Posts tagged: #hashcat

How AS-REP roasting lets an unauthenticated attacker pull a crackable krb5asrep hash from accounts with preauth disabled, and how defenders catch it.

An HS256 token carries everything an attacker needs to verify a guessed secret offline. How weak HMAC keys fall to hashcat -m 16500, and how to forge tokens after.

Poison LLMNR and NBT-NS with Responder to capture a NetNTLMv2 challenge response, crack it with hashcat mode 5600, and know when to relay instead.

Extract DCC2 hashes from a domain-joined host with secretsdump, crack them with hashcat mode 2100, and understand why MS-Cache v2 is slow by design.

Two ways into a WPA2 network: capture the EAPOL handshake or pull a clientless PMKID. How to produce 22000 format and crack it with hashcat, plus why WPA3 resists.

How domain hashes get extracted from NTDS.dit with secretsdump, how to feed the NT hashes to hashcat, map them back to users, and detect a DCSync.

A practical comparison of hashcat and John the Ripper — GPU vs CPU strengths, autodetection, -m modes, jumbo formats, wordlists and rules — with example commands.

Why bcrypt drops cracking throughput from billions to thousands per second: the cost factor, its GPU-hostile key schedule, and the 72-byte truncation gotcha.

Hashcat won't autodetect anything. Here is how to pick the correct -m mode, disambiguate look-alike hashes, and read the errors that mean you chose wrong.

Found a mystery hash? Learn the signals that reveal its type — length, character set and prefixes like $2y$ or $6$ — and how to identify it privately in your browser.

MD5 is a fast unsalted digest that still litters real systems. Why cracking it is a preimage guessing game, not a collision, and what defenders should do.

How Kerberoasting actually works, why any domain user can do it, and the exact path from a krb5tgs ticket to a cracked service account password with hashcat.

Build hashcat masks with charsets, do the keyspace math, use custom charsets and increment, and know when -a 3 beats a wordlist and when it is hopeless.

NTLM is the MD4 of a UTF-16LE password: unsalted, fast, password-equivalent. How it differs from NetNTLMv2, where it lives, and why length is the only defence.

What the $6$ in /etc/shadow means, how sha512crypt rounds and salts work, why it is slower than raw SHA-512 but weaker than bcrypt, and how to crack it.

Benchmarks lie if you read them wrong. Workload profiles, optimized kernels, thermal throttling, multi-GPU and segmenting big attacks, with honest cloud rental math.

MD5 and SHA-1 fall to a GPU in seconds because they are fast and often unsalted. Learn why slow KDFs like bcrypt and Argon2 resist — and what defenders should do.

rockyou.txt is a starting line, not a strategy. How to combine curated wordlists, rules, masks and targeted lists, and when each one is a waste of GPU time.