The password for the KeePass database has been cracked successfully! As you can see in the middle of the above screenshot, Hashcat listed out the input hash and it’s associated cracked password of “qwerty.” We can also see, with the “Time.Started” and “Time.Estimated” fields that the crack took a mere seven seconds to complete. With that out of the way, let’s run the aforementioned Hashcat command:
If you are using this to test the strength of your own KeePass database, I highly recommend using atleast one GPU instead as it will be a more accurate test of strength against an adversary. For this scenario, I am doing simple CPU cracking on an older system as I know the master password for this database exists in the rockyou wordlist. Hashcat -a 0 -m 13400 keepass.txt /usr/share/wordlists/rockyou.txtįor real password cracking, using a GPU is the best option, as they are able to process a much larger amount of hashes per second than a typical CPU. Now that we have the appropriate options ready, let’s get cracking! The command to initiate the cracking will look like the following: Since we have a KeePass database, we will be using hash ID “13400” which correlates to “KeePass 1 (AES/Twofish) and KeePass 2 (AES).”
Hashcat also has a plethora of hash types that it will attempt to crack the full list can be found on Hashcat’s help page or on their website here. The wordlist for this scenario will be the well known “rockyou” wordlist. For this scenario, we will be using the “Straight” mode (attack ID “0”), which is a simple dictionary attack based on a wordlist. Hashcat supports typical password cracking attack types, such as dictionary and brute-force, but also includes things like masking, which is filtering down the cracking attempts to certain patterns (for example, a mask of five letters and two numbers will attempt all combinations of that order, such as March18 or Tgyhj37). Hashcat has a number of different options, but for this scenario, we’re going to focus on two: attack mode and hash type. The next step is to take this hash string (first saved into a file called “keepass.txt”) and pass it through Hashcat.
Thankfully, John the Ripper ships with a useful tool to do just that! The utility is called “keepass2john” and simply needs the KeePass database passed in as a parameter:Īs you can see, running this utility produces the following hash, which is in the perfect form to be consumed by Hashcat (The only thing that needs to be done is the first section “MadCityHacker:” removed, as this is just a friendly name for the hash): With the KeePass database, we now need to extract the master password hash from the file. We start out with our KeePass database on our Kali instance: MadCityHacker.kdbx – This is a test KeePass database created for this scenario. MCH-Kali (192.168.1.13) – Kali 2018.3 (Hashcat and John the Ripper are installed as part of the Kali distribution). While KeePass is the focus of this particular post, it is important to note that these steps can also be used for other password repository programs, such as LastPass, Password Safe, and 1Password. In this post, we will be going through the steps to crack the master password for a KeePass database, a commonly used program to secure passwords.
With tools like John the Ripper and Hashcat available, not necessarily. The question is, however, whether or not these programs are as safe as they seem to be. These databases or safes are generally encrypted with a master password, in order to make sure all of a person’s sensitive account passwords are safe. A common method of storing all these passwords is to use a program to store them in a secure database or safe. From social media sites like Facebook or Twitter to more sensitive items like bank or credit card accounts, passwords are used everywhere. Nearly every aspect of a person’s digital life involves a password in some fashion or another. Passwords are an integral part of modern society.