<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Password-Cracking on HackingPassion.com : root@HackingPassion.com-[~]</title><link>https://hackingpassion.com/tags/password-cracking/</link><description>Recent content in Password-Cracking on HackingPassion.com : root@HackingPassion.com-[~]</description><generator>Hugo</generator><language>en</language><lastBuildDate>Sun, 03 May 2026 10:47:49 +0200</lastBuildDate><atom:link href="https://hackingpassion.com/tags/password-cracking/index.xml" rel="self" type="application/rss+xml"/><item><title>Hashcat 7.1.2 Has Three Unpatched Vulnerabilities That Can Compromise Your Machine</title><link>https://hackingpassion.com/hashcat-cracks-the-cracker-cve-2026/</link><pubDate>Sun, 03 May 2026 10:47:49 +0200</pubDate><guid>https://hackingpassion.com/hashcat-cracks-the-cracker-cve-2026/</guid><description>&lt;p>&lt;strong>Hashcat v7.1.2 has three unpatched vulnerabilities, all rated 9.8 out of 10.&lt;/strong> The tool that security professionals use to crack passwords can be used to crack the machine running it. The CVEs landed on May 1, 2026. There is still no patch.&lt;/p>
&lt;p>Hashcat is the standard tool for recovering passwords from hashes. A hash is what a password looks like after a one-way scrambling algorithm runs over it. When a database leaks, the passwords do not come out as readable text. They come out as hashes, long strings of letters and numbers that look like gibberish. Hashcat works backwards. It takes guesses, runs the same algorithm over them, and checks whether the result matches a hash in the list. A single &lt;strong>RTX 4090&lt;/strong> can run through nearly &lt;strong>300 billion&lt;/strong> of those checks every second for the &lt;strong>NTLM&lt;/strong> hash type used across Windows corporate networks. The tool has won the KoreLogic &amp;ldquo;Crack Me If You Can&amp;rdquo; &lt;code>562901440119f978aa2b3ed1c1b6439a&lt;/code> competition at DEF CON multiple times. Turns out, you can.&lt;/p></description></item><item><title>Cracking Windows Domain Admin Passwords Just Got Simple</title><link>https://hackingpassion.com/cracking-windows-domain-admin-passwords-rainbow-tables/</link><pubDate>Tue, 20 Jan 2026 15:09:59 +0100</pubDate><guid>https://hackingpassion.com/cracking-windows-domain-admin-passwords-rainbow-tables/</guid><description>&lt;p>Cracking Windows domain admin passwords just got simple. A massive set of rainbow tables just went public, a $600 laptop is enough, and it takes 12 hours max. This flaw has existed since 1999. Microsoft ignored it for 25 years. So Google decided to force the conversation. 🔓&lt;/p>
&lt;p>The flaw is in NTLMv1. That&amp;rsquo;s an authentication protocol from 1993. When a Windows machine logs in over a network, it sends an encrypted response based on the user&amp;rsquo;s password. The problem? That encryption uses 56-bit DES. Cryptographers declared that dead decades ago.&lt;/p></description></item></channel></rss>