It’s certainly possible to crack a KeePass database, but is it practical? I often wondered about this as a security-conscious KeePass user and someone who forgot the password to one of my databases. So I looked for an answer.
If you look, it won’t take long to find examples of cracked KeePass databases. Some of the top search results, as well as recommendations from forum and chat users, reveal these 3 top sources:
- Hacking KeyPass with Hashcat by Ruby Devices
- Cracking KeyPass with Hashcat by Mad City Hacker
- Cracking KeyPass Database with KeyPass2John by TZUSec
They are good writeups. There are also articles on hackthebox and other various hacking challenges. These aren’t as useful for this situation.
Despite finding good resources on how one would attempt to crack a database, I’m not having a lot of luck actually doing so. I will show the steps I took in this article and wrap up with some final observations.
Table of Contents
John the Ripper ships with a useful tool called keepass2john that can pass a KeePass database as a parameter. To run it, do the following:
keepass2john dbname.kdbx or send the output to a file by using
keepass2john dbname.kdbx > dbpasshash.txt.
Running the utility produces a hash that starts with the following (prepended with DBName:):
Great, now we have the password hash. Let’s get to cracking.
Next up, I fired up Hashcat to crack the hash. As of Hashcat version 3.0, the software supports KeePass with no custom algorithms needed to be defined. It’s worth mentioning Hashcat doesn’t support Chacha20 or Argon2 (v4 of the KDBX file format).
You can pass the file through Hashcat using several different options. Most instructions only show two types: attack mode and hash type. You can use brute-force and dictionary attacks. Each mode offers different types like masking, patterns, and straight mode (wordlist). You can view their wiki for more hash types.
A good wordlist is essential for testing. Here are a handful of options I found:
Since I’m attempting to crack a KeePass database, the hash ID used will be “13400,” which references “KeePass 1 (AES/Twofish) and KeePass 2 (AES).” The command to get started looks something like this:
hashcat -a 0 -m 13400 dbpasshash.txt rockyou.txt
If possible, use your GPU to process more hashes per second. This is what I did so I can utilize the full power of CUDA.
And now we are underway…
Bummer. We didn’t get it. This is a good thing, but I also created my own custom wordlist of what this password potentially is. It resulted in nearly 1,000 lines of handcrafted options. This attempt also failed.
Dictionary attacks are great for well-known, weak passwords. This is the fastest option. However, if your passwords are good, a wordlist won’t do much for you.
A well-played mask attack can crack a password not found in a dictionary as the next fastest option. This will be much faster than brute forcing it. If all else fails, brute force is your other more time consuming and resource intensive option.
Other Cracking Tools
Some of these tools require compiling, and others are for specific systems, so I didn’t get too involved in these options. It was good to read up on them, though.
From the resource page:
Mod0keecrack is a simple tool to crack/brute-force passwords of KeePass 2 databases. It implements a KeePass 2 Database file parser for .kdbx files, as well as decryption routines to verify if a supplied password is correct. mod0keecrack only handles the encrypted file format and is not able to parse the resulting plaintext database. The only purpose of mod0keecrack is the brute-forcing of a KeePass 2 database password.
There is no binary file provided, but there are instructions on how to compile it. To build mod0keecrack in Windows, open your Dev-command prompt and enter the following:
cl.exe /Femod0keecrack.exe helper.c mod0keecrack.c crypto-ms.c bcrypt.lib
PoshKPBrute is a PowerShell Keepass 2.34 brute force tool. From the resource page:
This script provides a simple dictionary based brute force function called crack-keepassfile that allows you to run a dictionary file against a KeePass 2.34 .kdbx file. If it finds the key, it will dump all passwords as output as well as inform you of the master password.
KeePassCrack, or as I originally read it, Keep Asscrack, is a simple KeePass password manager database cracker using a wordlist (dictionary). This is for Linux systems only. This does not work on the KDBX 4.0 database format like everything else. This does work on the KDBX 3.1 format.
I struck out with wordlists, the fastest option. This is good for public wordlists, as I didn’t use a weak password. Unfortunately, the custom wordlist I crafted by hand (nearly 1,000 lines) was also a bust.
I also kept exclusively in Hashcat. If I were to try this again, I would try to use John the Ripper more. John can run with a wordlist, just as Hashcat, using the “–wordlist” parameter. It would look something like this:
john --wordlist=rockyou.txt dbpasshash.txt
Cracking KeyPass Password with John The Ripper by Miloserdov also shows commands to iterate passwords by length. You can also specify CPU or GPU. I’ll have to play around with this to limit the scope. Masking and iteration would be the next step to try.
After that, I’ll have to decide whether I want to attempt to brute force this thing, either with my existing hardware or put something together to start plowing away. I am reminded of advice that keeps coming up with brute forcing, though:
I suggest not wasting your time.
As mentioned in Is KeePass Safe to Use?, there was mention of Part 1* and Part 2* of case studies by harmj0y. They go into way more depth on the security efficacy of KeePass through practical means. Fantastic stuff.
Update: The harmj0y case studies appear to be down. Here’s a link to the slide deck to his presentation on the topic: A Case Study in Attacking KeePass. Also, here are the original blog post URLs in case they return: