Photograph via snooOG

A subreddit dedicated to hacking and hackers.

Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.

A subreddit dedicated to hacking and hacking culture.

What we are about: quality and constructive discussion about the culture, profession and love of hacking.

This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting beginner links and tutorials; any beginner questions should be directed there as they will result in a ban here.

Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!

Bans are handed out at moderator discretion.

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.


  1. Keep it legal Hacking can be a grey area but keep it above board. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not

  2. We are not your personal army. This is not the place to try to find hackers to do your dirty work and you will be banned for trying. This includes:

  • Asking someone to hack for you
  • Trying to hire hackers
  • Asking for help with your DoS
  • Asking how to get into your "girlfriend's" instagram
  • Offering to do these things will also result in a ban
  • No "how do i start hacking?" posts. See /r/howtohack or the stickied post. Intermediate questions are welcomed - e.g. "How does HSTS prevent SSL stripping?" is a good question. "How do I hack wifi with Kali?" is bad.

  • No "I got hacked" posts unless it's an interesting post-mortem of a unique attack. Your nan being phished doesn't count.

  • Sharing of personal data is forbidden - no doxxing or IP dumping

  • Spam is strictly forbidden and will result in a ban. Professional promotion e.g. from security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion found here, but will otherwise be considered spam.

  • Off-topic posts will be treated as spam.

  • Low-effort content will be removed at moderator discretion

  • We are not tech support, these posts should be kept on /r/techsupport

  • Don't be a dick. Play nice, support each other and encourage learning.

  • Recommended Subreddits:


    2,704,748 Subscribers


    Doubt regarding hashcat speed

    I'm trying to crack a password using a mask for an assignment.

    The hash type is UNIX SHA 512 for which the code is 1800 and the information given about the password is "# is the 1st letter, 2nd letter is uppercase, last letter is 1 and rest are lowercase, total length = 8" for which i wrote the command as:

    hashcat -a 3 -m 1800 my_hash.txt \#?u?l?l?l?l?l1

    The problem is the speed. It's showing me I only have a speed of around 2300 H/s which is incredibly slow and it would take me 1 day and 10 hours.

    The assignment was posted today and due today as well. Is there any way i can speed up the process?

    08:50 UTC


    Cab someone hack your telegram account?

    If yes is deleting account enough,? Thanks

    08:47 UTC


    what's the best live hunting vid you came across?

    00:34 UTC


    Is it possible to copy my apartment key fob?

    It looks like the one in the photo. The front says Urmet and has a plus sign, and the back has a 14 digit number then another separate two digit number.

    Strata only gave me one and want to charge me $220 for each copy.

    I've been to three locksmiths and they've all scanned it then said they couldn't do it. Is there any way to copy it or do I have to pay the $440 to strata? Cheers :)

    00:18 UTC


    Copying encrypted rfid tags

    So, i have an rfid tag (the little ones kinda circular) to open the main door to my building. Apparently, according to the person who made the original copies of those tags, they're encrypted so no one but them can copy or duplicate the tags (and of course they charge a ridiculous amount of money for each copy). I want to know if there's a way to duplicate them or bypass that "encryption" (or remove it) and what i need to do so because i need like 3 more keys for my parents and sister and i refuse to pay the ridiculous price they set ($100+ us dollars for 3 keys).

    Besides, the administrator of the building has an "under the table deal" with this people who program the keys and it's taking money from every key they sell and she's such an a**hole of a person that i refuse to contribute to that.

    Ty in advance

    16:40 UTC


    Masters in Georgia Tech

    i'm planning to do a masters in cyber security in gerogia tech my cgpa is comparitively low(3.0) but i have done lots of certifications related to cyber security like ceh and i have done 2 internships will it help?

    08:21 UTC


    Hex Editor alternatives that support using 010 Binary Template (.bt) files?

    I was recently using 010 Editor to edit .tbl files, but the free trial period is over now and I can't use it anymore. Is there any alternatives I could use that support using Binary Template (.bt) files on editing the .tbl file?

