Mandiant releases rainbow table that cracks weak admin password in 12 hours https://arstechni.ca/Ukpp #passwordcracking #Security #Biz&IT #hashes #ntlm

Project Fail: Cracking a Laptop BIOS Password Using AI https://hackaday.com/2026/01/15/project-fail-cracking-a-laptop-bios-password-using-ai/
#Computerhacks #Bios #Passwordcracking

If you are:

• "abusing" hashcat --stdout or other cracking tools (or bulk string-generation tools) using GNU parallel, and

• you're producing highly duplicate output per process, and

• you need to do low-memory, best-effort dedupe in parallel, per process prior to passing the aggregated output to a final dedupe

... the dedupe tool included in CynosurePrime's rling repo:
https://github.com/Cynosureprime/rling

... really does the trick! Just do:

[parallel stuff] '[cmd] | dedupe' | final-process-thing

Thanks, @Waffle_Real !

#PasswordCracking

@kibcol1049 nope nope nope nope nope :)
This chart is highly irrelevant for end-users and very deceptive if you don’t take it into the context of the full article it illustrates.

I crack +40 characters long passwords on a regular basis.

Don’t share this chart.

ping @tychotithonus ;)

#password #passwordcracking

Allow us to reintroduce ourselves. The Hashcracky is a community hash cracking site for people of all skill levels. We host realistic time-locked password-cracking events designed to be fun and competitive for the cybersecurity and cryptographic communities with an arcade-inspired theme.

Hashcracky is created by cybersecurity professionals and teaches the skill of hash recovery. We focus on teaching the methodologies of hash cracking and providing a safe environment to study cybersecurity. Every hash is synthetic, so you can push your skills to the edge. Race the clock, collect loot, and battle your peers on a live leaderboard that only a select few ever reach.

We will be using this account to communicate events, winners, and other opportunities related to the community.

Great meeting you, and thanks for reading.
https://hashcracky.com/login

#introduction #hashcracky <- #jabbercracky #ctf #cybersecurity #passwordcracking #passwords

🔑 Password Security Tools – Awareness & Defense Guide 🛡️

Weak or reused passwords remain one of the biggest security risks. Security researchers and penetration testers use password auditing tools (in labs and authorized tests only) to identify vulnerabilities and help organizations enforce stronger authentication.

💡 Commonly Used Tools (Ethical Context Only):
1️⃣ John the Ripper – Classic password auditing tool for multiple formats.
2️⃣ Hashcat – GPU-powered password recovery tool, extremely fast.
3️⃣ Hydra – Network login password tester (SSH, FTP, RDP, HTTP, etc.).
4️⃣ Medusa – Parallel, modular password tester.
5️⃣ Cain & Abel (Legacy) – Windows password recovery & testing suite.

🛡️ Defense Strategies:
✔️ Enforce strong password policies (length, complexity, uniqueness).
✔️ Require Multi-Factor Authentication (MFA/2FA).
✔️ Regularly audit credentials and remove old accounts.
✔️ Use password managers to reduce reuse.
✔️ Monitor for credential leaks in threat intelligence feeds.

🌟 Why It Matters:
Password cracking tools highlight the danger of weak credentials. By understanding them, defenders can build stronger authentication systems and prevent breaches.

⚠️ Disclaimer:
This content is for educational and awareness purposes only. Password cracking tools should only be used in authorized environments with explicit permission. Unauthorized use is illegal and unethical.

#CyberSecurity #PasswordSecurity #InfoSec #EthicalHacking #PenTesting #BlueTeam #PasswordCracking #SecurityAwareness #EthicalTech #Authentication

So atom, main developer of @hashcat, used the "rapid prototyping in Python" plugin of the new "assimilation bridge" in the new hashcat 7¹, with some success in our DEF CON password CTF win this past weekend (hosted by @jabbercracky).

Afterwards, atom realized it would make a good case study for how to use the new feature, so he wrote it up:

https://hashcat.net/forum/thread-13346.html

If you do exploration of mystery hash types (either for CTFs, or in the real world) ... this approach should absolutely be in your toolbox.

