How to Crack Windows Passwords with John the Ripper

In this tutorial, l will show you how to use John the Ripper to crack Windows 10, 8 and 7 passwords on your own PC.

John the Ripper is an offline password-cracking tool designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks. Simply put, John cracks passwords.

Extract Hashes from Windows

The first thing you need to do is to grab the password hashes from the SAM file. Security Account Manager (SAM) is a database file in Windows 10/8/7 that stores user passwords in encrypted form, which could be located in the following directory:

C:\Windows\system32\config

To extract the SAM files, open a command prompt (cmd) on the windows machine and type the following commands:

reg.exe save hklm\sam C:\sam.save
reg.exe save hklm\system C:\system.save

These commands will grab the password hashes from your current system and save it into the C:\ drive.

Now you need to copy those two files (sam.save, system.save) and switch to the Kali Linux machine or other Linux distribution, and paste the files on the Desktop.

To see the hashes from the files, I will use the following command in the terminal.

impacket-secretsdump –sam sam.save –system system.save LOCAL

Here you can see the accounts and the hashes. In my case I will choose to crack the password from user “John”.

To do that I will copy the hash (4b73ab495e53411975629cebebc9621c) and create a new text file using nano text editor.

nano johnhash.txt