We will need Metasploit's built-in database up and running for the John the Ripper module to work later, so start it with the following command: ~# service postgresql start Since we know the target is running an unpatched version of Windows 7, we can use EternalBlue to quickly exploit the system from our Kali box. To begin, we will need to compromise the target and get a Meterpreter session. In this tutorial, we will obtain the hash of an additional user that has logged onto the system (admin2). The John the Ripper module should work on any version of Windows we can grab the hashes from. The method of exploitation doesn't matter so much here, as long as you can get a Meterpreter session on the target. We will be using an unpatched version Windows 7 as the target, so if you have a copy lying around, feel free to use it. Metasploit actually contains a little-known module version of JTR that can be used to quickly crack weak passwords, so let's explore it in an attempt to save precious time and effort.
It's a powerful piece of software that can be configured and used in many different ways.
There are many password-cracking tools out there, but one of the mainstays has always been John the Ripper.