Skip to content

General Discussion

22 Topics 200 Posts

General discussions that don't fit in other categories. All topics must still follow forum rules.

  • Infosec News

    123
    1
    1 Votes
    123 Posts
    35k Views
    cycloneC
    FortiBleed: The ongoing Fortinet Compromise Campaign [image: 1782402742745-fortibleed.png] Fortinet devices are once again in the spotlight, this time due to an ongoing large-scale compromise campaign being tracked as FortiBleed. This appears to be less of a single clean “one CVE explains everything” situation and more of a broader Fortinet edge-device compromise wave involving exposed management surfaces, credential theft, weak or reused passwords, and recently patched Fortinet issues. The most relevant confirmed vulnerability tied to the current Fortinet activity is CVE-2026-24858, an authentication bypass issue involving FortiCloud SSO. Fortinet says the flaw could allow an attacker with a FortiCloud account and registered device to authenticate into devices registered to other accounts when FortiCloud SSO was enabled. Fortinet also stated that the issue was exploited in the wild and that server-side mitigations were applied in late January before fixed software versions were released. For FortiGate/FortiOS, affected versions include: FortiOS 7.6.0 through 7.6.5 FortiOS 7.4.0 through 7.4.10 FortiOS 7.2.0 through 7.2.12 FortiOS 7.0.0 through 7.0.18 Fixed versions are: FortiOS 7.6.6 or later FortiOS 7.4.11 or later FortiOS 7.2.13 or later FortiOS 7.0.19 or later The broader FortiBleed campaign is being reported as active and large-scale, with researchers observing mass targeting of internet-facing Fortinet FortiGate devices across many countries. The activity reportedly includes extraction of FortiGate configuration files, credential reuse, brute forcing, and cracking of stored credential hashes from older or upgraded FortiOS deployments. One important detail is that this campaign may not be driven by CVE-2026-24858 alone. Some reports suggest attackers are abusing a mix of stolen credentials, exposed admin portals, weak authentication practices, and possibly recently patched Fortinet vulnerabilities. Fortinet’s own analysis also points heavily toward post-auth activity, account creation, configuration theft, and abuse of valid or compromised credentials. Observed post-compromise behavior includes: Successful FortiCloud SSO administrative logins Creation of local admin accounts such as audit, backup, itadmin, secadmin, or support Export or theft of FortiGate configuration files Reuse of credentials recovered from configs Brute-force attempts against exposed services Continued targeting of SSL VPN and management interfaces The config theft angle is especially important. FortiGate configs can contain sensitive operational data, VPN details, user/account references, LDAP/RADIUS settings, local users, firewall objects, and other information useful for follow-on compromise. Even if passwords are hashed, older FortiOS deployments or upgraded systems may still contain weaker stored password hashes unless admins have logged in again or passwords have been rotated. Admins should treat this as a compromise-assessment event, not just a normal patch cycle. Sources: Fortinet PSIRT - CVE-2026-24858: https://fortiguard.fortinet.com/psirt/FG-IR-26-060 Fortinet analysis of SSO abuse on FortiOS: https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Arctic Wolf FortiBleed campaign writeup: https://arcticwolf.com/resources/blog/active-fortibleed-campaign-impacting-fortinet-devices-across-194-countries/ Kudelski Security FortiBleed research: https://kudelskisecurity.com/research/fortinet-fortibleed-global-compromise-active-exploitation-of-fortinet-vulnerabilities
  • Bitlocker Bypass Vulnerability

    2
    1
    0 Votes
    2 Posts
    40 Views
    cycloneC
    Full write up: https://forum.hashpwn.net/post/13339
  • Hash cracking rig specs

