Description:
[!@# a-z $%^ A-Z &* 0-9] [1,3]
All we got is a file and regular expression.
Lets run
file
command on the file to determine its type:$ file ./file.kdb file: Keepass password database 1.x KDB, 3 groups, 4 entries, 50000 key transformation rounds
The file is KDB file which is Keepass password database. Keepass is a famous opensource password manager.
I tried open it using KeePassX for windows, but we need a password to open the database. The password probably should match the regex, so I generated a dictionary with all the possible passwords (more then 300,000 words).
import string import itertools # strings match the regex chars = string.lowercase + string.uppercase + string.digits + '!@#$%^&*' f = open('dict.txt','a') all_permutations = list(itertools.permutations(chars,1))+ list(itertools.permutations(chars,2))+ list(itertools.permutations(chars,3)) for p in all_permutations: f.write(''.join(p)+'\n')
And I the ran John the Ripper to crack the password and went to eat lunch.
$ keepass2john file.kdb > kp $ john --wordlist=dict.txt -format:keepass kp Using default input encoding: UTF-8 Loaded 1 password hash (KeePass [SHA256 AES 32/64 OpenSSL]) Press 'q' or Ctrl-C to abort, almost any other key for status k18 (file.kdb)
When I came back I saw that John found the password, now lets open the file:
The flag was pragyanctf{closed_no_more}
Your writeup so great, but I got a little problem: when I typed keepass2john file.kdb > kp in kali I got an error bash: keepass2john: command not found. I tried to use kee2pass.py but it’s not work too. What should I do now? Thank you
Hey bih, on Kali it should be at /usr/sbin/keepass2john
You can also try compile it yourself:
https://github.com/magnumripper/JohnTheRipper/blob/994d063feb1690b3afdd484d16153b828bf8a502/src/keepass2john.c
I apologize about this stupid question, problem is about my kali vm, I tried apt-get install john and it’s worked after. It’s my bad. Sory again.
It’s okay, feel free to ask anything 🙂