Skip to content

Hashcat – How to hack passwords – on Windows 10

Hacking / Cracking passwords and understanding encryption is an essential skill for Cyber Security, Penetration Testing, Computer Security, Information Security and Cryptology. This prep guide, will take you step by step through hashing algorithms in a visual format. The aim is that you will learn through seeing and doing – and will understand hashing algorithms at an intuitive level.



book cover

Amazon Link:




Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors

The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits’ live communications, and insert encryption backdoors by the backdoor.

In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs – will be obliged to provide real-time access to the full content of any named individual within one working day, as well as any “secondary data” relating to that person.

That includes encrypted content – which means that UK organizations will not be allowed to introduce true end-to-end encryption of their users’ data but will be legally required to introduce a backdoor to their systems so the authorities can read any and all communications.

In addition, comms providers will be required to make bulk surveillance possible by introducing systems that can provide real-time interception of 1 in 10,000 of its customers. Or in other words, the UK government will be able to simultaneously spy on 6,500 folks in Blighty at any given moment.

According to the draft, telcos and other comms platforms must “provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data.”

The live surveillance of individuals will require authorization from secretaries of state, overseen by a judge appointed by the prime minister. And there are a few safeguards built into the system following strong opposition to earlier drafts of the Investigatory Powers Act.

Closed doors

What will concern many, however, is how the draft paper and its contents are being handled.

The technical capability notices paper has only been provided to a select few companies – mostly ISPs and telcos – on a short four-week consultation, but a copy of the draft found its way to the Open Rights Group, which popped it online today.

According to the document, it has already passed through the UK’s Technical Advisory Board, which comprises six telco representatives – currently O2, BT, BSkyB, Cable and Wireless, Vodafone and Virgin Media – plus six people from the government’s intercepting agencies, and a board chairman.

That means that the contents have already been largely agreed to by most of the organizations that have been included in the closed consultation.

It is unclear whether the Home Office intends to make it available for public comment after that time or whether it will seek to push it through the legislature before anyone outside the consultation group has an opportunity to review it.

The rules will have to be formally approved by both houses of Parliament before becoming law.

You ain’t see me, right?

The process and the approach seem to be purposefully obscure. The rules come under Section 267(3)(i) of the Investigatory Powers Act – a one paragraph section that refers back to Section 253, which covers “Technical capability notices.”

There is no mention of the technical capability notices paper existing either on the Home Office website or on the consultation website. And the only reason we know about it is presumably because someone at one of the few companies that have been sent the draft rules decided to tell Open Rights Group about it.

But what the nine-page document does is provide the government with the legal authority to monitor anyone in the UK in real time, as well as effectively make strong and unbreakable encryption illegal.

This act of stripping away safeguards on people’s private data is also fantastic news for hackers, criminals, and anyone else who wants to snoop on Brits. The seals are finally coming off.

“This lays bare the extreme mass surveillance this Conservative government is planning after the election,” Liberal Democrat President Sal Brinton told us in a statement.

“It is a full frontal assault on civil liberties and people’s privacy. The security services need to be able to keep people safe. But these disproportionate powers are straight out of an Orwellian nightmare and have no place in a democratic society.”

The Home Office’s private consultation is open until 19 May. If you would like the UK government to know your views, then email ®



nomx: The world’s most secure communications protocol – BBC Click

A great episode of BBC Click – detailing the security breaches of a super secure email server, which runs (I’m not joking) on a Raspberry Pi.  Yikes.

I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, catchy tag lines and some pretty bold claims about their security, nomx claim to have cracked email security once and for all. Down the rabbit hole we go!


You can find the official nomx site at and right away you will see how secure this device is.

nomx main site

Now, I’m not sure how someone is supposed to edit this PHP file right now because I can’t see the SSH instructions anywhere nor can I see the setup password anywhere either. To save you all the trouble I extracted the hash of the original password whilst I had SSH access and you can see it here:


It turns out this was pretty easy to break after I had a quick dig in the source to see how they generated the hash.

function generate_setup_password_salt() {  
    $salt = time() . '*' . $_SERVER['REMOTE_ADDR'] . '*' . mt_rand(0,60000);
    $salt = md5($salt);
    return $salt;

function encrypt_setup_password($password, $salt) {  
    return $salt . ':' . sha1($salt . ':' . $password);

Soooo, yeah. I also had a dig around in the config file and stumbled over this which is used during the setup process.

$CONF['min_password_length'] = 5;

Anyway, the main point for now was that I managed to crack the setup password, which was death, with a quick tweet asking for help or I could have set my own if I needed so I could create an account and login to the device.