    I tried using ImHex, but I have no idea whether it could use the .bt file as template like 010 Editor does (couldn't find how to apply it).

    01:13 UTC


    How did you/do you learn how to create your own exploits and know what to do for specific exploits?

    So I decided to scan my home router in my home lab for nmap practice as well as really wanting to find something from a scan and exploit it on my own without hints or a HTB machine. When scanning my home router, I found like eight vulnerabilities, but none of them have exploits available. Vulners said they did, or at least the vulners script scan said *EXPLOIT next to vulnerability name. I started searching the different vulnerabilities and, for the sake of an example, I read this

    "The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options."

    My question is, okay great it's vulnerable to shell metacharacters, how do I know what meta characters, how to send them to the remote DHCP servers? I understand a lot of that is research, but for all these vulnerabilities that I see from scans, are a lot of them just straight up not exploitable unless you craft your own exploit?

    Is this where a tool like scapy comes in, where I can craft packets containing those shell meta characters in the respective fields? Or is the above telling me I need to get a shell and then send the metacharacters

    Basically I'm asking people who are capable of finding and creating the own exploits, how did you get to that point, and if you had that as your goal for where you wanted to go, how would you get there now that you know what you know?

    03:18 UTC


    What is this? Kaspersky on Mac

    Kasperskly on my Macbook keep saying Networks attacks are being blocked.

    What is this and why it's happening? I'm using my own WiFi network at home.


    02:45 UTC


    Hacker target suggestions - cracking echo chambers

    The internet is now a hive of isolated talkfests where doctrines reinforce themselves in ever increasing cycles. Extremism relies on such things to recruit and thrive. Rather than simply take sites or forums down, hackers might target the blocking and filtering mechanisms they use to take down content which questions the ideology. Make it work in reverse, adjust links to refer to material that propose critical analysis instead of reinforcing the same tropes, and bring AI to bear to adjust the primary messages and direct users to provide room for opposing views to be discussed. Just a thought…

    01:43 UTC


    3.619M scraped reddit usernames


    I scraped these using old.reddit.com and python + selenium.

    I scraped from a list of 644 subs. Mainly all of the large ones. I put together a pretty diverse list of subs from geographic locations and interests to scrape from. I would scan the front page of every sub and then go into the comments of everyone on front page of it and scrape all the usernames of those who commented. I'd run the script once every 24 hours.

    I put together this scraper after all of the API stuffs went down as a boredom/learning project. If you want a nice laugh just go to the list where the spez usernames start :)

    DL1: https://gofile.io/d/auwgeE

    DL2: https://mega.nz/file/87pHmAgZ#Iaiky57L2Yx9RUO7yBZSBb5rAREi2YkadQGXimitIv4

    DL3: https://file.io/yYzd6ADoMmWg

    DL4: https://filebin.net/6v84tcov04g520v4

    Size: 49.6 MB

    Unique usernames: 3,619,989

    01:25 UTC


    The cmd block bypasser: a demonstration on resourcefulness

    The age old question: How do i bypass a command prompt block? The common answer is Powershell, or failing that, a batch file. However, sysadmins are wising up to these tricks, so new exploits must be found!

    In this scenario, take a heavily locked down school computer. Cmd and Powershell are blocked, as well as running batch files, however being a school computer, it likely has the python runtime installed, for CS lessons, and in here, we find the exploit. Now, no matter locked down a computer is, it's highly unlikely that a sysadmin would manually remove python packages, especially the ones that come with a fresh install. The "OS" module in particular has a lovely feature:os.system() This allows you to run arbitrary commands, even the completely visual: color, which surprised me at first. You can see the tool for yourself here.

    Thank you for reading!

    00:34 UTC


    Regex and hackits

    Okay so I've been playing the 0xf.at thing and I'm just kind of stuck at level 17. You can check it out for yourselves but I've been trying and I think it just doesn't work, I'm not able to find any writeups so that's why I'm asking here. You're supposed to return a 1 through the preg_match function from PHP. Now I have constructed a string that does fit the regex. I've even put it into regex101 and it works, however when I put it into the website nothing happens.

