Keepass Cracking

[Suyay Escarsega]

Passwordsand their secure management continue to cause major problems for many companies. There are numerous recommendations regarding the complexity of passwords. With the amount of different and secure, and therefore complex, passwords, it is practically impossible to remember them and the use of a password manager becomes almost mandatory. For this purpose, many companies use the open source password manager KeePass. This simplifies the administration of passwords massively, but offers numerous attack possibilities in the default configuration. In this blog, these attack possibilities are shown and also hardening measures in KeePass to counteract them.

To show the possible attacks, we install the latest version (2.49 on 09/30/2021) of KeePass and create a new database with a master password in the default configuration. If an attacker finds such a database (.kdbx), he can transfer it to himself and use keepass2john (part of John the Ripper) to extract the hash of the master password, which can then be cracked with Hashcat or John the Ripper.

Cracking the password depends, of course, on whether the password is in the word list used. Nevertheless, cracking can be made much more difficult by setting the key transformation to 1 Second Delay (File -> Database Settings -> Security tab). By clicking the '1 Second Delay' button, KeePass calculates the number of iterations that result in a one second delay when loading/saving a database. This massively reduces the performance of cracking and the key derivation functions Argon2d and Argon2id are not even currently supported by keepass2john. Thus a possible cracking can be counteracted effectively.

Another possibility for an attacker is to use a keylogger. For a short proof-of-concept we use the keylogger task of the command-and-control framework Covenant and reading the master password is easy.

Fortunately, this attack can also be prevented relatively easily. Just check the checkbox Tools -> Options -> Security Tab -> Advanced -> Enter master key on secure desktop and the master password cannot be read by a keylogger.

The tool KeeThief offers another possibility to read the master password from the working memory. To do this, the KeePass process must be running, the database must be decrypted, and the attacker must obtain code execution in the context of the user. However, no local administrator privileges are required for this.

Successful execution of the KeeThief tool can also be prevented with an option, this is Tools -> Options -> SecurityTab -> Advanced -> Remember master password (in encrypted form) of a database while it is open, which should be disabled.

Although this at least prevents the KeeThief tool from running, it does not solve the basic problem that makes such attacks possible in the first place. The KeePass process runs in the user's context, and thus it can be accessed in the same context. The KeeFarce tool takes advantage of this to use DLL injection to achieve code execution in the context of the KeePass process and then read the passwords in the KeePass database.

Also, actively used passwords from KeePass can still be read very easily with Covenant's ClipboardMonitor. The ClipboardMonitor shows an attacker what the user copies from which window to his clipboard. Since KeePass allows a password to be placed on the clipboard for a short time, it appears in plain text in the output.

In summary, a password manager such as KeePass solves the basic problem regarding the handling of complex passwords and allows meeting the requirements for their complexity. Therefore, its use is highly recommended. However, new attack surfaces and risks always arise with the introduction of software. The hardening measures highlighted in this blog can counteract some well. These measures are:

Even if these measures do not prevent all attacks, they make it considerably more difficult to attack KeePass and are therefore very sensible measures. Awareness of the remaining risks of KeePass despite hardening enables further, holistic measures to be taken to protect the organization.

If you forget this master password, all your other passwords in the database are lost, too. There isn't any backdoor or a key which can open all databases. There is no way of recovering your passwords.

If its correctly built (and by all accounts it is), your chances of recovering your password are very limited - luck, knowledge about yourself and your behaviour, you may be able to narrow down the key space and brute force it. There are tools to brute force Keepass files - see here. That said, its likely easier and faster to simply reset all your passwords.

Massive data dumps such as these become treasure troves for research of human behavior in the context of security. The US Company Preempt revealed that a staggering 35% of the passwords in the dump could already be found in password dictionaries available prior to the breach. Statistics like these remind us to keep our passwords as strong as possible.