The master password for the whole system is “death”.

Undocumented admin account

After delving into the database on the device and browsing through a few tables, I saw something that horrified me. There was another admin account alongside my own that I hadn’t created.

mysql> select * from admin;  
| username               | password                           | created             | modified            | active |
|      | $1$d2242313$UJ6TolBZXSQQvrXvlMZO2/ | 2015-10-10 18:31:30 | 2016-10-24 21:35:46 |      1 |
| | $1$7d33f257$qxWGsOPg1PX6Axu.NoNaK0 | 2017-03-13 17:24:05 | 2017-03-13 17:24:05 |      1 |

I extracted the hash and posted it to Twitter to see if I could crowd-source the input and it didn’t take very long for someone to come back to me with the answer.

The password was, quite literally, “password”. Sure enough I immediately opened up the web interface and I could indeed login with the username and the password password. I had full control of the device. This is inexplicably bad for more reasons than I care to list but coupled with the above CSRF attack I now don’t need to depend on the user to be logged in to the device to perform administrative functions, I can simply login to the device with these admin credentials and do anything I like. All this requires is two simple iframes on a page.


Well done BBC Click!

Make your computer speak what you type using notepad

I’ve just found a site that has applications coded in Notepad.  The applications are really fun to use.  I’d recommend that you check out this site.

Create Application using notepad to make computer speak what you type

Here is one interesting code created by us to make your computer speak what you type.

Let’s Start.

Step 1 : Open your notepad. [start >> run >> Type “notepad” >> Enter]

Step 2 : Copy the following code in notepad then save it with .hta extension [e.g MSG-Speaker.hta]

<html><head><title>Message Speaker – ErrorCode 401</title><HTA:APPLICATION
APPLICATIONNAME=”Message Speaker – ErrorCode 401″
ID=”Mesage Speaker – ErrorCode 401″
<style> td { color: Black; }
caption { color: Black; }

body { font-family: Arial; background-color: #388A9F; color: #808080; }
input { background-color: #202020; color: #808080; }
textarea { background-color: #22374B; color: #D6E1EC; font-style:bold; }

Sub Window_OnLoad
Dim width,height
self.ResizeTo width,height
End Sub

Function Listen
Dim message
message = tamsg.value
If (message = null) Then
X = MsgBox(“Enter your message”, 48, “Error Message”)
Set sapi=CreateObject(“sapi.spvoice”)
sapi.Speak message
End If
End Function

<body bgcolor=”white”>
<span title=”Visit our blog for more”&gt; <marquee color=”white” bgcolor=”black” style=”font-family= Book Antiqua;”>This code is uploaded on <font color=”cyan”></font></marquee&gt;
</span> <table align=”center” width=”400″> <caption style=”font-family:Book Antiqua; font-size:20;”><hr color=”black”><b>Message Speaker</b><hr color=”black”></caption>
<tr> <td align=”center”> <span title=”Enter your Full message here”><textarea id=”tamsg” cols=”50″ rows=”10″></textarea></span> </td> </tr>
<td align=”right” color=”black” style=”font-family: Book Antiqua; font-size:18;”> <hr color=”black”> <span title=”Click here to listen your message”>
<input style=”width: 130px; height:25px; color: white; background-color: #203040; font-family:Book Antiqua; font-size:15;” type=”button” Value=”Listen” id=”btnsp” onClick=”Listen()” onmouseover=”’#102030′” onmouseout=”’#203040′”> </span> </td> </tr> <tr>
<td align=”right”><hr color=”black”> <span title=”All rights reserved by Attract Tech” style=”font-size: 13px; font-family:Book Antiqua;”>&copy; 2013 Attract Tech – All rights reserved.</span> </td> </tr> </table> </body> </html>

Step 3 : Now Open that file by double click then you will see one window.

Write your in text-box which you want to listen then click on listen button.


Embedded Cryptography Should Be A Requirement for IoT

Security is a top concern for the Internet of Things, as essential as low power consumption, affordability, and wireless connectivity.

Because IoT devices are optimized for low power consumption and affordability, many have less than optimal computing resources. The good news is there are several options for using cryptography to make it more difficult for hackers to highjack your living room webcam, video doorbell or car.

The denial-of-service attack last October showed how cheap IoT devices that had no security–in many cases not even proper password protections–could be hacked to flood Web sites with traffic, shutting them down. In an increasingly connected future, consequences could include having water or electricity shut off, security systems disabled, or even loss of life for attacks on medical devices.

