MenuMy ProjectsAbout me

🔑Cracking - Hashing

KeePass

KeePass is a password manager. As an example of how to decrypt the password of a .kdbx file, we will use a Challenge from HackMyVM.

First, we create a Keepass database password hash for use with John The Ripper:

keepass2john Challenge.kdbx > keepasshash.txt

Now, we are going to crack the password with John The Ripper through a dictionary attack or brute force (whichever you prefer). I am going to do it through brute force:

john keepasshash.txt
Result

Now that we know the access password, the next step is to access through Keepass2 to obtain the password or, in this case, the Flag.

Install Keepass2 in Ubuntu:

sudo apt install keepass2
Open Challenge.kdbx file
Enter the password
We have now the password of the user Flag

We can obtain the password by clicking on the user and the button with the yellow key and sheet icon, located at the top left.

We obtain the password

Last updated