¹Note that some work was done during the contest to make the Python bridge plugin better for these use cases; next minor release of 7 will have it, or grab hashcat.net/beta/ or the latest GitHub main branch.

#PasswordCracking #HashCracking
#hashcat #hashcat7

July 15th 1991: 34 years ago I published the first “modern” password cracker…
https://alecmuffett.com/article/113704
#ComputerHistory #PasswordCracking #crack

July 15th 1991: 34 years ago I published the first “modern” password cracker…

…or, rather, smeared its development over a few months in response to requests from Unix systems administrators all over the globe – on the Internet and/or several other networks. It was a spark that still glows, but also helped inform the way Infosec developed as a discipline, notably arguments about full disclosure.

Gosh I feel old.

https://www.youtube.com/watch?v=BrxJlp_3utk

#computerHistory #crack #passwordCracking

Super cool write-up from the winning team of the CrackTheCon #passwordCracking contest.

https://hashmob.net/writeups/HashMob.net%20-%20CrackTheCon%202025%20write-up.pdf

Well, this cracking attack is going to take 5.5 days on 2x 4090s.

#PasswordCracking #hashcat

🚨 Oh no! GNU Screen has "security issues"—quick, everyone panic! Meanwhile, the tech wizards are too busy inventing new buzzwords and password-cracking supertools that sound like rejected Marvel villains to actually fix anything. 🙄🔧
https://www.openwall.com/lists/oss-security/2025/05/12/1 #GNUScreen #Security #Issues #Panic #TechBuzzwords #PasswordCracking #MarvelVillains #HackerNews #ngated

PDFRip: Multi-threaded PDF Password Cracking Utility

PDFRip is a Rust-based tool for cracking PDF passwords using dictionary attacks, date/number ranges, and custom queries.

https://github.com/mufeedvh/pdfrip

#PasswordCracking

TIL if you generate and store all even faintly possible IPv4 IPs - 0.0.0.0 through 255.255.255.255 - as ASCII strings ... it takes about 58GB.

This is a #HaveIBeenPwned subtoot. 😜

#PasswordCracking

Password crackers:

If you're still mashing up all of your wordlists into a single monolithic file for deduplication purposes ... let me suggest an option that scales better, simply by approaching the problem differently:

Deduplicate each new source as it arrives, and then add it to a repository, by removing all strings already in your repository ...and then preserve it as a separate file! (You might call this the "sort once, deduplicate often" method.)

https://blog.techsolvency.com/2025/04/managing-unique-wordlists-password-cracking.html

The key benefit: the memory usage required is a factor of the size of the new file alone, rather than of the entire corpus.

Also useful for other medium-sized "dedupe a recurring stream of new sets of strings over time" use cases.

(And if you're not doing this anymore, now you have a reference to share with the folks who still are!)

#PasswordCracking

Top #hashcat tip:

Want per-position duplication in your rules to leverage your GPU?

It's not available in a single op, but you can emulate it by incrementally duplicating the first N chars, and then incrementally deleting the position and frequency of the redundant characters

#password #passwordcracking #pentest #redteam

hello everyone.
in today's article we examine cewl cheat sheet in detail:

i wish everyone a good reading:
https://denizhalil.com/2025/01/27/cewl-cheat-sheet/

#cewl #customwordlist #ethicalhacking #informationsecurity #kalilinux #passwordcracking #penetrationtesting #securitytools

A CMD script to crack password protected ZIP, RAR, 7z and PDF files, using JohnTheRipper.

https://github.com/illsk1lls/ZipRipper

#zipcrack #password #passwordcracking #JohnTheRipper

If you need to sort and dedupe a ton of strings/records, Cynosure Prime member blazer has released rlite, a 'lite' version of rling. I helped debug early versions. A nice balance of performant and simple, but with useful knobs like frequency counting, writing dupes to another file, etc.

(And heavy on the 'performant' - multi-threaded sort + dedupe time for 1.4B records in a 16GB file is 45 seconds on 48 EPYC 7642 cores, and uses 26GB of RAM)

https://github.com/Cynosureprime/rlite

#PasswordCracking