WhatsApp Zero-Click Hack - CVE-2025-55177 [image: 1758294205795-31216b18-5965-4b8c-b4cf-8995160a5278-image-resized.png] A recently patched zero-click exploit in WhatsApp (CVE-2025-55177), combined with an Apple OS flaw (CVE-2025-43300), allowed attackers to silently install spyware on iOS and Mac devices. The campaign ran for 90 days and targeted fewer than 200 people worldwide, mainly activists and journalists. Victims’ messages, photos, locations, and device data could be exposed without any user action. While mass users were not affected, the flaw remained dangerous until fixed. Sources: https://apnews.com/article/whatsapp-security-vulnerability-update-0e5081c3eeb44e47e39ddd38c29a6771 https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/

A "clean one" I wean that not all third pepole have it. I had a couple but that was along time ago. So if you please. I will be thankful

hashcat v7.0.0+4.2 benchmark (updated 2025/08/02@16:25) # gpu: nvidia rtx 4090 # manufacture: msi # model: suprim liquid x # settings: 450w stock settings # vbios: 95.02.18.00.52 # 08/02/2025 # NVIDIA-SMI 575.57.08 # CUDA Version: 12.9.1 # hashcat (v7.0.0+4.2) ./hashcat.bin -b hashcat (v7.0.0-4-g9727714cf) starting in benchmark mode Benchmarking uses hand-optimized kernel code by default. You can use it in your cracking session by setting the -O option. Note: Using optimized kernel code limits the maximum supported password length. To disable the optimized kernel code in benchmark mode, use the -w option. Initializing bridges. Please be patient...Initialized bridgesInitializing backend runtimes. Please be patient...Initialized backend runtimesInitializing backend devices. Please be patient...Initialized backend devicesCUDA API (CUDA 12.9) ==================== * Device #01: NVIDIA GeForce RTX 4090, 23688/24080 MB, 128MCU OpenCL API (OpenCL 3.0 CUDA 12.9.76) - Platform #1 [NVIDIA Corporation] ======================================================================= * Device #02: NVIDIA GeForce RTX 4090, skipped Benchmark relevant options: =========================== * --backend-devices=2 * --backend-devices-virtmulti=1 * --backend-devices-virthost=1 * --optimized-kernel-enable ------------------- * Hash-Mode 0 (MD5) ------------------- Speed.#01........: 164.2 GH/s (90.81ms) @ Accel:128 Loops:1024 Thr:896 Vec:8 ---------------------- * Hash-Mode 100 (SHA1) ---------------------- Speed.#01........: 58208.9 MH/s (73.51ms) @ Accel:64 Loops:1024 Thr:512 Vec:1 --------------------------- * Hash-Mode 1400 (SHA2-256) --------------------------- Speed.#01........: 21947.7 MH/s (91.50ms) @ Accel:15 Loops:1024 Thr:1024 Vec:4 --------------------------- * Hash-Mode 1700 (SHA2-512) --------------------------- Speed.#01........: 7476.6 MH/s (89.57ms) @ Accel:8 Loops:1024 Thr:640 Vec:1 ------------------------------------------------------------- * Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL) [Iterations: 4095] ------------------------------------------------------------- Speed.#01........: 2574.3 kH/s (88.52ms) @ Accel:7 Loops:1024 Thr:1024 Vec:1 ----------------------- * Hash-Mode 1000 (NTLM) ----------------------- Speed.#01........: 284.1 GH/s (73.54ms) @ Accel:192 Loops:1024 Thr:896 Vec:8 --------------------- * Hash-Mode 3000 (LM) --------------------- Speed.#01........: 155.7 GH/s (95.78ms) @ Accel:448 Loops:1024 Thr:256 Vec:1 -------------------------------------------- * Hash-Mode 5500 (NetNTLMv1 / NetNTLMv1+ESS) -------------------------------------------- Speed.#01........: 158.2 GH/s (77.39ms) @ Accel:96 Loops:1024 Thr:1024 Vec:1 ---------------------------- * Hash-Mode 5600 (NetNTLMv2) ---------------------------- Speed.#01........: 11696.0 MH/s (89.49ms) @ Accel:8 Loops:1024 Thr:1024 Vec:1 -------------------------------------------------------- * Hash-Mode 1500 (descrypt, DES (Unix), Traditional DES) -------------------------------------------------------- Speed.#01........: 6321.6 MH/s (84.67ms) @ Accel:4 Loops:1024 Thr:1024 Vec:1 ------------------------------------------------------------------------------ * Hash-Mode 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)) [Iterations: 1000] ------------------------------------------------------------------------------ Speed.