This is a write-up for Easy Keesy challenge from NahamCon CTF.
In this challenge we have a file. After we download the file, the first thing we should do is checking its type with file command.
Actually, I didn’t even know what is Keepass password database 2.x KDBX file. So, I googled it and found it’s just a database file for an open-source password manager called KeePass. Then I tried to get a tool to open it. I found a command line tool callend kpcli
- A command line interface to KeePass database files. But, It asked for a master password!
Again, after some googling, I found a way to crack the kdbx file password-hash with hashcat
famous tool.
Check this link: https://madcityhacker.com/2018/11/04/cracking-keepass-databases-with-hashcat/
The first step is to extract the hash out of the KeePass database file. We will use John the Ripper tool keepass2john
to extract the password-hash out of the database file.
Now we have extracted the hash in a file named easy_keesy_hash
and it’s ready to be cracked using Hashcat. But before we proceed with cracking the password with hashcat, we first need to delete the file name from the hash value as shown in the image.
It will be like that:
Now we are ready to let hashcat crack the password.
You can check hashcat
man page from the terminal to know more about it and how to use it.
The password has been cracked and it is ‘monkeys’.
Now we have the password let’s go back to kpcli
to open the KDBX file with the master password we just cracked.
After opening the file successfuly and navigating through the database file we can get the flag saved as a password entry.
flag{jtr_found_the_keys_to_kingdom}