home.social

#hashcat — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #hashcat, aggregated by home.social.

  1. New blog post:
    I demo cracking SQL Server 2025 login passwords offline.
    hashcat is currently the only viable tool for auditing SQL Server 2025 login passwords.

    The results show how #PBKDF2 slows down brute-force attacks both inside and outside of SQL Server compared to the pre-2025 hashing algorithm.

    Full methodology, benchmarks, and code included.
    vladdba.com/2026/04/16/crackin
    #sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql

  2. New blog post:
    I demo cracking SQL Server 2025 login passwords offline.
    hashcat is currently the only viable tool for auditing SQL Server 2025 login passwords.

    The results show how #PBKDF2 slows down brute-force attacks both inside and outside of SQL Server compared to the pre-2025 hashing algorithm.

    Full methodology, benchmarks, and code included.
    vladdba.com/2026/04/16/crackin
    #sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql

  3. My Spring gift to the #SQLServer and #InfoSec communities: support for cracking SQL Server 2025's PBKDF2 hashing algorithm with hashcat.
    Blog post coming this week.

    github.com/hashcat/hashcat/pul

    #Hashcat #DBA #CyberSecurity #MSSQL #SQL #SQLServer

  4. My Spring gift to the #SQLServer and #InfoSec communities: support for cracking SQL Server 2025's PBKDF2 hashing algorithm with hashcat.
    Blog post coming this week.

    github.com/hashcat/hashcat/pul

    #Hashcat #DBA #CyberSecurity #MSSQL #SQL #SQLServer

  5. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  6. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  7. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  8. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  9. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  10. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  11. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  12. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  13. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  14. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  15. running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

    anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

    i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

    it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

  16. running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

    anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

    i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

    it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

  17. running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

    anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

    i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

    it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

  18. running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

    anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

    i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

    it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

  19. 🔧 Malcolm Integration
    bash

    # Malcolm's zeekctl.cfg or local.zeek
    redef SSL::root_certs += {
    ["PolarProxy Root CA"] = "/opt/polarproxy/certs/rootCA.pem"
    };

    # In Malcolm's docker-compose.yml, ensure port mapping:
    # zeek:
    # ports:
    # - "57012:57012/tcp" # For PolarProxy PCAP feed

    30 protocols but what about hashcat - how many protocols now?

    Hashcat Protocol Support Count - As of hashcat v6.2.6 (latest stable), here are the current protocol/hash mode counts:
    Total Protocols/Hash Modes: 423+

    (This number grows with nearly every release) #hashcat,net #zeek

  20. 1236 emails envoyés à autant d’utilisateurisses dont j’ai pu casser le mot de passe lors d’un audit.
    Si tout se passe bien, demain j’aurais de la lecture.

    #hashcat #JohnTheRipper #motdepasse #RSSI

  21. Comme dans mon bureau il fait 13°C le matin et 16°C l’après midi j’ai relancé un audit des mots de passe sur #hashcat (GPU) et #John (CPU).
    Un chouilla bruyant mais la température monte doucement ♨️

    Demain ça devrait être à nouveau vivable.

  22. Crackmon, a crack rate monitor for hashcat, now supports mdxfind in PR11.

    Example: stop current attack if <100 cracks / 5 minutes.

    crackmon -t 5 -c 100 hashcat {hashcat args}
    or
    crackmon -t 5 -c 100 mdxfind {mdxfind args}

    forum.hashpwn.net/post/6138

    #hashcat #mdxfind #hashcracking #hashpwn

  23. A quick run down on some of the attacks and wordlist augmentation options in Hashcatalyst in.security/2025/11/11/hashcat

    #hashcat

  24. 🚀 New Release: hashgen v1.2.0

    Big update packed with new features:

    • Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
    • Updated yescrypt defaults to match Debian 12
    • Read full changelog:
    forum.hashpwn.net/post/5810

    #hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt

  25. Debian unstable and Devuan unstable now have bumped their hashcat from 6.x to hashcat 7.1.2.

    #hashcat

  26. nixpkgs and Slitaz "cooking" now have hashcat 7.1.2.

    #hashcat

  27. TUR (the Termux User Repository) now has hashcat 7.1.2!

    #hashcat

  28. SlackBuilds and Homebrew now have hashcat 7.1.2!

    #hashcat

  29. Since Wordpress v6.8, the default hash func produces a custom bcrypt hash: $wp$2y$10$...

    More info on this custom algo, how it uses hmac-sha384, and how to crack them with hashcat.

    forum.hashpwn.net/post/4205

    #wordpress #bcrypt #wpbcrypt #hashcracking #hashpwn #hashgen #hashcat

  30. 🐉 Top 10 Kali Linux Tools — Essential Picks

    Quick list of 10 widely-used Kali tools for recon, web testing, exploitation, and forensics — use only in labs or with explicit permission. ⚡🛡️

    #KaliLinux #PenTesting #InfoSec #EthicalHacking #Nmap #Wireshark #Metasploit #BurpSuite #Hashcat #Forensics

  31. Kali Linux rolling has bumped from hashcat 6.x to 7.1.2!

    #hashcat #kali

  32. Did you know, John the Ripper can use hashcat rules?

    Unlike hashcat’s simple -r flag, JtR requires some manual setup in a conf file. @freeroute posted a step-by-step guide explaining how to do this.

    forum.hashpwn.net/post/2718

    #jtr #john #JohnTheRipper #hashcat #rules #hashcracking #infosec #howto #hashpwn