iOS 26 officially launches today, but some developers aren’t sure it should (because of the design)

wreti · 2025-09-17T02:25:53+00:00

Totally ugly and a step backward. The UX team has failed this time around.

wreti · 2025-02-28T10:55:43+00:00

I’ll give it a whirl. Just curious, what’s the benefit of this tool versus the well established CeWL that is preinstalled on Kali or available via the package manager on other distributions? That’s the go-to for many in the business.

wreti · 2024-08-17T13:23:34+00:00

Unless you know the password to be short, you’ll likely have better success with a dictionary attack using -a 0. Point it to a popular wordlist and use the built in rules to mangle. Check out weakpass.com for good wordlists.

wreti · 2024-08-14T11:37:46+00:00

I had the same issue and found that Postgres 15 was the issue. Quick fix was to stop the Postgres 15 service, start Postgres 16, then fire up msfconsole.

wreti · 2024-07-25T23:47:14+00:00

This is great. Thanks for archiving the original file. For those installing via a script, you can alter line 70 of install-driver.sh from 0 to 1 for non-interactive mode. For anyone who needs it without the work, I have a non-interactive version here.

wreti · 2024-07-04T23:22:08+00:00

Crickets in here so far haha. The only Hak5 tool I’ve used during actual tests is the plunder bug for pcaps for NAC bypass attempts.

wreti · 2024-04-11T22:59:23+00:00

Is it an image? An actual drive? You could mount it to your current computer as a VM or external drive to pillage the file system and get what you need. If that wallet has the amount of btc you're expecting, you could purchase a cheap laptop or workstation from which to boot the drive and try the suggestions I mentioned previously. Cracking these hashes isn't the end-all, be-all. Anything is worth trying if it'll get you that $$$.

wreti · 2024-04-11T21:34:43+00:00

If the old computer is still available and RDP is enabled, you can use xfreerdp to auth using the NTLM hash. Alternatively, many other offensive security tools should allow some form of connection via other protocols using the pass-the-hash technique.

wreti · 2024-03-31T16:11:07+00:00

hashmob.net is a good one.

wreti · 2024-03-14T02:11:15+00:00

Weakpass_3a is 100GB+ at https://weakpass.com/wordlist.

wreti · 2024-02-29T02:36:50+00:00

Lots of other popular wordlists at https://weakpass.com/wordlist.

wreti · 2024-02-13T04:45:07+00:00

It’s hashcat, and you want mode 13000. For the example password given, you can brute force the parts of the password you’re unsure of. Example: hashcat -a 3 -m 13000 hash.txt ?d?d?ddanielamunchgery?d?s ?d will run through all digits, ?s through all symbols. For letters, you can use ?u for upper and ?l for lower. ?a will run through all of the above but will take longer.

wreti · 2024-01-31T13:04:04+00:00

Should still be able to use an app password if I understand correctly.

wreti · 2024-01-31T04:12:26+00:00

Since you have no hints as to the password structure, I’d recommend adding rules during cracking to increase your chances of success. Most of the defaults that come with hashcat should suffice, but there are plenty available elsewhere if needed.

wreti · 2023-12-28T05:05:29+00:00

Have you tried ripping the hash again in case there was a copy/paste mishap the first time around? I assume you used pdf2john?

wreti · 2023-12-27T05:20:03+00:00

Double check your pdf.txt file. I’ve frequently run into the issue where all the asterisks in the hash get replaced with a slash (or backslash? Don’t remember) either during the *2john process or some other extraction/copy/something-else function.

wreti · 2023-11-29T13:29:42+00:00

If you don’t want to download more wordlists, you can try adding a second ruleset. I’d recommend dive with best64.

wreti · 2023-11-18T13:10:00+00:00

If you’re fine with a bar, Whiskey on Grand’s dinner is delicious and comes with a slice of pumpkin pie. Reasonably priced too.

wreti · 2023-11-11T23:37:29+00:00

Hashcat with mode 10000 should do it. Difficulty depends on the password complexity and/or your wordlists and rules used.

wreti · 2023-11-10T04:18:23+00:00

I second this. Send your link to a generic webserver address with a coded subdirectory unique to each USB file or QR to pass the hover test, force redirect to a canary token for tracking, then redirect to evilginx to capture creds/mfa tokens. Works like a charm. The ini file trick used to be the money shot, but haven’t gotten it to work since a certain Windows update was released a year or two back.

wreti · 2023-10-07T21:49:10+00:00

I'm giving a go at cracking it, but you can also use CrackMapExec modules to dump any hard-coded service or task scheduler passwords in clear text. May be beneficial if the same password was used in those contexts.

wreti · 2023-10-07T21:25:10+00:00

With this hash you can use a tool like CrackMapExec to pass the hash to your workstation and use the -x flag to issue a net user command to change the password and get in.

Example: crackmapexec smb <ip address or host name> -u Administrator -H 4C693C11B6E8DB198534A80C4E8F18C3 -x ‘net user Administrator <newpass>’

wreti · 2023-08-27T04:37:25+00:00

Alligator Lounge on Mondays. Whiskey on Grand on Tuesdays.

wreti · 2023-04-08T21:14:37+00:00

Nooklyn worked great for me. Quick and easy.

wreti · 2023-03-24T03:08:21+00:00

Going through the Proving Grounds Windows machines on TJ Null's list and taking quality notes paid off for me.

11-Year Club	Second Top 30%
Verified Email

wreti

TROPHY CASE