Cracking a (known) KeePassXC password with HashCat – Digitalmunition




4-DxLM-C2Ve3tHmVL5ITI6GRtMVG8PzzdBuCKiaabfE.jpg

Home Forums Cracking a (known) KeePassXC password with HashCat

This topic contains 1 reply, has 2 voices, and was last updated by  BpjuRCXyiga7Wy9q 1 month ago.

  • Author
    Posts
  • #278624

    anonymous
    Participant


    I have:

    * `TEST.kdbx` from KeePassXC, the password is `testing testing 123`. This password works when I type it in.
    * `test_dict.txt`, that contains the above password and a newline.
    * `test.hash`, generated by running `python` `keepass2john.py` `TEST.kdbx > test.hash` with the [Python port of keepass2john](https://gist.github.com/HarmJ0y/116fa1b559372804877e604d7d367bbc).

    `test.hash` contains:

    TEST:$keepass$*2*16960*222*00507fd07a31482d7e3fff6e4096a110f8e90525d4f4e37f96157706cebc6591*50d7c8946ce3deb69d80e2db797d6d697c89904f8d107a9287c933454ffe54e3*d37d4105e99b16b41a3e09d9b48d4314*b83af4b53cd8f78756c45791c83f6d4f5773c945f059d8f11d64ee055ae9c830*f68b3972b3f79db8325b592105475c910d8f2780e9aba0d3f5a9b8fec0d11ccf

    I remove the `TEST:` from the front, save, and run `hashcat -m 13400 -a 0 test.hash test_dict.txt`. The result is a Status: Exhausted.

    Ideas?

    ​

    EDIT: SOLVED.

    That port of keepass2john was broken. Fixed by creating `test2.hash`, generated by running `./keepass2john TEST.kdbx > test2.hash` with the [current version of keepass2john](https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/src/keepass2john.c). That command generated:

    TEST:$keepass$*2*1000000*0*00507fd07a31482d7e3fff6e4096a110f8e90525d4f4e37f96157706cebc6591*50d7c8946ce3deb69d80e2db797d6d697c89904f8d107a9287c933454ffe54e3*d37d4105e99b16b41a3e09d9b48d4314*b83af4b53cd8f78756c45791c83f6d4f5773c945f059d8f11d64ee055ae9c830*f68b3972b3f79db8325b592105475c910d8f2780e9aba0d3f5a9b8fec0d11ccf

    Running `hashcat -m 13400 -a 0 test2.hash test_dict.txt` properly resulted in

    $keepass$*2*1000000*0*00507fd07a31482d7e3fff6e4096a110f8e90525d4f4e37f96157706cebc6591*50d7c8946ce3deb69d80e2db797d6d697c89904f8d107a9287c933454ffe54e3*d37d4105e99b16b41a3e09d9b48d4314*b83af4b53cd8f78756c45791c83f6d4f5773c945f059d8f11d64ee055ae9c830*f68b3972b3f79db8325b592105475c910d8f2780e9aba0d3f5a9b8fec0d11ccf:testing testing 123

    Session……….: hashcat
    Status………..: Cracked
    Hash.Type……..: KeePass 1 (AES/Twofish) and KeePass 2 (AES)
    Hash.Target……: $keepass$*2*1000000*0*00507fd07a31482d7e3fff6e4096a…d11ccf
    Time.Started…..: Sat Jul 4 16:59:12 2020 (1 min, 5 secs)
    Time.Estimated…: Sat Jul 4 17:00:17 2020 (0 secs)
    Guess.Base…….: File (test_dict.txt)
    Guess.Queue……: 1/1 (100.00%)
    Speed.#2………: 0 H/s (0.25ms) @ Accel:32 Loops:8 Thr:16 Vec:1
    Recovered……..: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
    Progress………: 1/1 (100.00%)
    Rejected………: 0/1 (0.00%)
    Restore.Point….: 0/1 (0.00%)
    Restore.Sub.#2…: Salt:0 Amplifier:0-1 Iteration:999992-1000000
    Candidates.#2….: testing testing 123 -> testing testing 123

  • #278625

    BpjuRCXyiga7Wy9q

    Keepass is uncomfortable around John?

You must be logged in to reply to this topic.