For the IoT, authentication ensures that devices are interacting with authorized gateways and cloud services and they in turn verify they are working with authentic IoT nodes. The sender will use a hashing algorithm and shared secret keys to generate a tag known as a message authentication code (MAC). The receiver performs the same hashing algorithm to decode the MAC and compare it with one stored locally.

The strength of the MAC depends on the strength of the hashing algorithm, the length of the key used and whether the key is shared secretly and stored securely. The current state-of-the-art hashing algorithm for cryptographic purposes is SHA-256 with 256-bit keys.

For sharing keys securely, either a secure channel can be used or a Diffie–Hellman key exchange over an insecure channel. Storing keys securely is another challenge, and it’s advisable to store them separately from application data and the data being authenticated. Properly equipped integrated chips can require a secure boot and secure firmware updates.

Encryption has been used for millennia. Ancient Greek generals passed messages to each other encoded on leather strips. To be read they had to be rolled around a scytale, a rod made to a secret diameter. Only a rod of the proper diameter would render the message correctly.

Today AES is the accepted standard to encrypt and decrypt our messages using digital keys. Symmetric key cryptography uses the same key to encrypt and decrypt the message, making it critical to keep the key secret. Asymmetric cryptography uses a shared, public key and a private key which is kept secret.

While asymmetric key cryptography has the benefit of added security over insecure channels, it’s more than 1,000 times more computationally expensive than symmetric key cryptography. Asymmetric cryptography can be used to establish a secure channel to exchange secret keys which can be used for subsequent symmetric methods. Alternatively, symmetric key cryptography used along with Diffie–Hellman key exchange is often secure enough for many embedded applications.

For IoT devices, hardware acceleration makes sense. Authentication chips or cryptographic co-processors can carry out sophisticated encryption and authentication efficiently in hardware, saving battery life and processor cycles. It takes more effort to secure any connected computing device, but in the long run, it’s the right thing to do.


How to create encryption program in Notepad

Hello with this Simple HTML Application you can Encrypt and Decrypt your message by password. First of all I will show you how to create it and then I will show you how to use it.

Let’s Start.

Step 1 : First if all open your notepad. [Start >> Run >> Type “Notepad” >> Enter]
Step 2 : Copy the following code in notepad which is starting from <html>to </html>

<html><head><title>Message Encrypter/Decrypter – Error Code 401</title><HTA:APPLICATION
APPLICATIONNAME=”Message Encrypter/Decrypter – Error Code 401″
ID=”Message Encrypter/Decrypter – Error Code 401″
<style> td { color: Black; }
caption { color: Black; }
body { font-family: Arial; background-color: #708090; color: #808080; }
input { background-color: #202020; color: #808080; }
textarea { background-color: #202020; color: #808080; }

