,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/50368\/revisions"}],"predecessor-version":[{"id":50369,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/50368\/revisions\/50369"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=50368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=50368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=50368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}