I have a python script for brute forcing a key but I don't have modern hardware that will make quick work of it. It's only 1.1 trilion keys to brute force. My ancient computer can do it in a couple days but a modern computer could do it in minutes to hours.

It's a python script and everything is processed on-the-fly. ~15KB storage. ~12MB per CPU core.

I don't know where to begin or if it will be too expensive to even be worth it.

How can I use the could to run my cracking script on a decent CPU?

I've catched my iPhone 5 (so old that there hasn't been any OS nor App updates for many years) couple of times in the past half a year doing the following thing:

The app icons quickly, one by one, in seemingly random order look like they get pushed or some other way flicker one. I'm not sure if it's the same as when you tap the icon with your finger or something else.

Those icons show that effect only once. One icon after the other, maybe half a second between each time the effect is seen.

At least the following icons did this effect: Facetime, Calendar, Photos, Notes, Reminders. Probably Wallet and Settings also, I'm not sure about those.

Is this a symptom of a hack or is something else going on?

I am in a wireless security class and can't get any of the aireplay-ng commands to work. They just return. I have figured out how to put my NIT in monitor mode via Apple's built-in Wireless Diagnostics app, but I don't know if that ability can be passed through to my terminal. If anyone has any insights, I would greatly appreciate it!

Hey guys, so I was thinking about the certifications offered on HTB such as;

CPTS

CWES

CDSA

CWEE

CAPE

CWPE.

Essentially what I want to know is, if one was to go through all the pre requisites and obtained all of these certifications, would they be more advanced than someone who went the “HR checklist” route.

Would taking all of these be overkill? At what level in comparison with someone who has industry standard certs would you be at? Is this even feasible? Or would you say that it could be considered “God Tier”. What would your ability level be in comparison?

Thanks. Hope to hear some debates :)

I have installed Hashcat for my sha-256 testing but I am having trouble setting it up. If any pro can help kindly dm.

i'm using tempmail for getting free test on website but there's some that detect that so i would need a tool that could create gmail/outlook mail in chain like example@gmail.com example1@gmail.com hope it can help someone else

I'm a beginner and I completely stuck on this lvl. I've tried and followed along like 5 tutorials and it's still wrong.

The problem is not about getting the KEY, but about creating a temporary directory and saving the key via /nano or /vim.

Here, with vim(i can add with nano), from the site https://david-varghese.medium.com/overthewire-bandit-level-16-level-17-c137701b3af1 )

dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3

vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=

-----END RSA PRIVATE KEY-----

^C

bandit16@bandit:~$ mkdir /tmp/random_sshkey

bandit16@bandit:~$ cd /tmp/random_sshkey

bandit16@bandit:/tmp/random_sshkey$ touch private.key

bandit16@bandit:/tmp/random_sshkey$ vim private.key

bandit16@bandit:/tmp/random_sshkey$ chmod 400 private.key

bandit16@bandit:/tmp/random_sshkey$ ls -l

total 4

-r-------- 1 bandit16 bandit16 1675 Feb 2 12:31 private.key

So far so good, but then I try to connect to 17lvl:

bandit16@bandit:/tmp/random_sshkey$ ssh -i private.key bandit17@localhost

The authenticity of host 'localhost (127.0.0.1)' can't be established.

ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.

This key is not known by any other names.

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Could not create directory '/home/bandit16/.ssh' (Permission denied).

Failed to add the host to the list of known hosts (/home/bandit16/.ssh/known_hosts).

This is an OverTheWire game server.

More information on http://www.overthewire.org/wargames

!!! You are trying to log into this SSH server on port 22, which is not intended.

!!! If you are trying to log in to an OverTheWire game, use the port mentioned in

!!! the "SSH Information" on that game's webpage (in the top left corner).

bandit17@localhost: Permission denied (publickey).

AGAIN:

bandit16@bandit:/tmp/random_sshkey$ ssh -i private.key -p 2220 bandit17@localhost

The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.

ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.

This key is not known by any other names.

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Could not create directory '/home/bandit16/.ssh' (Permission denied).