Sub Window_OnLoad
Dim width,height
self.ResizeTo width,height
End Sub
Function Validate(ID)
On Error Resume Next
Key = Int(pass.value)
If (pass.value = “”) Then
X = MsgBox(“You have to enter your password..!”, 48, “Error”)
Else If (tamsg.value = “”) Then
X = MsgBox(“Enter the text to encrypt or decrypt!”, 48, “ERROR!”)
Junk = SetTimeOut(KEYS(ID), 1)
End If
End If
End Function
Function KEYS(ID)
text = pass.value
code = 0
Do Until text = “”
code = ((Asc(Left(text, 1)))+code)
text = Replace(text, Left(text, 1), “”, “1”, “1”)
code = code Mod 255
akey.value = code
Junk = SetTimeOut(ID, 1)
End Function
Function Encrypt
Alpha = Array(“A”, “B”, “C”, “D”, “E”, “F”, “G”, “H”, “I”, “J”, “K”, “L”, “M”, “N”, “O”, “P”, “Q”, “R”, “S”, “T”, “U”, “V”, “W”, “X”, “Y”, “Z”)
text = tamsg.value
code = “”
key = Int(akey.value)
Do Until text = “”
cnum = Asc(Left(text, 1))
cnum = (cnum+key) Mod 255
num = cnum Mod 26
count = 0
tst = num
Do Until tst = cnum
tst = tst+26
count = count+1
code = code & Alpha(num) & count
text = Replace(text, Left(text, 1), “”, “1”, “1”)
tamsg.value = code
End Function
Function Decrypt
Alpha = Array(“A”, “B”, “C”, “D”, “E”, “F”, “G”, “H”, “I”, “J”, “K”, “L”, “M”, “N”, “O”, “P”, “Q”, “R”, “S”, “T”, “U”, “V”, “W”, “X”, “Y”, “Z”)
text = tamsg.value
code = “”
key = Int(akey.value)
Do Until text = “”
lttr = Left(text, 2)
num = Asc(Left(lttr, 1))-65
chk = Right(lttr, 1)
count = 0
Do Until count = Int(chk)
num = num+26
count = count+1
num = num-key
Do While num
<body bgcolor=”white”> <input type=”hidden” id=”akey”> <span title=””> <span title=”Visit our blog for more”&gt;
<marquee color=”white” bgcolor=”black” style=”font-family= Book Antiqua;”>This code is uploaded on <font color=”cyan”></font></marquee&gt; </span> <table align=”center” width=”400″>
<caption style=”font-family:Book Antiqua; font-size:20;”><hr color=”black”><b>Message Encrypter-Decrypter</b><hr color=”black”></caption>
<tr> <td align=”center”><span title=”Enter your Full message here”><textarea id=”tamsg” cols=”80″ rows=”15″></textarea></span></td> </tr>
&nbsp;&nbsp;&nbsp;&nbsp; <td color=”black” style=”font-family: Book Antiqua; font-size:18;”><hr color=”black”> Password &nbsp;<span title=”Enter your password here”>
<input type=”password” id=”pass”></span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<span title=”Click Here to Encrypt your Message”> <input style=”width: 170px; height:23px; color: white; background-color: #203040; font-family:Book Antiqua;” type=”button” Value=”Encrypt” id=”btnenc” onClick=”Validate(‘Encrypt’)” onmouseover=”’#102030′” onmouseout=”’#203040′”> </span> <span title=”Click Here to Decrypt your Message”> <input style=”width: 170px; height:23px; color: white; background-color: #203040; font-family: Book Antiqua; font-size:13;” type=”button” Value=”Decrypt” id=”btndec” onClick=”Validate(‘Decrypt’)” onmouseover=”’#102030′” onmouseout=”’#203040′”> </span></td>
</tr> <tr> <td align=”right”><hr color=”black”><span title=”All rights reserved by Attract Tech” style=”font-size: 13px; font-family:Book Antiqua;”>&copy; 2013 Attract Tech – All rights reserved.</span></td> </tr> </table> </body> </html>


 Step 3 : Save it with .hta extension [eg. MSG – EncDec.hta]

How to use?

Step 1 : Double click on it. Then one window will open as shown in the following Image.

Step 2 : Write your Message/String in TextArea as shown in given Image.

Step 3 : Type your message in Password textbox.

Step 4 : Click on Encrypt Button.

Then you will see your Encrypted message in TextArea. Copy it and save it anywhere.

Write same password in password box then click on Decrypt Button you will get your original message.


Kali Linux can now use cloud GPUs for password-cracking

Think passwords, people. Think long, complex passwords. Not because a breach dump’s landed, but because the security-probing-oriented Kali Linux just got better at cracking passwords.

Kali is a Debian-based Linux that packs in numerous hacking and forensics tools. It’s well-regarded among white hat hackers and investigators, who appreciate its inclusion of the tools of their trades.

The developers behind the distro this week gave it a polish, adding new images optimised for GPU-using instances in Azure and Amazon Web Services. The extra grunt the GPUs afford, Kali’s backers say, will enhance the distribution’s password-probing powers. There’s also better supoprt for GPU cracking, hence our warning at the top of this story: anyone can use Kali and there’s no way to guarantee black hats won’t press it into service. And they can now do so on as many GPU-boosted cloud instances as they fancy paying for.

The new distribution, version 2017.1, also adds support for Realtek’s RTL8812AU wireless chipsets. The Linux kernel doesn’t support that silicon, but lots of mainstream modem-makers like D-Link, Belkin and TP-Link do. Adding support to Kali therefore makes it capable of probing a great many WiFi access points.

There’s also support for the OpenVAS 9 vulnerability scanner. Kali’s not included the tool in its default release, but has packaged it so a quick apt-get update and apt install openvas will install a nicely-packaged version of the tool.



Homebrew crypto SNAFU on electrical grid sees GE rush patches

General Electric is pushing patches for protection relay bugs that, if exploited, could open up transmission systems to a grid-scale attack.

The company hasn’t published much by way of detail, but spoke to Reuters after this Black Hat abstract was published (the talk will be delivered to the July conference in Les Vegas).

