New Release: IPScope v0.2.4
IPScope is a powerful, but easy to use CLI tool for IP lookup and subdomain discovery.
What's new?
Sanity checks for punycode domains, added output file option, json formatted output, small bug fixes.
Recent searches
Search options
Administered by:
#hashpwn
2 posts2 participants0 posts today
Installing the official Nvidia CUDA-toolkit on linux distros can be a pain. Here's a script that automates this so you can get back to cracking hashes.
Continued thread
#yescrypt_crack source code v0.2.0; 2025-03-06 uploaded to GitHub.
After seeing yescrypt hashes appear in CMIYC a while back, I started developing a yescrypt cracker in pure Go. Since then, yescrypt has become the default /etc/shadow hash for many popular linux distros such as Debian, Ubuntu, RHEL, Fedora, and Arch (to name a few), but hash cracking support for this algo has been limited to JtR -- until now.
Here's a sneak peek of the yescrypt_cracker POC:
GitHub PR for JetKVM password-auth issue mentioned here: https://infosec.exchange/@cyclone/114051390949658870
Infosec ExchangeCyclone (@cyclone@infosec.exchange)Didn't take long to find a vulnerability in my shiny new JetKVM: Password-based SSH auth w/insecure default password.
https://forum.hashpwn.net/post/435
Spoiler:
Issue #1: JetKVM isn't supposed to have password-auth SSH
Issue #2: JetKVM uses an insecure default root password
#jetkvm #hashpwn #ssh
Didn't take long to find a vulnerability in my shiny new JetKVM: Password-based SSH auth w/insecure default password.
https://forum.hashpwn.net/post/435
Spoiler:
Issue #1: JetKVM isn't supposed to have password-auth SSH
Issue #2: JetKVM uses an insecure default root password
New GitHub Release:
Solflare Wallet Extractor and Decryptor binaries have been posted on GitHub. #solflare_pwn
During a recent audit of the Solflare Crypto Wallet browser extension, I came across a major vulnerability that allows the encrypted seed phrase and private keys to be instantly recovered -- without requiring the wallet password to decrypt them.
Solflare Wallet has been reverse engineered -- wallets can be extracted and their seed phrase recovered.
Nvidia RTX 5090 hashcat benchmarks.
Countdown for the next Jabbercracky hash cracking contest has begun! Mark your calendars for this weekend.
Atomic Wallet Extractor:
Updated source code for atomic_extractor to support hashcat -m 30020.
Updated source code of phantom_extractor has been released which now supports hashcat modes 30010, 26650 and 26651.
New Release: crackmon v0.2.0
Details: Hashcat wrapper for bypassing current session if crack rate falls below threshold.
New Release: atomic_pwn v0.2.3
Details: Atomic Wallet Extractor & Decryptor -- Now fully cross compatible with Linux and Windows.
If you're into hash cracking or CTF challenges, 0.0.0.0 just launched Jabbercracky -- an arcade-themed CTF site! 
New Release: IPScope v0.2.2
IPScope is a powerful, but easy to use CLI tool for IP lookup and subdomain discovery.
What's new?
Geo-printout: Now shows city, state, and country for resolved IPs.
Merry Christmas from hashpwn! Here's a shiny new wordlist to try out.
