hashpwn

Terms of Service & Privacy Policy Effective Date: Aug 31, 2025 Welcome to hashpwn.net (“we,” “our,” or “us”). By accessing or using hashpwn.net or any of its subdomains (collectively, the “Services”), you agree to comply with and be bound by these Terms of Service. This includes, but is not limited to, the forum and any Services we may provide under the hashpwn.net domain. If you do not agree, please discontinue use of the Services. 1. Eligibility You must be at least 18 years old to register for or use any hashpwn.net Services. By using our Services, you represent that you meet this requirement. 2. User Conduct When using any hashpwn.net Service, you agree not to: Post, share, or request personally identifiable information (PII). Share, request, or distribute illegally obtained data (e.g., combo lists, stolen data, etc). Engage in hate speech, harassment, or unlawful activities. Attempt to compromise, disrupt, or misuse any Service we provide. Our Services are intended for ethical cybersecurity research, discussion, and learning. Illegal activity is strictly prohibited. 3. User Content You retain ownership of any content you post, upload, or submit to hashpwn.net Services. By submitting content, you grant hashpwn.net a non-exclusive, worldwide license to store, display, and distribute your content as necessary to operate and provide the Services. Requests for deletion of publicly posted content will be honored, except in rare cases where retention is required for legal, security, moderation, or administrative reasons (e.g., evidence of abuse). Account deletion and personal data removal requests will always be honored. 4. Privacy & Data Collection We respect your privacy. We collect basic technical information such as IP address, cookies, browser type, and usage analytics. We use this information only for site functionality, security, and moderation. We may log usage data to maintain service quality. We do not sell, rent, or share your information with third parties for advertising or marketing purposes. Users may request removal of their personal data. 5. Disclaimer of Warranties All Services provided by hashpwn.net are offered “as is” and without warranties of any kind, whether express or implied. We do not guarantee uptime, availability, or error-free operation for any Service. Use of hashpwn.net Services is at your own risk. 6. Limitation of Liability To the fullest extent permitted by law, hashpwn.net, its owners, administrators, moderators, and affiliates are not liable for any damages arising from use of our Services, including but not limited to loss of data, downtime, security issues, or service interruptions. 7. Termination We reserve the right to suspend, restrict, or terminate accounts or access to any hashpwn.net Service at our discretion for violations of these Terms or other reasons deemed necessary to protect the community and infrastructure. 8. Changes to the Terms We may update these Terms at any time. Changes will be posted on this page with a new effective date. Continued use of our Services after updates are posted constitutes acceptance of the revised Terms. 9. Contact For questions, concerns, or requests, please contact: @cyclone (Admin/Owner)

7731_found.txt 226336_left.zip

Plex Breached... Again - Reset Your Passwords Now [image: 1757520050210-191207e8-7e4f-4769-a489-2e0b7e852b17-image.png] Plex breached again, change your password and sign out everywhere. Plex says an attacker got into one of its databases and pulled a limited set of user data, email, username, hashed passwords, authentication data. No payment info was stored. Plex is telling all users to reset their password, tick “Sign out connected devices” during the reset, then re-enable 2FA. If you use SSO, sign out of all devices from your account security page. Expect phishing around this, Plex won’t ask for your password or card details by email. This mirrors the 2022 incident, so treat it seriously. Sources: https://forums.plex.tv/t/important-notice-of-security-incident/930523 https://www.bleepingcomputer.com/news/security/plex-tells-users-to-reset-passwords-after-new-data-breach/ https://www.malwarebytes.com/blog/news/2025/09/plex-users-reset-your-password

