All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Parsing ASP.NET Core Identity password hashes for Hashcat cracking on embedded Linux systems

By

Yannic Hemmer, Pentagrid AG

9h ago· 9 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A five-star bake. Worth schmearing, sharing, saving.

Score100TypeanalysisSentimentneutral

Summary

This article discusses the discovery of ASP.NET Core Identity password hashes on an embedded Linux system, which is an unusual environment for such hashes. The author explains how to parse and crack these hashes using Hashcat, covering different versions of ASP.NET Core Identity (v2, v3, and .NET 7.0+) that use PBKDF2 with HMAC-SHA1, HMAC-SHA256, and HMAC-SHA512. The vulnerability exposed password hashes without authentication, leading to an investigation to demonstrate password cracking and identify weak passwords.

Key quotes

· 3 pulled
While this would not be anything out of the ordinary, the environment certainly was.
exposing password hashes without any authentication is not exactly considered best practice
it was decided to investigate the password hashes further in an attempt to showcase password cracking and detect weak passwords.
Snippet from the RSS feed
Parsing modern (.NET 7.0+) and old ASP.NET Core Identity password hashes of v2 and v3 supporting PBKDF2+HMAC-SHA1, PBKDF2+HMAC-SHA256, and PBKDF2+HMAC-SHA512.

You might also wanna read

Linux Kernel Self-Protection Project: Addressing Security Challenges with Flexible Array Members and struct sockaddr

The article discusses the Linux Kernel Self-Protection Project (KSPP) and its work on improving kernel security, particularly focusing on bo

lwn.net·5mo ago

ASP.NET Core HTTP Request/Response Smuggling Vulnerability (CVE-2025-55315)

This article describes a security vulnerability (CVE-2025-55315) in ASP.NET Core that involves HTTP request/response smuggling, allowing aut

nvd.nist.gov·7mo ago

Technical Analysis of Robin Hood Hash Table Implementation with Linear Probing

The article presents a technical discussion of a specific hash table implementation called "Robin Hood open-addressing with linear probing a

corsix.org·5mo ago

Critical LangChain Core Vulnerability (CVE-2025-68664) Allows Serialization Injection Attacks

Cyata Research discloses LangGrinch (CVE-2025-68664), a critical vulnerability in LangChain Core that allows serialization injection attacks

cyata.ai·5mo ago

Exploiting CVE-2024-50264: Using Kernel-Hack-Drill to Overcome Linux Kernel Vulnerability Challenges

This technical article details the exploitation of CVE-2024-50264, a challenging Linux kernel vulnerability that won the Pwnie Award 2025 fo

a13xp0p0v.github.io·9mo ago

Critical Flaws Found in HashiCorp Vault and CyberArk Conjur Enable Remote Code Execution

Researchers discovered 14 logic flaws in HashiCorp Vault and CyberArk Conjur, two widely used open-source credential management systems. The

csoonline.com·10mo ago