#01........: 70840.0 kH/s (96.54ms) @ Accel:56 Loops:1000 Thr:1024 Vec:1 ---------------------------------------------------------------- * Hash-Mode 3200 (bcrypt $2*$, Blowfish (Unix)) [Iterations: 32] ---------------------------------------------------------------- Speed.#01........: 248.8 kH/s (95.61ms) @ Accel:8 Loops:32 Thr:24 Vec:1 -------------------------------------------------------------------- * Hash-Mode 1800 (sha512crypt $6$, SHA512 (Unix)) [Iterations: 5000] -------------------------------------------------------------------- Speed.#01........: 1210.2 kH/s (85.52ms) @ Accel:4 Loops:1000 Thr:1024 Vec:1 -------------------------------------------------------- * Hash-Mode 7500 (Kerberos 5, etype 23, AS-REQ Pre-Auth) -------------------------------------------------------- Speed.#01........: 3642.8 MH/s (95.91ms) @ Accel:334 Loops:256 Thr:32 Vec:1 ------------------------------------------------- * Hash-Mode 13100 (Kerberos 5, etype 23, TGS-REP) ------------------------------------------------- Speed.#01........: 3551.8 MH/s (96.00ms) @ Accel:326 Loops:256 Thr:32 Vec:1 --------------------------------------------------------------------------------- * Hash-Mode 15300 (DPAPI masterkey file v1 (context 1 and 2)) [Iterations: 23999] --------------------------------------------------------------------------------- Speed.#01........: 463.4 kH/s (82.19ms) @ Accel:7 Loops:1000 Thr:1024 Vec:1 --------------------------------------------------------------------------------- * Hash-Mode 15900 (DPAPI masterkey file v2 (context 1 and 2)) [Iterations: 12899] --------------------------------------------------------------------------------- Speed.#01........: 262.2 kH/s (76.61ms) @ Accel:4 Loops:512 Thr:1024 Vec:1 ------------------------------------------------------------------ * Hash-Mode 7100 (macOS v10.8+ (PBKDF2-SHA512)) [Iterations: 1023] ------------------------------------------------------------------ Speed.#01........: 3273.1 kH/s (79.01ms) @ Accel:4 Loops:512 Thr:1024 Vec:1 --------------------------------------------- * Hash-Mode 11600 (7-Zip) [Iterations: 16384] --------------------------------------------- Speed.#01........: 2231.6 kH/s (91.80ms) @ Accel:17 Loops:4096 Thr:512 Vec:1 ------------------------------------------------ * Hash-Mode 12500 (RAR3-hp) [Iterations: 262144] ------------------------------------------------ Speed.#01........: 287.1 kH/s (71.10ms) @ Accel:5 Loops:16384 Thr:512 Vec:1 -------------------------------------------- * Hash-Mode 13000 (RAR5) [Iterations: 32799] -------------------------------------------- Speed.#01........: 278.7 kH/s (85.27ms) @ Accel:12 Loops:1024 Thr:512 Vec:1 -------------------------------------------------------------------------------- * Hash-Mode 6211 (TrueCrypt RIPEMD160 + XTS 512 bit (legacy)) [Iterations: 1999] -------------------------------------------------------------------------------- Speed.#01........: 1989.6 kH/s (90.02ms) @ Accel:6 Loops:500 Thr:1024 Vec:1 ----------------------------------------------------------------------------------- * Hash-Mode 13400 (KeePass 1 (AES/Twofish) and KeePass 2 (AES)) [Iterations: 24569] ----------------------------------------------------------------------------------- Speed.#01........: 332.1 kH/s (82.05ms) @ Accel:10 Loops:1024 Thr:512 Vec:1 ------------------------------------------------------------------- * Hash-Mode 6800 (LastPass + LastPass sniffed) [Iterations: 100099] ------------------------------------------------------------------- Speed.#01........: 92374 H/s (86.89ms) @ Accel:8 Loops:1024 Thr:768 Vec:1 -------------------------------------------------------------------- * Hash-Mode 11300 (Bitcoin/Litecoin wallet.dat) [Iterations: 200459] -------------------------------------------------------------------- Speed.#01........: 34141 H/s (78.29ms) @ Accel:4 Loops:1024 Thr:1024 Vec:1 Started: Sat Aug 2 16:11:47 2025 Stopped: Sat Aug 2 16:19:10 2025