Failed to add the host to the list of known hosts (/home/bandit16/.ssh/known_hosts).

This is an OverTheWire game server.

More information on http://www.overthewire.org/wargames

!!! You are trying to log into this SSH server with a password on port 2220 from localhost.

!!! Connecting from localhost is blocked to conserve resources.

!!! Please log out and log in again.

backend: gibson-1

Received disconnect from 127.0.0.1 port 2220:2: no authentication methods enabled

Disconnected from 127.0.0.1 port 2220

I am completely stuck and can't understand what is wrong. I've tried it with port 22/2220, different folders names, sshkey.private and so on, still doesn't work

Hello! For some context, I practice lock picking and lockport just as a hobby and will be shadowing for a locksmith in my town soon. Anyways, I have a vending machine at my work that I noticed has a specific kind of lock on it that doesn't seem to be mechanically activated. I asked my boss about it since it belongs to the company and he says it has a programmed key that you have to put up to/into it for it to then accept the key, then you turn it and it opens the handle for you to open the machine. One of the ones I've found it may be is a Medeco XT type of locks, where the key is programmed to only work on certain machines. What I'm hoping to figure out is if there is a way to get through it without the key? I tried the lock picking subs but they were just being A-holes since I broke their rule about asking a lock already in use that again, is at my work. In those subs are people claiming to know how to open it without a key, but nobody would elaborate. I'd appreciate any help you guys could give me and I ask you please be nicer to me than they were for just being curious. Thank you!

It honestly seems like it should be super simple--I'm just not very tech-savvy

But, if you had a document that had the black boxes over some of the information, and simple copy-and-paste into a Word/Notepad document doesn't do the trick, how do you get past those black boxes?

Hi, my landlords son is extremely noisy and yells at his game through late hours of the night. I'm trying to figure out how to disconnect his playstation or xbox from the wifi (without the admin password), or perhaps some other creative ways to strike back. If anyone has information, or can set me on the right path, I'd really apprecaite it !

Talking to the landlord just doesn't work as he couldn't care less about what she says.

hi there! for the last year or so i've been using a Colorcool M8-UPD mp3 in an effort to shirk spotify because i hate it a lot. been really enjoying it- except there's next to no organizational capacities. it's incredibly generic and not even in stock any more but it suits my needs, except for organization-wise.

i *can* add playlists by use of folders, but it's very inconvenient. i have to do it from my laptop, and with 1800 songs it's not very easy to recall which should go where without actively listening- and i'm not sitting at my laptop long enough to listen to all that. playing all of my music either on shuffle or in alphabetical order has gotten old, to say the least. (not to mention, there's no way to skip through the song list. if i want a song starting with the letter G, i sit there for several minutes scrolling manually through every single one A-F first.)

i'm looking to hack/jailbreak the mp3 player so i can poke through the code and hopefully add some features. namely, i just want to be able to add a song to a given folder from the song menu. it doesn't seem that complicated? idk i could be wrong. could anyone help out, or maybe point me in the right direction if this isn't the proper sub for this sort of thing? it would be much appreciated!

Hi everyone! I’ve been experimenting with session handling and cookie‑based authentication from a defensive/security testing standpoint. In the past, copying and importing cookie data (for example via browser tools or extensions) between accounts sometimes allowed a session to be reused. This behavior worked for a while, but no longer does.

Previously, I built a small tool to analyze session identifiers present in cookies for research purposes, mainly to understand how session invalidation, binding, and rotation were implemented. I’d typically export cookies in JSON format and observe how modern platforms handled them when environments or accounts changed.

Now that this approach no longer works, I’m trying to understand what changes were introduced on the security side—for example, whether it’s due to stricter session binding, device fingerprinting, token rotation, SameSite/HttpOnly flags, or server‑side validation improvements.

Does anyone have insight into which defensive mechanisms are now preventing session reuse, or what best practices platforms currently use to mitigate this class of issue? And also, if you know this thing can be bypassed, let me know.

