In this post I will describe how you can crack a KeePass Database file (.kdbx) in an easy way. Or to be correct we are not cracking the DB, we are cracking the password hash.
To demonstrate this I created a new database that I called “SecretDB.kdbx” and our mission will be to find out which master password I chose for the database.
To be able to crack the hash we will need to extract and save it and that can be done with the John the ripper utility tool “keepass2john“. It comes with Kali Linux so you don’t have to install it.
What you do to extract the hash is really simple, you just run: keepass2john SecretDB.kdbx
You can also send the output to a file by adding “>” like I did in the screenshot below.
keepass2john SecretDB.kdbx > Keepasshash.txt
We now have our hash ready to be cracked. In this example we will try to crack it using a dictionary and John the ripper. I used a modified version of rockyou.txt as dictionary. You can also use other great cracking tools like hashcat but I went with john here.
We run john and specify our custom wordlist with “–wordlist” parameter and then define our hash file.
john --wordlist=rockyou.txt KeepassHash.txt
We then just let it run for some time and as soon as we crack the hash it will be displayed. As you can see in the screenshot we did crack the hash and the password of this SecretDB.kdbx-database was “SuperSecretPassword2020”.
I hope you found this post useful and make sure to not use weak password for your database.
In this post I will show you how you can crack passwords with John the Ripper. We will start off by collecting the hashes from a linux machine, then use the tool unshadow and at last crack the hashes with John the Ripper.
1 – Collect hashes from a Linux machine We will start with collecting the hashes from the target machine. We will need both /etc/passwd and /etc/shadow. Save them to your Kali Linux machine, preferably on the desktop. It can be done with the following commands. cat /etc/passwd > ~/Desktop/passwd.txt
cat /etc/shadow> ~/Desktop/shadow.txt
2 – Combine passwd and shadow with unshadow Now we need to combine these two files into one. This can be done with the tool unshadow. unshadow passwd.txt shadow.txt > hashtocrack.txt
3 – Crack with John Now we are ready to crack the hashes. John can run in different modes. You can use wordlists or straight brute force. The method I will use in this example is wordlist mode since that is the most effective way. Brute forcing takes a lot of time and I recommend you to only use it as a last resort when your wordlists won’t crack the hashes. In this example we define the wordlist to use to the built in rockyou.txt. john --wordlist=/usr/share/wordlists/rockyou.txt hashtocrack.txt
4 – Show cracked credentials If you let john run you will be prompted with the credentials as soon as they have been cracked. In this example we can see that the the password for the user SuperAdmin was Password1.
We can also come back at a later time and check the credentials again by defining the unshadowed file and add the parameter –show.