Attack types: Dictionary and Brute force
Taken from wikipdea: http://en.wikipedia.org/wiki/John_the_Ripper
One of the modes John can use is the dictionary attack. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John's single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the encrypted hashes.
John also offers a brute force mode. In this type of attack, the program goes through all the possible plaintexts, hashing each one and comparing it to the input hash. John uses character frequency tables to try plaintexts containing more frequently-used characters first. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it does take a long time to run.
This demo assumes you have acquired the hashes from a windows system (hashes.txt in this example) and a wordlist (readily available on the web, use google):
# ./john --wordlist=mywordlist.txt hashes.txt
Loaded 2 password hashes with no different salts (LM DES [128/128 BS SSE2])
guesses:2 time: 0:00:00:00 100% c/s 1298k trying: ANOS - ANYONE
As you can see the guest account has a blank password, while the admin account has a password of 'mypass'. John computer these hashes in less than a second with my chosen wordlist. Remember, you may only crack the password only if its in the wordlist. Take your time in choosing a good wordlist and make necessary changes to them based on your initial profiling of a potential target.