example hashes are here:
https://hashcat.net/wiki/doku.php?id=example_hashes
you could also use
Code:
-m 13400 --example-hashes
I would guess that your hash needs to start with $keepass$* and end with 49b1d9aa19ad04493770a73bd
btw: it's not allowed to post hashes here, it doesn't matter if you think that it could be a hashcat problem or it's just a "test" / "example" (see forum rules)
(07-10-2020, 10:39 AM)philsmd Wrote: [ -> ]example hashes are here: https://hashcat.net/wiki/doku.php?id=example_hashes
you could also use
Code:
-m 13400 --example-hashes
I would guess that your hash needs to start with $keepass$* and end with 49b1d9aa19ad04493770a73bd
btw: it's not allowed to post hashes here, it doesn't matter if you think that it could be a hashcat problem or it's just a "test" / "example" (see forum rules)
Thanks, it was the first thing I tried but I either get the same error or 'Separator unmatched' if I start and end where you say.
Quote:btw: it's not allowed to post hashes here, it doesn't matter if you think that it could be a hashcat problem or it's just a "test" / "example" (see forum rules)
My bad, I looked at the rules in more detail and deleted most of the hash so just the format is visible.
Quote:example hashes are here: https://hashcat.net/wiki/doku.php?id=example_hashes
Hmm, those hashes seem to be in the same format but way longer and I can't find another utility for converting the .kdb file to a hash.
maybe the root of the problem depends on which keepass2john tool you use.
I would highly recommend to use the "official" repository:
https://github.com/magnumripper/johntheripper (this is also much more up to date)
compile it and use this up-to-date keepass2john tool to extract the data (the "hash" from the keepass database)
(07-10-2020, 11:12 AM)philsmd Wrote: [ -> ]maybe the root of the problem depends on which keepass2john tool you use.
I would highly recommend to use the "official" repository: https://github.com/magnumripper/johntheripper (this is also much more up to date)
compile it and use this up-to-date keepass2john tool to extract the data (the "hash" from the keepass database)
Thanks! Compiling and using it directly worked! Silly of me to not try it and expect that a port of something so simple should give the same thing. 90 h/s though ouch. Didn't realize how slow cracking AES is.
technically, you are not "cracking AES". AES is a cipher, an encryption/decryption algorithm with fixed key lengths (the keys are just a bunch of random bytes).
what you are instead doing is to crack a keepass hash, which has a KDF (key derivation function) that starts from a password and derives a random key. This sometimes is directly the AES key that decrypts the data, but often (especially when it comes to full disk encryption software, like TrueCrypt/VeraCrypt/Bitlocker etc) is a layer above i.e. a key that decrypts another key to make the "password change" mechanism fast and unproblematic (less data change/corruption possible).
Therefore, while AES is an encryption algorithm that can be reversed (you can go either way, encrypt and decrypt), there is a step before that (the heavy part) that derives a key from the user password (one-way hashing function) ... so you aren't really cracking AES, but I would say, you are cracking a "keepass hash" (because AES is not the heavy part, the KDF is)