Passwords are a weak link in enterprise security. As users struggle with requirements for complex passwords and password managers, bad habits multiply: post-it notes on screens, Word docs with passwords listed, retaining default passwords, reused passwords, and other workarounds.
That’s why cybercriminals go after passwords so often. Once a hacker steals credentials, they can enter sensitive systems or wait in ambush to stage a devastating attack against a prized asset. And because users tend to reuse passwords, they attempt to crack other systems and websites with them too in password spraying and credential stuffing attacks. It’s enough to make you want to go passwordless.
Penetration testing, therefore, pays close attention to password cracking. John the Ripper is a free, easy-to-use, open-source tool that takes the best aspects of various password crackers and unites them into one package. As such it can be harnessed by pen testers to detect weak passwords and find a way into a system or database.