by Wayne E Goodrich (Outlaw)
(Transferred from the wiki by Peter)

A common use for John The Ripper is for auditing your user's passwords. Some organizations' security policies require regular audits of user passwords and here, I will outline a simple john session using very bad passwords. We'll do that for the sake of time, since strong passwords take way too long to crack. The good thing about that is that by the time someone can crack one of your passwords, your security policy should have had you change it already. It is common for passwords to be changed every 90 days in corporate IT.

First let's get john
For RHELs 2.1, 3.0 and Fedora, you can get the RPMs at DAG Wieer's.
Debian and Gentoo already have john available in their repositories.

Running john
Ok, now we have john and can run it on some easy passwords. We'll start by creating 3 new accounts and create temporary files for john to work with. Also, with DAG Wieer's RPM, john does'nt know where his ini file is, so in that case, cd over to /etc.
Code:
[root@testbox root]# useradd bill
[root@testbox root]# passwd bill
Changing password for user bill.
New password: things
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@testbox root]# useradd chuck
[root@testbox root]# passwd chuck
Changing password for user chuck.
New password: stuff
BAD PASSWORD: it is too short
Retype new password:
passwd: all authentication tokens updated successfully.
[root@testbox root]# useradd stan
[root@testbox root]# passwd stan
Changing password for user stan.
New password: junk
BAD PASSWORD: it is too short
Retype new password:
passwd: all authentication tokens updated successfully.
[root@testbox root]# tail -n 3 /etc/passwd > passfile
[root@testbox root]# tail -n 3 /etc/shadow > shdwfile
[root@testbox root]# unshadow passfile shdwfile > johnfile
[root@testbox root]# cd /etc
[root@testbox etc]# john /root/johnfile
Loaded 3 passwords with 3 different salts (FreeBSD MD5 [32/32])
stuff           (chuck)
junk            (stan)
bill            (things)
guesses: 3  time: 0:00:08:23 (3)  c/s: 1968  trying: things
[root@testbox etc]#
We see that john quickly cracked these passwords, since they were based on dictionary words and were short. It is possible to specify a much larger dictionary file for john to use, which is available on john's website. /usr/share/doc/john should contain some more information. For long runs, tapping enter will let you know what john is doing.
More info:
http://www.openwall.com/john/
http://freshmeat.net/projects/john/