Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <54BC95A6.9000005@xmtservices.net>
Date: Sun, 18 Jan 2015 21:27:02 -0800
From: Shawn Tayler <shawn@...services.net>
To: john-users@...ts.openwall.com
Subject: Re: Problems with keepass2john

Hi Dhiru,

The file is about 85K.  I built the version at the link provided.

./keepass2john -i 10 kee.kdb > kee1.hash
[!] Not inlining kee.kdb. You will need kee.kdb too for cracking!

Shawn

On 01/18/2015 12:40 PM, Dhiru Kholia wrote:
> On Fri, 16 Jan 2015, Shawn Tayler wrote:
>
>> On 01/13/2015 06:41 AM, Dhiru Kholia wrote:
>>
>> Any suggestions as to as to how I might be able to continue? I am not
>> a programmer but would be willing to learn. Might there be some
>> additional comments or details available for the source that could
>> help?
> Hi Shawn,
>
> How large is your KeePass database file?
>
> Recently, we have fixed keepass2john (slightly) and it might just work
> for you now.
>
> https://github.com/magnumripper/JohnTheRipper has the latest bits.
>
> The KeePass source code (in JtR) is fairly easy to read. Essentially,
> the problem here is that we have an upper bound on the size of "hashes"
> (produced by keepass2john.c) and this prevents *big* KeePass files from
> being included (inlined) into the "hash" itself.
>
> However, keepass_fmt_plug.c only knows how to deal with inlined hashes,
> currently.
>
> In short, keepass_fmt_plug.c (which does the actual cracking of the
> hashes produced by keepass2john) needs to me modified to read the actual
> KeePass database.
>
>>> On Sat, 10 Jan 2015, Shawn Tayler wrote:
>>>
>>>> I tried using version 1.8.0-jumbo-1 and the hashes produced won't even
>>>> load with john.  Tried 1.7.9-jumbo-7 and it at least produced loadable
>>>> hash files.  I've been trying the several iterations of what I believe
>>>> the password must be to no avail.  As a test I created several test
>>>> kdb files with simple passwords, e.g. test, testtest, testtesttest,
>>>> etc.  the intersting thing is that the hash files created from these
>>>> test files are all about 1.7K in size, but the one from my kdb file is
>>>> only about 300 bytes and my range of passwords, used crunch to create
>>>> a few terabytes of possibilities, are a no go.
>>>>
>>>> Has anyone had similar issues with keepass2john or have some
>>>> suggestions as to where I can continue?
>>> Hi Shawn,
>>>
>>> It seems that the "keepass" format broke with some recent changes.
>>>
>>> See https://github.com/magnumripper/JohnTheRipper/issues/1023 for more
>>> details.
> Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.