    2
    0 Votes
    2 Posts
    120 Views
    cycloneC
    I have multiple rigs, servers, desktops, laptops and raspberry pi 3b, 4 & 5 SBC, but the two below are my main hash cracking rigs. Rig #1 GPU(s): 1x Nvidia RTX 4090 MSI Suprim Liquid X GPU Cooling: Waterblock GPU Driver: 580.95.05 (CUDA 13.0) GPU Overclock / Undervolt Settings: 400W power limit CPU(s): 1x Ryzen 7 3700X CPU Cooling: Waterblock RAM: 64gb DDR4 G.SKILL Ripjaws V (4x16GB) MB: ASUS ROG STRIX X470-F GAMING Storage: (OS, ZFS RAIDZ1, backups, scratch disk, etc) - NVMe: 1x 2TB ADATA - SSD: 4x 2TB Samsung 870 - SSD: 1x 120GB OCZ - HDD: 2x 8TB WD80 PSU: 1600W EVGA SuperNOVA Platinum+ OS: Debian 13 Tools Used: hashcat 6.2.6 / 7.x, mdxfind, jtr, rling, hashgen, spider, pcfg-go Rig Type: rackmount LAN: 10Gb fiber (SFP+) Rig #2 GPU(s): 2x NVIDIA RTX 4090 MSI Gaming X GPU Cooling: Air (triple-fan) GPU Driver: 580.95.05 (CUDA 13.0) GPU Overclock / Undervolt Settings: 400W power limit CPU(s): 2x Intel Xeon E5-2690 v4 CPU Cooling: OEM Dell RAM: 128GB DDR4 ECC (8x16GB) MB: OEM Dell 0KJCC5 Storage: (OS, ZFS RAIDZ1) - SSD: 5x 2TB Samsung 870 QVO PSU: - 825W Dell OEM Platinum - 1600W EVGA SuperNOVA 1600 Platinum+ (GPUs) OS: Debian 13 Tools Used: hashcat 6.2.6 / 7.x, mdxfind, jtr, rling, hashgen, spider, pcfg-go Rig Type: rackmount LAN: 10Gb fiber (SFP+)
  • Solflare Crypto Wallet Vulnerability - "xpass exploit"

    18
    2
    1 Votes
    18 Posts
    3k Views
    cycloneC
    Update: Details of the Solflare “xpass” Exploit March 13, 2026 Over the past year I have received many requests asking when I would release the full details of the Solflare xpass exploit. Today, I am publishing those details. This post serves as an update to my original disclosure in Feb 2025 regarding a purposeful backdoor master key I discovered in the Solflare Chrome wallet extension that allows a wallet vault to be decrypted without requiring the user's wallet password. At the time of the original report I privately disclosed this to Solflare and delayed public publication to give Solflare time to address the exploit. The Core Issue Solflare stores two critical values inside the extension's LevelDB storage: solflaredata – encrypted wallet vault containing the seed phrase <-- this encrypted string contains the wallet seed phrase solflarexpass – a key used to decrypt the vault <-- the "backdoor master key" Because the decryption key is stored locally alongside the encrypted vault, the user's wallet password is not required to decrypt the vault and gain access to the wallet's seed phrase. All that is required to decrypt the wallet and gain access to the seed phrase is access to the Chrome extension storage and extraction of the solflarexpass key -- something very easy for a malicious actor or stealer malware to do. Once the vault is extracted with the key, the seed phrase can be recovered. No password cracking required. Example Storage Layout Inside the Chrome Solflare extension storage database the relevant entries appear similar to: solflaredata: { "data":{ "digest":"sha256", "encoding":"base64", "encrypted64":"..." } } solflarexpass: "<stored key>" Using the key stored in solflarexpass, the encrypted vault (solflaredata) can be decrypted. A screenshot of the original report is attached below. [image: 1773412854934-c25dc614-d139-4de7-9c3b-da142cb773bb-image.png]
  • XMR reached $800 (x2) in 5 days

    1
    1
    0 Votes
    1 Posts
    476 Views
    No one has replied
  • xiaopan forum

    1
    0 Votes
    1 Posts
    316 Views
    No one has replied
  • wordlists for a specific country

    3
    0 Votes
    3 Posts
    598 Views
    A1131A
    CN passwords International
  • Wordpress v6.8 Bcrypt - hmac-sha384

    1
    1 Votes
    1 Posts
    1k Views
    No one has replied
  • any one have database to brute for learning proposes?

