HackDig : Dig high-quality web security articles for hacker

Java Key Store (JKS) format is weak and insecure

While preparing my talk for the marvelous BSides Zurich I noticed again how nearly nobody on the Internet warns you that Java’s JKS file format is weak and insecure. While users only need to use very strong passwords and keep the Key Store file secret to be on the safe side (for now!), I think it is important to tell people when a technology is weak. P
Publish At:2017-09-19 16:25 | Read:84 | Comments:0 | Tags:Password cracking encryption Java Java Key Store JKS

Cracking Java’s weak encryption – Nail in the JKS coffin

POC||GTFO journal edition 0x15 came out a while ago and I’m happy to have contributed the article “Nail in the JKS coffin”. You should really read the article, I’m not going to repeat myself here. I’ve also made the code available on my “JKS private key cracker hashcat” github repository. For those who really need a
Publish At:2017-07-07 05:55 | Read:379 | Comments:0 | Tags:Password cracking Android encryption hashcat Hashes Java JKS

Kali Linux 2017.1 is arrived, more power for password-cracking with cloud GPUs

Kali Linux 2017.1 rolling release was announced, the popular distro comes with a set of significant updates and features. The popular Kali Linux distribution has a new weapon in its hacking arsenal, it can use cloud GPUs for password cracking. Kali Linux is the most popular distribution in the hacking community, it is a Debian-based distro that includes nume
Publish At:2017-04-28 15:05 | Read:662 | Comments:0 | Tags:APT Hacking bruteforce attack GPU Kali Linux password cracki

RWMC – Retrieve Windows Credentials With PowerShell

RWMC is a Windows PowerShell script written as a proof of concept to Retrieve Windows Credentials using only PowerShell and CDB command-line options (Windows Debuggers).It allows to retrieve credentials from Windows 2003 to 2012 and Windows 10 (It was tested on 2003, 2008r2, 2012, 2012r2 and Windows 7 – 32 and 64 bits, Windows 8 and Windows 10 Home edi
Publish At:2016-01-26 04:10 | Read:874 | Comments:0 | Tags:Hacking Tools Password Cracking Windows Hacking hacking wind

123456 Still The Most Common Password For 2015

So sadly, but also unsurprisingly ‘123456’ is still the most common password for 2015 (based on leaked password lists) the same as it was in years before, e.g. The 25 Worst Passwords Of 2013 – “password” Is Not #1.Way back in 2006, it clocked in at number 5 in a rather UK centric look at passwords. Interestingly, back in 2006 a weaker version of
Publish At:2016-01-20 21:35 | Read:854 | Comments:0 | Tags:Password Cracking 2015 common passwords common-passwords mos

LaZagne – Password Recovery Tool For Windows & Linux

The LaZagne project is an open source password recovery tool used to retrieve passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases and so on). This tool has been developed for the purpose of finding these passwords for the most commonly-used software. At this moment
Publish At:2015-12-29 07:05 | Read:706 | Comments:0 | Tags:Windows Hacking Linux Hacking Hacking Tools Password Crackin

Hashcat, the fastest Password Cracking utility is now Open Source

Hashcat, the popular password recovery tool has been released as open source under the MIT license. You can contribute to it. The popular password cracking tool Hashcat is not an open source software, the announcement was first made on December 4 on Twitter via an MD5 hash that posted  the following message: “hashcat open sour
Publish At:2015-12-08 12:50 | Read:635 | Comments:0 | Tags:Breaking News Hacking Security Hashcat project open source p

Password Cracking Crew Cracks 11M Ashley Madison Passwords

A San Diego-based password cracking group has taken a big step towards deciphering some of the 36 million odd passwords leaked in last month’s Ashley Madison breach, a move that could quickly lead to the widespread hacking of any users who used the same password on other services.Hackers had previously attempted – and succeeded – to crack some users
Publish At:2015-09-11 00:30 | Read:757 | Comments:0 | Tags:Cryptography Data Breaches Ashley Madison CynoSure Prime Enc

Complexity and Storage Slow Attackers Down

Back in 2013, WhiteHat founder Jeremiah Grossman forgot an important password, and Jeremi Gosney of Stricture Consulting Group helped him crack it. Gosney knows password cracking, and he’s up for a challenge, but he knew it’d be futile trying to crack the leaked Ashley Madison passwords. Dean Pierce gave it a shot, and Ars Technica provides some context. A
Publish At:2015-08-31 12:50 | Read:670 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

Mimikatz – Gather Windows Credentials

Mimikatz is a tool to gather Windows credentials, basically a swiss-army knife of Windows credential gathering that bundles together many of the most useful tasks that you would perform on a Windows machine you have SYSTEM privileges on. It supports both Windows 32-bit and 64-bit and allows you to gather various credential types.Techniques such as Pass the H
Publish At:2015-07-28 01:40 | Read:852 | Comments:0 | Tags:Exploits/Vulnerabilities Hacking Tools Password Cracking Win

Passgen – Random Character Generator For WPA/WPA2 Key Cracking

Passgen is an simple Python alternative for the random character generator Crunch which attempts to solve cracking WPA/WPA2 keys by randomizing the output as opposed to generating a list like so (aaaaaaaa, aaaaaaab, aaaaaac, etc).Example usage with aircrack-ng: python passgen.py -l | sudo aircrack-ng --bssid 00:11:22:33:44:55 -w- WiFi.cap1python passgen.py -
Publish At:2015-07-10 16:35 | Read:836 | Comments:0 | Tags:Hacking Tools Password Cracking crunch key cracking key gene

Apple’s Password Storing Keychain Cracked on iOS & OS X

And another password shocker, a few days after ‘cloud’ password service LastPass was pretty seriously hacked (yah if you’re using it, change your master password) critical 0-day flaws in Apple’s password storing keychain have been exposed.Which is kinda funny, as after the LastPass hack I saw some people espousing the usage of Apple&#
Publish At:2015-06-17 19:20 | Read:974 | Comments:0 | Tags:Apple Cryptography Exploits/Vulnerabilities Password Crackin

Patator – Multi-threaded Service & URL Brute Forcing Tool

Patator is an extremely flexible, module, multi-threaded, multi-purpose service & URL brute forcing tool written in Python that can be used in many ways. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because:They either do not work or are not reliable (got me false negatives se
Publish At:2015-06-09 23:25 | Read:1001 | Comments:0 | Tags:Hacking Tools Network Hacking Password Cracking brute force

MessenPass – Recover MSN, Yahoo Messenger, ICQ, Trillian Passwords

MessenPass is a password recovery tool that reveals the passwords of the many popular Instant Messaging applications.MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the pa
Publish At:2015-03-09 17:25 | Read:880 | Comments:0 | Tags:Password Cracking messenpass msn messenger security password

Windows Credentials Editor (WCE) – List, Add & Change Logon Sessions

Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections
Publish At:2015-02-19 21:55 | Read:978 | Comments:0 | Tags:Hacking Tools Password Cracking Windows Hacking dump windows


Share high-quality web security related articles with you:)


Tag Cloud