Today we are going to perform a simple attack on a KeePass database file and attempt to break a master password. For those unfamiliar with the software, KeePass is a popular open source password manager. Say you have 50 different passwords for different purposes that you need to remember, how do you go about remembering them all? Some people will write them down in a book. Others may store them in a plain text file - definitely not recommended! A third approach is to use a software application like KeePass. What it does is encrypt all passwords provided to the tool using AES in combination with a master password and optionally a key file. When a user then wishes to recall any particular password they will provide their master password to the tool; in response, the tool will decrypt all passwords in plain text allowing the user to check the entry of their interest.

For the software system to verify the validity of the master password provided it will apply a hashing algorithm to the string given in concatenation with other data. All those who have meddled in the password cracking world know that whenever a hash is available a brute force or dictionary attack can be launched.

So how can we do this? The first step is to extract the hash out of the KeePass database file. Here is a KeePass database we created with a very simple password that we will use for the course of this tutorial.

We now have our extracted hash file ready to be cracked. The next step is to download a password cracking utility. The greatest by far is Hashcat available from here. What makes Hashcat the leader of such tools is its massive collection of predefined hashing algorithms and its ability to utilize a computers GPU to increase cracking speeds by an enormous degree.

As of Hashcat version 3.0 the software supports KeePass with no custom algorithms needed to be defined. We can run a quick grep command to learn the switch value of 13400 needed for our invocation of the binary.

Next, we need to make an edit to our hash file. The hashcat binary does not expect the name of our KeePass database to be pre-pended to our hash so we will have to trim the string with a text editor; after doing so our hash file will look as follows.

You can pass the file through Hashcat using several different options. Most instructions only show two types: attack mode and hash type. You can use brute-force and dictionary attacks. Each mode offers different types like masking, patterns, and straight mode (wordlist). You can view their wiki for more hash types.

A well-played mask attack can crack a password not found in a dictionary as the next fastest option. This will be much faster than brute forcing it. If all else fails, brute force is your other more time consuming and resource intensive option.

Mod0keecrack is a simple tool to crack/brute-force passwords of KeePass 2 databases. It implements a KeePass 2 Database file parser for .kdbx files, as well as decryption routines to verify if a supplied password is correct. mod0keecrack only handles the encrypted file format and is not able to parse the resulting plaintext database. The only purpose of mod0keecrack is the brute-forcing of a KeePass 2 database password.

This script provides a simple dictionary based brute force function called crack-keepassfile that allows you to run a dictionary file against a KeePass 2.34 .kdbx file. If it finds the key, it will dump all passwords as output as well as inform you of the master password.

KeePassCrack, or as I originally read it, Keep Asscrack, is a simple KeePass password manager database cracker using a wordlist (dictionary). This is for Linux systems only. This does not work on the KDBX 4.0 database format like everything else. This does work on the KDBX 3.1 format.

As mentioned in Is KeePass Safe to Use?, there was mention of Part 1* and Part 2* of case studies by harmj0y. They go into way more depth on the security efficacy of KeePass through practical means. Fantastic stuff.

Thank you for reaching out Alain. Those case study links do appear to be down. I hope they come back as they were a good read. In the meantime, his presentation is still available here: A Case Study in Attacking KeePass. I have also updated this post to reflect this information.

This site, Davis Tech Media, is owned and operated by Davis Tech Media LLC, a limited liability company headquartered in Florida, USA. Davis Tech Media is a participant in the Amazon Services LLC Associates Program. As Amazon Associates, we earn from qualifying purchases at no additional cost to you. Davis Tech Media will also participate in affiliate programs with Udemy and other sites. Davis Tech Media is compensated for referring traffic and business to these companies.

So a while ago i read that wizard spider / conti had a option for keepass in their cracking station. So they must be able to extract the hash of the masterpassword from the desktop version so bruteforce it.

Not really, unless you take precautions. Bitwarden stores the Master Key Hash and the Protected Symmetric Key in the encrypted vault, a local copy of which is saved in persistent local storage (e.g., on your computer harddrive) for as long as you are logged in to your vault. All it takes is to open the vault file (typically called data.json) that can be found in your local storage directory, and search for the string keyHash.

3a8082e126