    Could anyone help me out? I just wanna know what I might be missing.

    My string is: _a9-._a9-@a9-.a.9.-.aaaaa

    Thanks in advance

    15:50 UTC


    Servers hacked in ongoing attack targeting Ray AI framework

    • The ongoing attack campaign targeting the Ray AI framework has resulted in the hacking of servers storing AI workloads and network credentials.

    • Attackers have tampered with AI models, compromised network credentials, and installed cryptocurrency miners and reverse shells on compromised servers.

    • Researchers from Oligo, the security firm that discovered the attacks, highlighted the severity of the situation, emphasizing the ease with which attackers can monetize the compromised data.

    • The compromised data includes AI production workloads, cryptographic password hashes, and credentials to internal databases and various accounts.

    • Anyscale, the developer of Ray, disputed the reported vulnerability, stating that Ray's security boundary is outside the Ray cluster and advising proper network segmentation.

    • Critics have pointed out that the lack of authentication enforcement in Ray's default configuration poses significant security risks, allowing attackers to freely submit jobs and retrieve sensitive information.

    • Properly configuring Ray and following security best practices are crucial to prevent such attacks and secure AI workloads.

    Source: https://arstechnica.com/security/2024/03/thousands-of-servers-hacked-in-ongoing-attack-targeting-ray-ai-framework/

    11:26 UTC


    Bettercap on liveUsb?

    Is it possible to run Bettercap on a live usb? I keep getting package not found errors, I have used the official repo from their website to no avail...

    10:13 UTC


    Annual Friendly reminder

    It never hurts to check if you’ve been pwned or exposed to a data leak or breach, here are some sources:

    Haveibeenpwned.com Intelx.io Breachdirectory.org Dehashed.com

    Comment more sources to help other Redditors out please :)

    Also let family and friends know of the risks and give them these sources.

    08:53 UTC


    People who host their own TOR nodes, why do they want to take the risk? Couldn't they be blamed for all cyber crimes that go through their node? Or am I totally missing something here? What if it's an exit node that forwards a horrible ransomware being sent a hospital with dying cancer patients?

    Maybe I've totally misunderstood what kind of people are hosting TOR nodes. It's a mix of states, agencies, law enforcement and civilians right? My concern is how those civilians without much protection are willing to take the blame for thousands of cyber crimes. Or have I just misunderstood 100% how it all works? Can they configure their node to only serve as an entry- or mid node, but never an exit node for example?

    Just curious.


    23:48 UTC


    Malware analysis of an open-source project

    Hi everyone,

    I've recently found a Malware in a FOSS tool that is currently available on GitHub. I've written about how I found it, what it does, and who the author is. The whole malware analysis is available in form of an article.

    I would appreciate any and all feedback.

    18:16 UTC


    5" nft/digital photo frame hacking

    I have a digital photo frame that I bought on aliexpress, (https://www.aliexpress.us/item/3256803057353628.html) and I want to hack/reprogram it, I cannot find anything on the microcontroller regarding the control software. I want to be able to change some functions, make it use use less compression when showing images, etc. Any way to find out where to get the programming software for these? Images of internals: (https://imgur.com/a/DarJAkY)

    1 Comment
    18:01 UTC


    Hackers charged with targeting perceived critics of China

    • Seven Chinese nationals have been indicted for conspiracy to commit computer intrusions and wire fraud.

    • The group targeted U.S. and foreign critics, businesses, and political officials for over 14 years.

    • The Justice Department highlighted China's efforts to intimidate Americans, silence dissidents, and steal from businesses.

    • The hackers conducted a global hacking operation backed by the Chinese government, impacting thousands of victims.

    • The indictment revealed the involvement of the PRC Ministry of State Security in cyber espionage activities.

    Source: https://www.justice.gov/usao-edny/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting

    1 Comment
    07:13 UTC

    Back To Top