How to produce a hash value from Keepass 2 AES / with keyfile ? I tried keepass2john.py, but there is no argument for key file.
Keepass 2 AES / with keyfile $keepass$*2*6000*222*15b6b685bae998f2f608c909dc554e514f2843fbac3c7c16ea3600cc0de30212*c417098b445cfc7a87d56ba17200836f30208d38f75a4169c0280bab3b10ca2a*0d15a81eadccc58b1d3942090cd0ba66*57c4aa5ac7295a97da10f8b2f2d2bfd7a98b0faf75396bc1b55164a1e1dc7e52*2b822bb7e7d060bb42324459cb24df4d3ecd66dc5fc627ac50bf2d7c4255e4f8*1*64*aaf72933951a03351e032b382232bcafbeeabc9bc8e6988b18407bc5b8f0e3cc
(above example copied from https://hashcat.net/wiki/doku.php?id=example_hashes)
It looks like there is support for KeePass databases using key files on the current release of KeePass2John.(c/exe).
::EXAMPLE::
<Exe_Path>\keepass2john.exe -i [0-98048] -k <Key_Path>\key_file.key <DB_File_Path>\DB_File.kdb
I have my doubts as to how accurate the final product is as I cannot seem to personally produce a hash that is interpretable to HashCat or JTR. I have seen that others are having similar problems so I imagine that either it is not working quite right or my brand of misunderstanding is fairly common.
Good Luck.
Related
I want the algorithm for cisco type 7 encryption and decryption. On searching, I found out that it uses Vigenere cipher encryption but it won't work. Please anybody help me out. If I found some small lead then also it will be good.
Thank You.
Decrypting a type 7 key is pretty straight forward if you have the hash value and access to a Cisco device
Create a key chain
config t
!
key-chain test
key 1
key-string 7 "put your hash here"
end
!
show key chain
Note- some of the newer code will not allow you to see the keys however this method usually works and can be used to see the clear-text version of a key.
If I encrypt a file as file1 using openssl, where is the hash of that password stored?
No matter what I Google, the closest I get are instructions to enable root and navigate to /var/db/dslocal/nodes/Default/users directory. Unless I'm just not recognizing it, I am unable to find anything that looks like what I want in there.
If I understand the question correctly (i.e. that it's about encrypting a file with openssl enc -ciphername or the shorthand openssl ciphername), then the answer is: the hash is not stored anywhere.
What happens is that the password (and salt) are run through a hash function to derive an encryption key, and that key is used to encrypt the contents of the file. The key (i.e. the hash) is then discarded.
When you go to decrypt the file, it runs the password you entered and the salt (stored in the file) through the same hash function, and attempts to use that to decrypt the file's contents. If the password is the same as that used to encrypt, you get your original file back. If the password is different, you get back gibberish. openssl might be able to tell it's gibberish if the padding doesn't make sense, but it might not. As the man page says:
All the block ciphers normally use PKCS#5 padding also known as
standard block padding: this allows a rudimentary integrity or
password check to be performed. However since the chance of random
data passing the test is better than 1 in 256 it isn't a very good
test.
In SQLCipher it is possible to provide a database key in two ways: either as a passphrase (with an associated number of PBKDF2 rounds) or as a raw key.
I am trying to find a way get the raw key (given as a 64 character hex string) given the passphrase (an arbitrary string) and number of rounds. I assume the solution lies in somehow performing the PBKDF2 key derivation myself, but I'm not too familiar with how this might work, or if it would produce a value that I could just feed as a raw key to PRAGMA KEY. In addition, the PBKDF2 function appears to take a salt, which I do not know. If I have to, I am sure I can dig into the sqlcipher source code to figure this out, but I'm hoping that there might already be a simple way to do this that I'm missing.
The details on SQLCipher key derivation can be found on the design page. The salt is stored in the first 16 bytes of the database file. You would then use the salt along with the passphrase with an appropriate number of PBKDF2-HMAC-SHA1 rounds (64,000 for SQLCipher 3, 4,000 for earlier versions)
My friend give me a oracle server 10g, And he's changeling me If I get the password for the DATABASE or change it using SH, The server will be mine
So I've try hard because this is the first time using oracle so when I looked at the server and explore its file I found hash password , Probably will lead me to the password, this file located in this path
Apache/modplsql/conf/dads.conf
And the hash that I found start with this symbol
# a PlsqlDatabasePassword #XXXXXXXXXXXXXXXX
the XXXXXXXXXXXXXXXX= Random letters and numbers
and its end with
==
At the beginning I thought it's sort of BASE64 Encode, And turned out to me its not
So my Question How can decode this hash? Can I get the password clearly?
also how can I modify the password of DATABASE (:
something else, I google it and some of them wrote that oracle web server 9g
using Encode64 .
Best Regard
Probably it's a one-way hash, which means you can't decrypt it.
If you're fortunate your pal won't have deleted the backup version of the dads.conf file (it'll be in the same directory, with a date in the name).
Otherwise, you're stuck in the position of anybody else trying to hack into a database. Guessing or brute force.
I am trying to create a ticket for Remote Assistance. Part of that requires creating a PassStub parameter. As of the documentation:
http://msdn.microsoft.com/en-us/library/cc240115(PROT.10).aspx
PassStub: The encrypted novice computer's password string. When the Remote
Assistance Connection String is sent as a file over e-mail, to provide additional security, a
password is used.<16>
In part 16 they detail how to create as PassStub.
In Windows XP and Windows Server 2003, when a password is used, it is encrypted using
PROV_RSA_FULL predefined Cryptographic provider with MD5 hashing and CALG_RC4, the RC4
stream encryption algorithm.
As PassStub looks like this in the file:
PassStub="LK#6Lh*gCmNDpj"
If you want to generate one yourself run msra.exe in Vista or run the Remote Assistance tool in WinXP.
The documentation says this stub is the result of the function CryptEncrypt with the key derived from the password and encrypted with the session id (Those are also in the ticket file).
The problem is that CryptEncrypt produces a binary output way larger than the 15 byte PassStub. Also the PassStub isn't encoding in any way I've seen before.
Some interesting things about the PassStub encoding. After doing statistical analysis the 3rd char is always a one of: !#$&()+-=#^. Only symbols seen everywhere are: *_ . Otherwise the valid characters are 0-9 a-z A-Z. There are a total of 75 valid characters and they are always 15 bytes.
Running msra.exe with the same password always generates a different PassStub, indicating that it is not a direct hash but includes the rasessionid as they say.
Another idea I've had is that it is not the direct result of CryptEncrypt, but a result of the rasessionid in the MD5 hash. In MS-RA (http://msdn.microsoft.com/en-us/library/cc240013(PROT.10).aspx). The "PassStub Novice" is simply hex encoded, and looks to be the right length. The problem is I have no idea how to go from any hash to way the PassStub looks like.
I am curious, have you already:
considered using ISAFEncrypt::EncryptString(bstrEncryptionkey, bstrInputString) as a higher-level alternative to doing all the dirty work directly with CryptEncrypt? (the tlb is in hlpsvc.exe)
looked inside c:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm (WinXP) to see what is going on when you pick the Save invitation as a file (Advanced) option and provide a password? (feel free to add alert() calls inside OnSave())