    2
    0 Votes
    2 Posts
    747 Views
    D
    A "clean one" I wean that not all third pepole have it. I had a couple but that was along time ago. So if you please. I will be thankful
  • hashcat GPU benchmarks

    14
    0 Votes
    14 Posts
    4k Views
    cycloneC
    hashcat v7.0.0+4.2 benchmark (updated 2025/08/02@16:25) # gpu: nvidia rtx 4090 # manufacture: msi # model: suprim liquid x # settings: 450w stock settings # vbios: 95.02.18.00.52 # 08/02/2025 # NVIDIA-SMI 575.57.08 # CUDA Version: 12.9.1 # hashcat (v7.0.0+4.2) ./hashcat.bin -b hashcat (v7.0.0-4-g9727714cf) starting in benchmark mode Benchmarking uses hand-optimized kernel code by default. You can use it in your cracking session by setting the -O option. Note: Using optimized kernel code limits the maximum supported password length. To disable the optimized kernel code in benchmark mode, use the -w option. Initializing bridges. Please be patient...Initialized bridgesInitializing backend runtimes. Please be patient...Initialized backend runtimesInitializing backend devices. Please be patient...Initialized backend devicesCUDA API (CUDA 12.9) ==================== * Device #01: NVIDIA GeForce RTX 4090, 23688/24080 MB, 128MCU OpenCL API (OpenCL 3.0 CUDA 12.9.76) - Platform #1 [NVIDIA Corporation] ======================================================================= * Device #02: NVIDIA GeForce RTX 4090, skipped Benchmark relevant options: =========================== * --backend-devices=2 * --backend-devices-virtmulti=1 * --backend-devices-virthost=1 * --optimized-kernel-enable ------------------- * Hash-Mode 0 (MD5) ------------------- Speed.#01........: 164.2 GH/s (90.81ms) @ Accel:128 Loops:1024 Thr:896 Vec:8 ---------------------- * Hash-Mode 100 (SHA1) ---------------------- Speed.#01........: 58208.9 MH/s (73.51ms) @ Accel:64 Loops:1024 Thr:512 Vec:1 --------------------------- * Hash-Mode 1400 (SHA2-256) --------------------------- Speed.#01........: 21947.7 MH/s (91.50ms) @ Accel:15 Loops:1024 Thr:1024 Vec:4 --------------------------- * Hash-Mode 1700 (SHA2-512) --------------------------- Speed.#01........: 7476.6 MH/s (89.57ms) @ Accel:8 Loops:1024 Thr:640 Vec:1 ------------------------------------------------------------- * Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL) [Iterations: 4095] ------------------------------------------------------------- Speed.#01........: 2574.3 kH/s (88.52ms) @ Accel:7 Loops:1024 Thr:1024 Vec:1 ----------------------- * Hash-Mode 1000 (NTLM) ----------------------- Speed.#01........: 284.1 GH/s (73.54ms) @ Accel:192 Loops:1024 Thr:896 Vec:8 --------------------- * Hash-Mode 3000 (LM) --------------------- Speed.#01........: 155.7 GH/s (95.78ms) @ Accel:448 Loops:1024 Thr:256 Vec:1 -------------------------------------------- * Hash-Mode 5500 (NetNTLMv1 / NetNTLMv1+ESS) -------------------------------------------- Speed.#01........: 158.2 GH/s (77.39ms) @ Accel:96 Loops:1024 Thr:1024 Vec:1 ---------------------------- * Hash-Mode 5600 (NetNTLMv2) ---------------------------- Speed.#01........: 11696.0 MH/s (89.49ms) @ Accel:8 Loops:1024 Thr:1024 Vec:1 -------------------------------------------------------- * Hash-Mode 1500 (descrypt, DES (Unix), Traditional DES) -------------------------------------------------------- Speed.#01........: 6321.6 MH/s (84.67ms) @ Accel:4 Loops:1024 Thr:1024 Vec:1 ------------------------------------------------------------------------------ * Hash-Mode 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)) [Iterations: 1000] ------------------------------------------------------------------------------ Speed.#01........: 70840.0 kH/s (96.54ms) @ Accel:56 Loops:1000 Thr:1024 Vec:1 ---------------------------------------------------------------- * Hash-Mode 3200 (bcrypt $2*$, Blowfish (Unix)) [Iterations: 32] ---------------------------------------------------------------- Speed.