Collaborate Disseminate
I am new to JTR and am currently trying to crack some passworts I generated.
Because I am new to JTR, I wanted to start by hashing a simple password like "Cat", write it in a file named pw.txt and then crack the password with Joh… Continue reading John the Ripper not working properly
I’m considering the feasibility of a .onion domain for my website to cater to privacy conscious users.
Actions that occur before there’s a known UserID (eg. login page) need to have a bounded number of attempts to prevent bruteforce attack… Continue reading How do you rate limit bruteforce attempts on a Tor hidden service?
Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services.
The post Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks appeared first on SecurityWeek.
Continue reading Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks
I encountered a strange error when using Hydra to brute force an http-post-form. Please tell me how to write a request correctly to avoid mistakes?
hydra -L userslist -p passlist "url" http-post-form ‘/login:{"loginType"… Continue reading How to correctly compose a command for brute force http-post-forms?
The title is slightly confusing but what I mean is that if you are brute forcing every combination of a password, (not using leaked dictionaries like Rockyou.txt,) you can generate custom wordlists with tools such as crunch, and then brute… Continue reading Is it feasible to run a program that generates passwords on the fly for brute force attacks to save disk space? [duplicate]
By Waqas
Ukrainian police seized a massive trove of 100 million stolen email and Instagram accounts – Three individuals were…
This is a post from HackRead.com Read the original post: Ukraine Arrests Hackers for Selling 100 Million Email, In… Continue reading Ukraine Arrests Hackers for Selling 100 Million Email, Instagram Accounts
I am doing CTF ‘Skynet’ from THM and came across this problem.
Enumerating SMB, I gathered credentials ‘milesdyson’ and a list of passwords ‘log1.txt’.
I figured that I could try to brute force squirrelMail login form using Hydra. This is … Continue reading Hydra says different passwords with are correct each run, but only one works
Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country’s Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft corporate email systems to burrow into the company’s source code repositorie… Continue reading Microsoft: Russian hackers accessed internal systems, code repositories
Theoretical question – Say we have a randomly generated password with 80-bit entropy, stored as a single-round, unsalted SHA256 hash. For a determined attacker with current (2024) technology, what would be the cost of bruteforcing it, in t… Continue reading Is a randomly generated 80-bit password strong enough nowadays?
I have a microservice which sole purpose is to serve as a cache for other microservices. The point of the cache is to speed up processing, but the strong password hash algo counter that purpose. (Company policy require all service to be se… Continue reading Weak password hash + strong rate limiter = secure?