The three New York University researchers say they cracked the homebrew encryption in the ancient GE Multilin systems. The abstract is light on detail, but it appears the researchers found a hardcoded password: “we completely broke the home brew encryption algorithm used by these protection and management devices to authenticate users and allow privileged operations. Knowledge of the passcode enables an attacker to completely pwn the device and disconnect sectors of the power grid at will, locking operators out to prolong the attack”.



Any nations civilian infrastructure is the soft underbelly for warfare.  If you can turn off the lights, or cut out regular communication channels, then you can plummet any country into disarray within minutes.  Protecting the civilian infrastructure, is too important to be left to commercial organisations, who look for the cheapest solutions.  You can imagine the opportunities for hacking that electrical smart meters offer, along with the internet of things.

Go – SCP Book – Secure Coding practices

Go Language – Web Application Secure Coding Practices is a guide written for anyone who is using the Go Programming Language and aims to use it for web development.

This book is collaborative effort of Checkmarx Security Research Team and it follows the OWASP Secure Coding Practices – Quick Reference Guide v2 (stable) release.

The main goal of this book is to help developers avoid common mistakes while at the same time, learning a new programming language through a “hands-on approach”. This book provides a good level of detail on “how to do it securely” showing what kind of security problems could arise during development.

The book is available as mobi or epub.



I wrote the initial version of SSH in Spring 1995. It was a time when telnet and FTP were widely used.

Anyway, I designed SSH to replace both telnet (port 23) and ftp (port 21). Port 22 was free. It was conveniently between the ports for telnet and ftp. I figured having that port number might be one of those small things that would give some aura of credibility. But how could I get that port number? I had never allocated one, but I knew somebody who had allocated a port.

The basic process for port allocation was fairly simple at that time. Internet was smaller and we were in very early stages of the Internet boom. Port numbers were allocated by IANA (Internet Assigned Numbers Authority). At the time, that meant an esteemed Internet pioneer called Jon Postel and Joyce K. Reynolds. Among other things, Jon had been the editor of such minor protocol standards as IP (RFC 791), ICMP (RFC 792), and TCP (RFC 793). Some of you may have heard of them.

To me Jon felt outright scary, having authored all the main Internet RFCs!

Anyway, just before announcing ssh-1.0 in July 1995, I sent this e-mail to IANA:

From ylo Mon Jul 10 11:45:48 +0300 1995
From: Tatu Ylonen <>
To: Internet Assigned Numbers Authority <>
Subject: request for port number
Organization: Helsinki University of Technology, Finland

Dear Sir,

I have written a program to securely log from one machine into another
over an insecure network.  It provides major improvements in security
and functionality over existing telnet and rlogin protocols and
implementations.  In particular, it prevents IP, DNS and routing
spoofing.  My plan is to distribute the software freely on the
Internet and to get it into as wide use as possible.

I would like to get a registered privileged port number for the
software.  The number should preferably be in the range 1-255 so that
it can be used in the WKS field in name servers.

I'll enclose the draft RFC for the protocol below.  The software has
been in local use for several months, and is ready for publication
except for the port number.  If the port number assignment can be
arranged in time, I'd like to publish the software already this week.
I am currently using port number 22 in the beta test.  It would be
great if this number could be used (it is currently shown as
Unassigned in the lists).

The service name for the software is "ssh" (for Secure Shell).

Yours sincerely,

Tatu Ylonen <>

... followed by protocol specification for ssh-1.0

The next day, I had an e-mail from Joyce waiting in my mailbox:

Date: Mon, 10 Jul 1995 15:35:33 -0700
From: jkrey@ISI.EDU
Subject: Re: request for port number
Cc: iana@ISI.EDU


We have assigned port number 22 to ssh, with you as the point of


There we were! SSH port was 22!!!

On July 12, 1995, at 2:32am, I announced a final beta version to my beta testers at Helsinki University of Technology. At 5:23pm I announced ssh-1.0.0 packages to my beta testers. At 5:51pm on July 12, 1995, I sent an announcement about SSH (Secure Shell) to the mailing list. I also posted it in a few newsgroups, mailing lists, and directly to selected people who had discussed related topics on the Internet.


By default, the SSH server still runs in port 22. However, there are occasions when it is run in a different port. Testing use is one reason. Running multiple configurations on the same host is another. Rarely, it may also be run without root privileges, in which case it must be run in a non-privileged port (i.e., port number >= 1024).

The port number can be configured by changing the Port 22 directive in /etc/ssh/sshd_config. It can also be specified using the -p <port> option to sshd. The SSH client and sftp programs also support the -p <port> option.


%d bloggers like this: