🔑Cracking - Hashing

KeePass

KeePass is a password manager. As an example of how to decrypt the password of a .kdbx file, we will use a Challenge from HackMyVM.

First, we create a Keepass database password hash for use with John The Ripper:

keepass2john Challenge.kdbx > keepasshash.txt

Now, we are going to crack the password with John The Ripper through a dictionary attack or brute force (whichever you prefer). I am going to do it through brute force:

john keepasshash.txt

Result

Now that we know the access password, the next step is to access through Keepass2 to obtain the password or, in this case, the Flag.

Install Keepass2 in Ubuntu:

sudo apt install keepass2

Open Challenge.kdbx file

Enter the password

We have now the password of the user Flag

We can obtain the password by clicking on the user and the button with the yellow key and sheet icon, located at the top left.

We obtain the password