#01........: 248.8 kH/s (95.61ms) @ Accel:8 Loops:32 Thr:24 Vec:1 -------------------------------------------------------------------- * Hash-Mode 1800 (sha512crypt $6$, SHA512 (Unix)) [Iterations: 5000] -------------------------------------------------------------------- Speed.#01........: 1210.2 kH/s (85.52ms) @ Accel:4 Loops:1000 Thr:1024 Vec:1 -------------------------------------------------------- * Hash-Mode 7500 (Kerberos 5, etype 23, AS-REQ Pre-Auth) -------------------------------------------------------- Speed.#01........: 3642.8 MH/s (95.91ms) @ Accel:334 Loops:256 Thr:32 Vec:1 ------------------------------------------------- * Hash-Mode 13100 (Kerberos 5, etype 23, TGS-REP) ------------------------------------------------- Speed.#01........: 3551.8 MH/s (96.00ms) @ Accel:326 Loops:256 Thr:32 Vec:1 --------------------------------------------------------------------------------- * Hash-Mode 15300 (DPAPI masterkey file v1 (context 1 and 2)) [Iterations: 23999] --------------------------------------------------------------------------------- Speed.#01........: 463.4 kH/s (82.19ms) @ Accel:7 Loops:1000 Thr:1024 Vec:1 --------------------------------------------------------------------------------- * Hash-Mode 15900 (DPAPI masterkey file v2 (context 1 and 2)) [Iterations: 12899] --------------------------------------------------------------------------------- Speed.#01........: 262.2 kH/s (76.61ms) @ Accel:4 Loops:512 Thr:1024 Vec:1 ------------------------------------------------------------------ * Hash-Mode 7100 (macOS v10.8+ (PBKDF2-SHA512)) [Iterations: 1023] ------------------------------------------------------------------ Speed.#01........: 3273.1 kH/s (79.01ms) @ Accel:4 Loops:512 Thr:1024 Vec:1 --------------------------------------------- * Hash-Mode 11600 (7-Zip) [Iterations: 16384] --------------------------------------------- Speed.#01........: 2231.6 kH/s (91.80ms) @ Accel:17 Loops:4096 Thr:512 Vec:1 ------------------------------------------------ * Hash-Mode 12500 (RAR3-hp) [Iterations: 262144] ------------------------------------------------ Speed.#01........: 287.1 kH/s (71.10ms) @ Accel:5 Loops:16384 Thr:512 Vec:1 -------------------------------------------- * Hash-Mode 13000 (RAR5) [Iterations: 32799] -------------------------------------------- Speed.#01........: 278.7 kH/s (85.27ms) @ Accel:12 Loops:1024 Thr:512 Vec:1 -------------------------------------------------------------------------------- * Hash-Mode 6211 (TrueCrypt RIPEMD160 + XTS 512 bit (legacy)) [Iterations: 1999] -------------------------------------------------------------------------------- Speed.#01........: 1989.6 kH/s (90.02ms) @ Accel:6 Loops:500 Thr:1024 Vec:1 ----------------------------------------------------------------------------------- * Hash-Mode 13400 (KeePass 1 (AES/Twofish) and KeePass 2 (AES)) [Iterations: 24569] ----------------------------------------------------------------------------------- Speed.#01........: 332.1 kH/s (82.05ms) @ Accel:10 Loops:1024 Thr:512 Vec:1 ------------------------------------------------------------------- * Hash-Mode 6800 (LastPass + LastPass sniffed) [Iterations: 100099] ------------------------------------------------------------------- Speed.#01........: 92374 H/s (86.89ms) @ Accel:8 Loops:1024 Thr:768 Vec:1 -------------------------------------------------------------------- * Hash-Mode 11300 (Bitcoin/Litecoin wallet.dat) [Iterations: 200459] -------------------------------------------------------------------- Speed.#01........: 34141 H/s (78.29ms) @ Accel:4 Loops:1024 Thr:1024 Vec:1 Started: Sat Aug 2 16:11:47 2025 Stopped: Sat Aug 2 16:19:10 2025
  • Hello, how can I contact sir Cyclone?

