home.social

#hashcat — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #hashcat, aggregated by home.social.

  1. New blog post:
    I demo cracking SQL Server 2025 login passwords offline.
    hashcat is currently the only viable tool for auditing SQL Server 2025 login passwords.

    The results show how #PBKDF2 slows down brute-force attacks both inside and outside of SQL Server compared to the pre-2025 hashing algorithm.

    Full methodology, benchmarks, and code included.
    vladdba.com/2026/04/16/crackin
    #sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql

  2. New blog post:
    I demo cracking SQL Server 2025 login passwords offline.
    hashcat is currently the only viable tool for auditing SQL Server 2025 login passwords.

    The results show how #PBKDF2 slows down brute-force attacks both inside and outside of SQL Server compared to the pre-2025 hashing algorithm.

    Full methodology, benchmarks, and code included.
    vladdba.com/2026/04/16/crackin
    #sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql

  3. My Spring gift to the #SQLServer and #InfoSec communities: support for cracking SQL Server 2025's PBKDF2 hashing algorithm with hashcat.
    Blog post coming this week.

    github.com/hashcat/hashcat/pul

    #Hashcat #DBA #CyberSecurity #MSSQL #SQL #SQLServer

  4. My Spring gift to the #SQLServer and #InfoSec communities: support for cracking SQL Server 2025's PBKDF2 hashing algorithm with hashcat.
    Blog post coming this week.

    github.com/hashcat/hashcat/pul

    #Hashcat #DBA #CyberSecurity #MSSQL #SQL #SQLServer

  5. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  6. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  7. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  8. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  9. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  10. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  11. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  12. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  13. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  14. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  15. running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

    anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

    i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

    it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

  16. running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

    anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

    i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

    it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

  17. running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

    anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

    i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

    it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

  18. running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

    anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

    i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

    it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

  19. 🔧 Malcolm Integration
    bash

    # Malcolm's zeekctl.cfg or local.zeek
    redef SSL::root_certs += {
    ["PolarProxy Root CA"] = "/opt/polarproxy/certs/rootCA.pem"
    };

    # In Malcolm's docker-compose.yml, ensure port mapping:
    # zeek:
    # ports:
    # - "57012:57012/tcp" # For PolarProxy PCAP feed

    30 protocols but what about hashcat - how many protocols now?

    Hashcat Protocol Support Count - As of hashcat v6.2.6 (latest stable), here are the current protocol/hash mode counts:
    Total Protocols/Hash Modes: 423+

    (This number grows with nearly every release) #hashcat,net #zeek

  20. Comme dans mon bureau il fait 13°C le matin et 16°C l’après midi j’ai relancé un audit des mots de passe sur #hashcat (GPU) et #John (CPU).
    Un chouilla bruyant mais la température monte doucement ♨️

    Demain ça devrait être à nouveau vivable.

  21. Crackmon, a crack rate monitor for hashcat, now supports mdxfind in PR11.

    Example: stop current attack if <100 cracks / 5 minutes.

    crackmon -t 5 -c 100 hashcat {hashcat args}
    or
    crackmon -t 5 -c 100 mdxfind {mdxfind args}

    forum.hashpwn.net/post/6138

    #hashcat #mdxfind #hashcracking #hashpwn

  22. A quick run down on some of the attacks and wordlist augmentation options in Hashcatalyst in.security/2025/11/11/hashcat

    #hashcat

  23. 🚀 New Release: hashgen v1.2.0

    Big update packed with new features:

    • Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
    • Updated yescrypt defaults to match Debian 12
    • Read full changelog:
    forum.hashpwn.net/post/5810

    #hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt

  24. 🚀 New Release: hashgen v1.2.0

    Big update packed with new features:

    • Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
    • Updated yescrypt defaults to match Debian 12
    • Read full changelog:
    forum.hashpwn.net/post/5810

    #hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt

  25. 🚀 New Release: hashgen v1.2.0

    Big update packed with new features:

    • Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
    • Updated yescrypt defaults to match Debian 12
    • Read full changelog:
    forum.hashpwn.net/post/5810

    #hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt

  26. 🚀 New Release: hashgen v1.2.0

    Big update packed with new features:

    • Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
    • Updated yescrypt defaults to match Debian 12
    • Read full changelog:
    forum.hashpwn.net/post/5810

    #hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt

  27. Just in case anyone out there is interested, the #dgx_spark does about 12min for the top 2bil passwords on an MD5 crypt hash. Sure that's not what it's meant for but come on...
    #hashcat
    #hashcat7
    #dgxspark
    #dgxsparkgb10
    #dgx

  28. Debian unstable and Devuan unstable now have bumped their hashcat from 6.x to hashcat 7.1.2.

    #hashcat

  29. nixpkgs and Slitaz "cooking" now have hashcat 7.1.2.

    #hashcat