Database Crack


We did it! We managed to get a copy of a password database from deephax. Can you crack the password to get into the database and see what things lie within?

Submit the flag as flag{flag text}.


We identified the file provided in the challenge as a Keepass password manager database:

$ file mySecret.kdbx 
mySecret.kdbx: Keepass password database 2.x KDBX

John the Ripper has a keepass2john utility for extracting the password hash from a Keepass database, which we leveraged to write the hash to a file for cracking:

$ ~/Tools/jtr/keepass2john mySecret.kdbx | cut -d: -f2 | tee database_crack.hash 

Surprisingly, in our first cracking attempt we found that the password wasn't in the RockYou file:

$ hashcat -m 13400 -a 0 -w 4 database_crack.hash /data/wrdlists/rockyou.txt
Status...........: Exhausted

We could have run a new cracking session using the WeakPass2 list but Hashcat was estimating it would take ~20 hours on our cracking rig, which didn't seem appropriate for this CTF. Luckily, while browsing the various GhostTown threads to document clues, we spotted a wordlist posted by mirveal in the thread titled "More Bitcoin$$$$$".

Hashcat made short work of wordlist and produced the password in under 6 seconds:

Status...........: Cracked

We could then use the cracked password to unlock the Keepass database and retrieve the flag:


The accepted flag was: flag{breaking_the_law}



Leave a comment