search

questionGuess a password

Forensics · Харуул Занги U18: 2017 · unknown

hashtag
Problem

We have been provided with a KeePass password database in version 1.x KDB. To obtain this information, simply use the file command.

file-download
2KB
NewDatabase
arrow-up-right-from-squareOpen

KeePass is a free, open-source password manager that securely stores your credentials in an encrypted database using AES or Twofish encryption. It requires a master password, key file, or both to access the data, ensuring robust protection against unauthorized access.

hashtag
Tool

kpcli (KeePass Command-Line Interface) is a command-line tool designed to access and manage KeePass password databases. It supports KeePass version 1.x KDB files and allows users to perform tasks such as viewing, adding, and editing entries directly from the terminal. This tool is particularly useful for users who prefer scripting or require automated access to their password databases without a GUI.

hashtag
Installation

$ sudo apt-get install kpcli

┌──(zwique㉿kali)-[~/Downloads]
└─$ kpcli -h               
Usage: kpcli [--kdb=<file.kdb>] [--key=<file.key>]

  --kdb=s        Optional KeePass database file to open (must exist).
  --key=s        Optional KeePass key file (must exist).
  --pwfile=s     Read master password from file instead of console.
  --histfile=s   Specify your history file (or perhaps /dev/null).
  --readonly     Run in read-only mode; no changes will be allowed.
  --timeout=i    Lock interface after i seconds of inactivity.
  --command=s    Run a command and exit (no interactive session).
                 Multiple --command parameters can be used.
  --no-recycle   Don't store entry changes in /Backup or "/Recycle Bin".
  --pwwords=s    File of words for building word-based passwords.
  --pwsplchars=s The special characters used in password generation.
  --pwlen=i      Length of generated passwords (default is 20).
  --pwscmin=i    Min number of special chars in generated passwords.
  --pwscmax=i    Max number of special chars in generated passwords.
  --nopwstars    Don't show star characters (*) for password input.
  --nopwprint    Don't print the pw red on red in the show command.
  --xpxsecs=i    Seconds to wait until clearing the clipboard for xpx.
  --xclipsel=s   X11 clipboard to use; "--xclipsel help" for choices.
  --kpxcexe=s    Path to a KeePassXC binary, used to import KDBX4 files.
  --help         This message.

Run kpcli with no options and type 'help' at its command prompt to learn
about kpcli's commands.

As shown in the help command, it asks for the master password of the database. We'll use the tools keepass2john and johntheripper to brute force the KeePass master password.

This command extracts the password hash from a KeePass database (NewDatabase) and outputs it to a file named kp. The extracted hash is in a format that can be used by cracking tools like johntheripper.

hashtag
Login

Logging into the database with the master password `p77777`.

Steps to capture the flag

PreviousEmbrace the randomnessNext"Hello World" Guide

Last updated