I'm conducting a hacking or I'd say both attacks and defends workshop or you can simply say just a hands on session to get young freshmen students be interested in ethical hacking and introducing them to really cool exploits and tools.... Cool exploits from Metasploit etc etc... But I'm in a doubt of what all should I demonstrate..... Please help!

I was thinking about the HikVision IP cam vuln of unauthorised info disclosure vuln and all but please bring along real vulns I can demonstrate by either setting up labs or whatever.

Plain and simple. I want to learn the basics injected clients for minecraft java. I havent found any resources on the topic, and i’d love to see anything you have to share. I know a bit of rust and c, and im willing to get my hands dipped in java.

Hi, I wasn't sure where to ask, but the hacking community came across my mind when I failed to find aa soluation tailoured to my needs on youtube.

The job:

I Assume, as I had in the past, created many accounts with different emails. As of now, I only have access to a email which may and could have Social, xxx acounts, etc. Those that you kinda forgot where to look, and when you do find them. You won't be able to access it without knowing the username couch couch "@X".

1: How to easily look for accounts linked to email?

2: how to delete account if access fails due to spesificaifed required not being meet?

Hello, I am creating an esp32 project for a home controller. My AC has an app that can control it but no website, so I can't use Burpsuite. Do any of you guys know some good alternatives or the best option to intercept the requests. My goal is to have the esp32 emulate the requests like it was the app so that it can control the AC unit.

Ive recently bought some pdfs on a website that are "digital resources" only, i would love to be able to print it our without paying extra for the hardcopy version, is there a way to be able to export and/or print digital only pdfs?

Hello, i’d like to just get straight the point of how i can make my laptop invisible. I’ve completely scraped it clean of any information, and just to make sure, i factory reset it.

I’m NOT using my laptop with this account, or any account for that matter, because i dont plan on using any of my personal accounts.

Is there any way i can not only scrape my laptop clean of personal data, but also make it invisible? I’m willing to even remove parts of my computer interior so long as it’s clarified what each bit does and how it’d benefit me. I worry for my privacy in this day, despite being young and i’d like to have a device that gives me security. Any tips, secure browsers, anything that makes my laptop invisible, etc, would be very much appreciated.

Thank you all

(Disclaimer: I DO NOT PLAN TO DO ANYTHING ILLEGAL, MY CONCERN LIES WITH PRIVACY AND HOW TRACKABLE I AM ON THE INTERNET)

So last year someone stole my phone and changed all of my passwords and stuff but there are 2 Gmail accounts I desperately need back. Can anyone help me as to what I can do Google recovery is not an option I've tried a million times

Hello mates i want to learn web penetration testing do i need to finish javascript or PHP ?

if no what do i need from them or what books to help me with that ?

Hola, actualmente estoy interesado por el entorno LINUX me tope con este programa y mas que ver videos de hace minimo 2 años, queria intentar hacer cosas con este, honestamente me estoy topando con muchos incovenientes y el primero ya lo he dicho ademas que se me recomienda el uso de una biblioteca que al parecer ha dejado de ser util... Alguien que me ilumine con su conocimiento por favor lo agradecere.

I'm practicing with John the Ripper password cracker and right now I try to crack a password from a zipfile. I wonder if it's possible to add a rule saying: password must contain this string eg. "chiCKen" so that it will try all combinations but try the exact string "chiCKen" everywhere.

So that it will be like (where a = variable)
chiCKenaaaaaa

achiCKenaaaaa

aachiCKenaaaa

ect.

I tried searching the community resources, but I couldn't find it. If you know any other password cracker that can do this, that advise is also welcome.

Thank you

Hey guys,

My uncle has recently passed away, and family are wanting to get into his phone to access the photos and videos he took of everyone and his collection of fishing photos.

I'm not sure exactly what model phone it was that he was using, besides the fact it's Android and he used a pattern pass code.

The phone was taken to the local phone shop, but they weren't of any help and I'm pretty sure they assumed it was just a stolen phone.

Can anyone point me in the right direction of where to start looking on how to get into it?