First, make sure to read through the Forum Rules: https://forum.hashpwn.net/topic/27/welcome-to-hashpwn-start-here There's several ways to contact me: Reply to this Topic with your question Chat with me here on hashpwn: https://forum.hashpwn.net/user/cyclone Message me on Matrix: https://forum.hashpwn.net/post/138

Thanks to everyone who played along! Rust is the clear favorite out of the 59 responses. https://www.rust-lang.org/ With Zig trailing behind for second place. https://ziglang.org/ [image: 1745243283992-2ea96ec5-2d29-4f6b-972f-e42303887766-image.png]

Update: The fake issue posted by djiazz, and the user's account have been removed from GitHub. GitHub's response: ...Our review of the account named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response... Full response: GitHub (GitHub Support) Mar 16, 2025, 9:27 PM UTC Hi cyclone, Our review of the account named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response. Please note that our response to abuse on GitHub varies depending on the exact circumstances of each case, as noted in our Community Guidelines: What happens if someone violates GitHub's Policies Additional information on dealing with offensive users or content can be found here: What if something or someone offends you? Thank you for helping create a safe and welcoming environment for software developers. Regards, GitHub Trust & Safety

GitHub Repo Updates: 2025/02/22 - Issue: jetkvm/kvm https://github.com/jetkvm/kvm/issues/187 2025/02/24 - Issue: jetkvm/rv1106-system https://github.com/jetkvm/rv1106-system/issues/6 2025/02/24 - PR: jetkvm/rv1106-system https://github.com/jetkvm/rv1106-system/pull/7 2025/02/24 - PR: chemhack removed default root password "rockchip" https://github.com/jetkvm/rv1106-system/pull/8

New GitHub Release: https://forum.hashpwn.net/post/434

Just wanted to stop by and say thanks for giving the challenge a go. Your uploads were a fun surprise also, as it's still on the down low :). Made my day, cheers.

Updated mine just now.

And the same to you.

Update. I solve the issue I put -O in the commandline.

Merry Christmas and Happy New Year everyone!

First, you'll need to compile the source code as specified in the GitHub README under Compile from source: https://github.com/cyclone-github/phantom_pwn/blob/main/README.md For your reference, I've included this below: Compile from source: This assumes you have Go and Git installed git clone https://github.com/cyclone-github/phantom_pwn.git phantom_extractor cd phantom_pwn/phantom_extractor go mod init phantom_extractor go mod tidy go build -ldflags="-s -w" . phantom_decryptor cd phantom_pwn/phantom_decryptor go mod init phantom_decryptor go mod tidy go build -ldflags="-s -w" . Compile from source code how-to: https://github.com/cyclone-github/phantom_pwn/blob/main/README.md Note: all of my crypto wallet *_pwn toolsets are similar in how to compile the binaries, extract crypto wallet hashes and decrypting / cracking them. Once you have the extractor and decryptor compiled, you'll need to run the extractor by pointing it at the directory with your wallet vault: phantom_extractor path/to/your/wallet Once the wallet hash has been extracted, save this to a file such as phantom.txt, then run phantom_decryptor with your phantom.txt and wordlist. This is similar to how you would run hashcat, jtr or mdxfind, but mind the specific -h {hash} and -w {wordlist} CLI commands below: phantom_decryptor -h phantom.txt -w wordlist.txt Running these toolsets requires a prior knowledge of CLI tools. If you're still stumped, send me a DM and I'll walk you through the process.

@oe3p32wedw Rep added. You can send me a DM here on the forum or on Matrix: https://forum.hashpwn.net/topic/65/matrix-encrypted-chat-info