KeePass is a popular tool for managing secrets, from SSH keys and API tokens, to database credentials and server logins—anything that, if exposed, could lead to a very bad day. Its strength lies in its simplicity, open-source nature, and the fact that it stores everything in a single, encrypted .kdbx file, secured by a master password and/or a key file.

Of course, if you want to get at these secrets, this single .kdbx file becomes a double-edged sword. All those eggs in one basket, protected by a single master key. If you can get your hands on that .kdbx file, and you can break the master password, you've got everything.

Hashcat handles KeePass v1 and v2 formats well, but as of now, it doesn't have a native mode for KeePass v4. This means all that GPU power you've got humming in your rig is useless if you're trying to attack a v4 database.

When you find things that are annoying and boring (like not being able to crack something), you look for ways to automate them, or at least, find a workaround. So, I ended up writing a small tool, keepass4crack.py).

Get Cracking

Using keepass4crack.py is straightforward. You'll need your KeePass v4 database file (.kdbx) and a wordlist.

Let's assume you have a KeePass v4 database named important_secrets.kdbx and your wordlist is rockyou.txt.

Bash

python3 keepass4crack.py important_secrets.kdbx rockyou.txt
  • important_secrets.kdbx: Specifies your KeePass v4 database file.
  • rockyou.txt: Points to your wordlist.

The script will then iterate through your wordlist, attempting each word as the master password against the KeePass v4 database. If it finds a match, it will notify you.

Example Output:

python3 keepass4crack.py important_secrets.kdbx rockyou.txt
--[[ KeePass4Crack ]]--
[+] Loading kdbx file into memory...
[+] Wordlist contains 14346469 passwords
[*] Progress: Tried 63/14346469 passwords (0.0%), Speed: 3.9 passwords/sec, Estimated remaining time: 1091.1 hours
[S] Password found: tinkerbell
[+] Recovering entries:

It's designed to be as simple as possible to get you cracking quickly

The Trade-off: CPU vs. GPU

The key difference here is the performance. While keepass4crack.py gets the job done, it's limited by your CPU's capabilities. For very long or complex wordlists, it will naturally take significantly longer than a theoretical GPU-accelerated attack. However, for typical CTF scenarios or when dealing with weaker passwords, this script can be a huge win.

This is a temporary answer to a challenge, but it fills a critical gap for now.

Feel free to grab the tool from my repository). Use it responsibly.

Happy hacking!