    Moved
    2
    0 Votes
    2 Posts
    486 Views
    cycloneC
    First, make sure to read through the Forum Rules: https://forum.hashpwn.net/topic/27/welcome-to-hashpwn-start-here There's several ways to contact me: Reply to this Topic with your question Chat with me here on hashpwn: https://forum.hashpwn.net/user/cyclone Message me on Matrix: https://forum.hashpwn.net/post/138
  • Systems Programming: Memory Safety

    Solved
    2
    0 Votes
    2 Posts
    830 Views
    cycloneC
    Thanks to everyone who played along! Rust is the clear favorite out of the 59 responses. https://www.rust-lang.org/ With Zig trailing behind for second place. https://ziglang.org/ [image: 1745243283992-2ea96ec5-2d29-4f6b-972f-e42303887766-image.png]
  • Fake "Security Alert" issues being posted on GitHub

    2
    0 Votes
    2 Posts
    356 Views
    cycloneC
    Update: The fake issue posted by djiazz, and the user's account have been removed from GitHub. GitHub's response: ...Our review of the account named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response... Full response: GitHub (GitHub Support) Mar 16, 2025, 9:27 PM UTC Hi cyclone, Our review of the account named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response. Please note that our response to abuse on GitHub varies depending on the exact circumstances of each case, as noted in our Community Guidelines: What happens if someone violates GitHub's Policies Additional information on dealing with offensive users or content can be found here: What if something or someone offends you? Thank you for helping create a safe and welcoming environment for software developers. Regards, GitHub Trust & Safety
  • JetKVM - SSH password-auth w/insecure default root password

    2
    15
    2 Votes
    2 Posts
    1k Views
    cycloneC
    GitHub Repo Updates: 2025/02/22 - Issue: jetkvm/kvm https://github.com/jetkvm/kvm/issues/187 2025/02/24 - Issue: jetkvm/rv1106-system https://github.com/jetkvm/rv1106-system/issues/6 2025/02/24 - PR: jetkvm/rv1106-system https://github.com/jetkvm/rv1106-system/pull/7 2025/02/24 - PR: chemhack removed default root password "rockchip" https://github.com/jetkvm/rv1106-system/pull/8
  • Makemore for password candidate / rule generation

    2
    1 Votes
    2 Posts
    370 Views
    0
    Just wanted to stop by and say thanks for giving the challenge a go. Your uploads were a fun surprise also, as it's still on the down low :). Made my day, cheers.
  • GPU / Cracking Hardware in Signature

    6
    2 Votes
    6 Posts
    884 Views
    6
    Updated mine just now.
  • Happy New Year!

    2
    3 Votes
    2 Posts
    245 Views
    6
    And the same to you.
  • Benchmarking different speeds when I actually run it.

    2
    0 Votes
    2 Posts
    324 Views
    R
    Update. I solve the issue I put -O in the commandline.
  • Customized hashcat that can run on v0 blockchain.info wallet?

    1
    0 Votes
    1 Posts
    193 Views
    No one has replied
  • Happy Holidays All 🙂

    4
    1 Votes
    4 Posts
    511 Views
    PlumP
    Merry Christmas and Happy New Year everyone!