Title: Hashcat Rule Extractor Author: chatgpt & A1131 Description: Easily extract Hashcat rules Download Hashcat Rule Extractor Hashcat Rule Extractor - Summary Purpose: The script analyzes complex passwords against a list of base words to automatically detect the transformation rules that convert base words into complex passwords. It outputs these transformations as Hashcat-style rules. Key Features: Rule Detection: Detects a wide range of rules including: Case changes (l, u, c, C, t, Tn) Reversals (r) Duplications (d, pN, q) Rotations ({, }) Insertions, deletions, overwrites (iNX, DN, oNX) Character appends/prepends ($X, ^X) Truncations, replacements, removals ('N, sXY, @X) Swaps and character shifts (k, K, *NM, L, R) Duplications of parts (zN, ZN, yN, YN) And fallback if no rules apply (:) Multiprocessing: Splits the base words across CPU cores for parallel processing to speed up rule detection. Progress Tracking: Uses tqdm progress bar for user-friendly progress visualization. Rule Sanitization: Converts any non-ASCII characters in detected rules into escaped hex format to ensure compatibility. Output: Saves all unique detected rules into a specified .rule file. Optional Cleanup: If available, runs an external cleanup-rules.bin utility to refine the rule set further. Logging: Optionally logs every match showing which base word transforms into which complex password and by which rule. How it Works: User Inputs: Paths to base words file, complex passwords file, output file, and logging preference. Load Data: Reads base words and complex passwords into memory. Detect Rules: For each complex password, checks every base word to find transformation rules that map base → complex. Collect & Store: Accumulates unique rules across all pairs. Save Results: Writes unique rules to output file, optionally cleans up the rules. Finish: Reports the number of unique rules found and ends. Use Case: Ideal for security researchers or penetration testers who want to generate or reverse-engineer Hashcat rules from known password pairs to improve cracking efficiency. Example Run: $ python3 rules_extractor.py Hashcat Rule Extractor Enter path to base words file: base.txt Enter path to complex passwords file: passwords.txt Enter output dirty.rule path: dirty.rule Show match logs? (y/N): y ... +] Match: bonkers1 -> bonkers | Rule: x07 [+] Match: boners -> bonkers | Rule: i3k [+] Match: yonkers -> bonkers | Rule: o0b [+] Match: yonkers -> bonkers | Rule: syb [+] Match: bonkers -> bonkers | Rule: : [+] Match: bonkers -> bonkers | Rule: l [+] Match: bonker -> bonkers | Rule: $s [+] Match: bonker -> bonkers | Rule: i6s Analyzing: 9%|████████▉ | 2567/30000 [08:50<1:46:34, 4.29it/s] [+] Match: 2128506 -> 2128506 | Rule: C [+] Match: 2128506 -> 2128506 | Rule: : ... Found 131 unique rules. Saving to: dirty.rule Running cleanup utility: ./cleanup-rules.bin ... Cleanup complete. Cleaned rules saved to clean.rule Done! Custom Hashcat rules extraction complete. ---------- source --> https://hashcat.net/wiki/doku.php?id=rule_based_attack ---------- Supported rules Rule Description Example Input Example Output : Do nothing (passthrough) p@ssW0rd p@ssW0rd l Lowercase all letters p@ssW0rd p@ssw0rd u Uppercase all letters p@ssW0rd P@SSW0RD c Capitalize first character, lowercase rest p@ssW0rd P@ssw0rd C Invert capitalize (lowercase first, uppercase rest) p@ssW0rd p@SSW0RD t Toggle case of all characters p@ssW0rd P@SSw0RD Tn Toggle case at position n (0-based index) p@ssW0rd (T3) p@sSW0rd r Reverse entire word p@ssW0rd dr0Wss@p d Duplicate entire word p@ssW0rd p@ssW0rdp@ssW0rd pN Duplicate entire word N times p2, p@ssW0rd p@ssW0rdp@ssW0rdp@ssW0rd f Reflect (append reversed word) p@ssW0rd p@ssW0rddr0Wss@p { Rotate left by 1 p@ssW0rd @ssW0rdp } Rotate right by 1 p@ssW0rd dp@ssW0r $X Append character(s) X $1$2, p@ssW0rd p@ssW0rd12 ^X Prepend character(s) X ^2^1, p@ssW0rd 12p@ssW0rd [ Truncate left (delete first char) p@ssW0rd @ssW0rd ] Truncate right (delete last char) p@ssW0rd p@ssW0r Dn Delete character at position n D3, p@ssW0rd p@sW0rd xNM Extract M chars starting at N x04, p@ssW0rd p@ss ONM Omit M chars starting at N O12, p@ssW0rd psW0rd iNX Insert character X at position N i4!, p@ssW0rd p@ss!W0rd oNX Overwrite character at position N with X o3$, p@ssW0rd p@s$W0rd 'N Truncate word at position N '6, p@ssW0rd p@ssW0 sXY Replace all instances of X with Y ss$, p@ssW0rd p@$$W0rd @X Purge all instances of X @s, p@ssW0rd p@W0rd zN Duplicate first character N times z2, p@ssW0rd ppp@ssW0rd ZN Duplicate last character N times Z2, p@ssW0rd p@ssW0rddd q Duplicate every character p@ssW0rd pp@@ssssWW00rrdd k Swap first two characters p@ssW0rd @pssW0rd K Swap last two characters p@ssW0rd p@ssW0dr *NM Swap character at position N with M *34, p@ssW0rd p@sWs0rd LN Bitwise shift left character at position N L2, p@ssW0rd p@æsW0rd RN Bitwise shift right character at position N R2, p@ssW0rd p@9sW0rd yN Duplicate first N characters y2, p@ssW0rd p@p@ssW0rd YN Duplicate last N characters Y2, p@ssW0rd p@ssW0rdrd

Sorted by occurrence of rules file from online hashcat rules collection # ls a1131 blandyuk ciphers dive hybrid kaonashi MISC pantagrule robot t0xic top_n aon buka clem9669 fordy insidepro korelogic nsa-rules probable-wordlists shooter3k techtrip unicorn append cake dipepe hob0rules jabbercracky masks nyxgeek README.md skalman tmesis # find . -name "*.rule" | du -sh 860M . # du -sh ../collection.rule 372M ../collection.rule # wc -l ../collection.rule 26913875 ../collection.rule

If you run into any issues logging into the forum, click the "login" URL from the front page at https://forum.hashpwn.net. Screenshot: [image: 1756917992032-27bf466f-c4be-436e-8eee-0659494ef8b8-image.png]