It’s certainly possible to crack a KeePass database, but is it practical? I often wondered about this as a security-conscious KeePass user and someone who forgot the password to one of my databases. So I looked for an answer.
If you look, it won’t take long to find examples of cracked KeePass databases. Some of the top search results, as well as recommendations from forum and chat users, reveal these 3 top sources:
- Hacking KeyPass with Hashcat by Ruby Devices
- Cracking KeyPass with Hashcat by Mad City Hacker
- Cracking KeyPass Database with KeyPass2John by TZUSec
They are good writeups. There are also articles on hackthebox and other various hacking challenges. These aren’t as useful for this situation.
Despite finding good resources on how one would attempt to crack a database, I’m not having a lot of luck actually doing so. I will show the steps I took in this article and wrap up with some final observations.
Table of Contents
Using Keepass2john
John the Ripper ships with a useful tool called keepass2john that can pass a KeePass database as a parameter. To run it, do the following:
keepass2john dbname.kdbx or send the output to a file by using keepass2john dbname.kdbx > dbpasshash.txt.
Running the utility produces a hash that starts with the following (prepended with DBName:):
$keepass$*2*60000*0*
Great, now we have the password hash. Let’s get to cracking.
Using Hashcat
Next up, I fired up Hashcat to crack the hash. As of Hashcat version 3.0, the software supports KeePass with no custom algorithms needed to be defined. It’s worth mentioning Hashcat doesn’t support Chacha20 or Argon2 (v4 of the KDBX file format).
You can pass the file through Hashcat using several different options. Most instructions only show two types: attack mode and hash type. You can use brute-force and dictionary attacks. Each mode offers different types like masking, patterns, and straight mode (wordlist). You can view their wiki for more hash types.
Wordlists
A good wordlist is essential for testing. Here are a handful of options I found:
- CrackLib (previously on SourceForge)
- Rockyou.txt wordlist
- PoshKPBrute’s wordlist
Hashcat Usage
Since I’m attempting to crack a KeePass database, the hash ID used will be “13400,” which references “KeePass 1 (AES/Twofish) and KeePass 2 (AES).” The command to get started looks something like this:
hashcat -a 0 -m 13400 dbpasshash.txt rockyou.txt
If possible, use your GPU to process more hashes per second. This is what I did so I can utilize the full power of CUDA.
It starts…
And now we are underway…
Bummer. We didn’t get it. This is a good thing, but I also created my own custom wordlist of what this password potentially is. It resulted in nearly 1,000 lines of handcrafted options. This attempt also failed.
Dictionary attacks are great for well-known, weak passwords. This is the fastest option. However, if your passwords are good, a wordlist won’t do much for you.
A well-played mask attack can crack a password not found in a dictionary as the next fastest option. This will be much faster than brute forcing it. If all else fails, brute force is your other more time consuming and resource intensive option.
Other Cracking Tools
Some of these tools require compiling, and others are for specific systems, so I didn’t get too involved in these options. It was good to read up on them, though.
Mod0keecrack
From the resource page:
Mod0keecrack is a simple tool to crack/brute-force passwords of KeePass 2 databases. It implements a KeePass 2 Database file parser for .kdbx files, as well as decryption routines to verify if a supplied password is correct. mod0keecrack only handles the encrypted file format and is not able to parse the resulting plaintext database. The only purpose of mod0keecrack is the brute-forcing of a KeePass 2 database password.
There is no binary file provided, but there are instructions on how to compile it. To build mod0keecrack in Windows, open your Dev-command prompt and enter the following:
cl.exe /Femod0keecrack.exe helper.c mod0keecrack.c crypto-ms.c bcrypt.lib
PoshKPBrute
PoshKPBrute is a PowerShell Keepass 2.34 brute force tool. From the resource page:
This script provides a simple dictionary based brute force function called crack-keepassfile that allows you to run a dictionary file against a KeePass 2.34 .kdbx file. If it finds the key, it will dump all passwords as output as well as inform you of the master password.
KeePassCrack
KeePassCrack, or as I originally read it, Keep Asscrack, is a simple KeePass password manager database cracker using a wordlist (dictionary). This is for Linux systems only. This does not work on the KDBX 4.0 database format like everything else. This does work on the KDBX 3.1 format.
Lessons Learned
I struck out with wordlists, the fastest option. This is good for public wordlists, as I didn’t use a weak password. Unfortunately, the custom wordlist I crafted by hand (nearly 1,000 lines) was also a bust.
I also kept exclusively in Hashcat. If I were to try this again, I would try to use John the Ripper more. John can run with a wordlist, just as Hashcat, using the “–wordlist” parameter. It would look something like this:
john --wordlist=rockyou.txt dbpasshash.txt
Cracking KeyPass Password with John The Ripper by Miloserdov also shows commands to iterate passwords by length. You can also specify CPU or GPU. I’ll have to play around with this to limit the scope. Masking and iteration would be the next step to try.
After that, I’ll have to decide whether I want to attempt to brute force this thing, either with my existing hardware or put something together to start plowing away. I am reminded of advice that keeps coming up with brute forcing, though:
I suggest not wasting your time.
Additional Reading
As mentioned in Is KeePass Safe to Use?, there was mention of Part 1* and Part 2* of case studies by harmj0y. They go into way more depth on the security efficacy of KeePass through practical means. Fantastic stuff.
Update: The harmj0y case studies appear to be down. Here’s a link to the slide deck to his presentation on the topic: A Case Study in Attacking KeePass. Also, here are the original blog post URLs in case they return:
- https://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/
- http://www.harmj0y.net/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
Wayback Machine for the win.
https://web.archive.org/web/20220123003835/https://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/
https://web.archive.org/web/20220122225230/http://www.harmj0y.net/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
Thanks WRJ. I hoped they would return, but the Wayback Machine is here for us. I appreciate you bringing this up.
The 2 links part 1 and 2 are not working, thanks for the info about Keepass
Thank you for reaching out Alain. Those case study links do appear to be down. I hope they come back as they were a good read. In the meantime, his presentation is still available here: A Case Study in Attacking KeePass. I have also updated this post to reflect this information.
Even though I wasn’t successful in cracking my own database, my hope was to at least give someone else a running start on their own database. Thanks again.