#hashcat — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hashcat, aggregated by home.social.
-
New blog post:
In which I cover and demo SQL Server roles and permissions that are viable avenues for privilege escalation to sysadmin.
https://vladdba.com/2026/05/22/sql-server-permission-privilege-escalation/
#sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql #mvpbuzz -
New blog post:
In which I cover and demo SQL Server roles and permissions that are viable avenues for privilege escalation to sysadmin.
https://vladdba.com/2026/05/22/sql-server-permission-privilege-escalation/
#sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql #mvpbuzz -
New blog post:
I demo cracking SQL Server 2025 login passwords offline.
hashcat is currently the only viable tool for auditing SQL Server 2025 login passwords.The results show how #PBKDF2 slows down brute-force attacks both inside and outside of SQL Server compared to the pre-2025 hashing algorithm.
Full methodology, benchmarks, and code included.
https://vladdba.com/2026/04/16/cracking-sql-server-2025-login-passwords-offline-with-hashcat/
#sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql -
New blog post:
I demo cracking SQL Server 2025 login passwords offline.
hashcat is currently the only viable tool for auditing SQL Server 2025 login passwords.The results show how #PBKDF2 slows down brute-force attacks both inside and outside of SQL Server compared to the pre-2025 hashing algorithm.
Full methodology, benchmarks, and code included.
https://vladdba.com/2026/04/16/cracking-sql-server-2025-login-passwords-offline-with-hashcat/
#sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql -
My Spring gift to the #SQLServer and #InfoSec communities: support for cracking SQL Server 2025's PBKDF2 hashing algorithm with hashcat.
Blog post coming this week. -
My Spring gift to the #SQLServer and #InfoSec communities: support for cracking SQL Server 2025's PBKDF2 hashing algorithm with hashcat.
Blog post coming this week. -
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.
anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.
i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.
it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat
-
running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.
anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.
i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.
it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat
-
running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.
anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.
i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.
it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat
-
running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.
anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.
i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.
it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat
-
🔧 Malcolm Integration
bash# Malcolm's zeekctl.cfg or local.zeek
redef SSL::root_certs += {
["PolarProxy Root CA"] = "/opt/polarproxy/certs/rootCA.pem"
};# In Malcolm's docker-compose.yml, ensure port mapping:
# zeek:
# ports:
# - "57012:57012/tcp" # For PolarProxy PCAP feed30 protocols but what about hashcat - how many protocols now?
Hashcat Protocol Support Count - As of hashcat v6.2.6 (latest stable), here are the current protocol/hash mode counts:
Total Protocols/Hash Modes: 423+(This number grows with nearly every release) #hashcat,net #zeek
-
New version of hashgen released.
v1.2.2
- added mode: halfmd5 -m 5100
- added mode: morsedecodehttps://forum.hashpwn.net/post/89
#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn
-
New version of hashgen released.
v1.2.2
- added mode: halfmd5 -m 5100
- added mode: morsedecodehttps://forum.hashpwn.net/post/89
#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn
-
New version of hashgen released.
v1.2.2
- added mode: halfmd5 -m 5100
- added mode: morsedecodehttps://forum.hashpwn.net/post/89
#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn
-
New version of hashgen released.
v1.2.2
- added mode: halfmd5 -m 5100
- added mode: morsedecodehttps://forum.hashpwn.net/post/89
#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn
-
New version of hashgen released.
v1.2.2
- added mode: halfmd5 -m 5100
- added mode: morsedecodehttps://forum.hashpwn.net/post/89
#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn
-
Standalone #password candidate generator using the PRINCE algorithm
-
Looking for a language specific wordlist? We are too! Share yours with the hashpwn community.
https://forum.hashpwn.net/post/7639
#hashpwn #wordlist #hashcracking #language #hashcat #jtr #dict #dictionary
-
Looking for a language specific wordlist? We are too! Share yours with the hashpwn community.
https://forum.hashpwn.net/post/7639
#hashpwn #wordlist #hashcracking #language #hashcat #jtr #dict #dictionary
-
Looking for a language specific wordlist? We are too! Share yours with the hashpwn community.
https://forum.hashpwn.net/post/7639
#hashpwn #wordlist #hashcracking #language #hashcat #jtr #dict #dictionary
-
Looking for a language specific wordlist? We are too! Share yours with the hashpwn community.
https://forum.hashpwn.net/post/7639
#hashpwn #wordlist #hashcracking #language #hashcat #jtr #dict #dictionary
-
Looking for a language specific wordlist? We are too! Share yours with the hashpwn community.
https://forum.hashpwn.net/post/7639
#hashpwn #wordlist #hashcracking #language #hashcat #jtr #dict #dictionary
-
Crackmon, a crack rate monitor for hashcat, now supports mdxfind in PR11.
Example: stop current attack if <100 cracks / 5 minutes.
crackmon -t 5 -c 100 hashcat {hashcat args}
or
crackmon -t 5 -c 100 mdxfind {mdxfind args} -
A quick run down on some of the attacks and wordlist augmentation options in Hashcatalyst https://in.security/2025/11/11/hashcatalyst-automating-password-cracking
-
🚀 New Release: hashgen v1.2.0
Big update packed with new features:
• Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
• Updated yescrypt defaults to match Debian 12
• Read full changelog:
https://forum.hashpwn.net/post/5810#hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt
-
🚀 New Release: hashgen v1.2.0
Big update packed with new features:
• Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
• Updated yescrypt defaults to match Debian 12
• Read full changelog:
https://forum.hashpwn.net/post/5810#hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt
-
🚀 New Release: hashgen v1.2.0
Big update packed with new features:
• Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
• Updated yescrypt defaults to match Debian 12
• Read full changelog:
https://forum.hashpwn.net/post/5810#hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt
-
🚀 New Release: hashgen v1.2.0
Big update packed with new features:
• Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
• Updated yescrypt defaults to match Debian 12
• Read full changelog:
https://forum.hashpwn.net/post/5810#hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt
-
Just in case anyone out there is interested, the #dgx_spark does about 12min for the top 2bil passwords on an MD5 crypt hash. Sure that's not what it's meant for but come on...
#hashcat
#hashcat7
#dgxspark
#dgxsparkgb10
#dgx -
Debian unstable and Devuan unstable now have bumped their hashcat from 6.x to hashcat 7.1.2.
-
nixpkgs and Slitaz "cooking" now have hashcat 7.1.2.