hashcat Forum
Cracking Keepass1 kdb + Key file - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Cracking Keepass1 kdb + Key file (/thread-12040.html)



Cracking Keepass1 kdb + Key file - johnj - 06-24-2024

Hello,

I have some super old Keepass 1 dbs where I forgot the password, these ones were with Key + Password combo so I will need them both.

Cracking KDB only already has a good guide here: https://www.rubydevices.com.au/blog/how-to-hack-keepass

As I understand that the masterkey in this case is the hash of the password and the key file. 

I noticed that there is a new mode for it but it's not clear what it does or how to use it or is it even for these cases when both password and key is used?!

29700 | KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode | Password Manager
└─$ hashcat -m 29700 --example-hashes

hashcat (v6.2.6) starting in hash-info mode

Code:
Hash Info:
==========

Hash mode #29700
  Name................: KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode
  Category............: Password Manager
  Slow.Hash...........: Yes
  Password.Len.Min....: 32
  Password.Len.Max....: 32
  Salt.Type...........: Embedded
  Salt.Len.Min........: 0
  Salt.Len.Max........: 256
  Kernel.Type(s)......: pure
  Example.Hash.Format.: plain
  Example.Hash........: $keepass$*2*60000*0*02078d460c3c837003f22ee2ba4...98ed1 [Truncated, use --mach for full length]
  Example.Pass........: 127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935
  Benchmark.Mask......: ?b?b?b?b?b?b?b
  Autodetect.Enabled..: Yes
  Self.Test.Enabled...: Yes
  Potfile.Enabled.....: Yes
  Custom.Plugin.......: No
  Plaintext.Encoding..: HEX only

Can you please provide some working examples for this?

Thanks