Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Sep 2017 06:30:52 -0400
From: Blambpudding <blambpudding@...tonmail.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: RE: KeePass2John

Do you have a link. Or should I go to the Bleeding Jumbo website? Will this support keyfiles?

Sent with [ProtonMail](https://protonmail.com) Secure Email.

> -------- Original Message --------
> Subject: RE: [john-users] KeePass2John
> Local Time: September 3, 2017 11:16 AM
> UTC Time: September 3, 2017 3:16 PM
> From: rs904c@...scape.net
> To: john-users@...ts.openwall.com
>
> I just built the latest version of the bleeding tree and it has the
> executable. Maybe you should try that.
>
> -----Original Message-----
> From: Dhiru Kholia [mailto:dhiru.kholia@...il.com]
> Sent: Saturday, September 02, 2017 11:40 PM
> To: john-users@...ts.openwall.com
> Subject: Re: [john-users] KeePass2John
>
> On Sat, Sep 02, 2017 at 08:34:10PM +0200, Solar Designer wrote:
>> On Wed, Aug 30, 2017 at 03:48:36PM -0400, Blambpudding wrote:
>> > I need to get a hash from keePass but I am getting this error.
>> >
>> > C:\john\run>keepass2john NewDatabase.kdbx
>> > File "C:\john\run\keepass2john.py", line 33
>> > print "Unsupported file encryption!"
>> > ^
>> > SyntaxError: Missing parentheses in call to "print"
>>
>> What version of JtR is that? There"s no keepass2john.py in the latest
>> bleeding-jumbo. There"s a keepass2john program written in C. It does
>> also contain the "Unsupported file encryption!" message, which is now
>> printed for ciphers other than AES and Twofish. Do you know what
>> cipher your NewDatabase.kdbx file uses?
>
> The user seems to be using keepass2john.py published by harmj0y.
>
> http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/
>
> This version of "keepass2john" seems to suffer from multiple problems,
>
> 1. It is known to be incomplete. It lacks some sanity checks and has no
> support for keyfiles.
>
> 2. Only works with Python 2.x. The user runs into a SyntaxError with
> presumably a different version of Python.
>
> 3. Correctness problem(s), according to a comment on the above blog link.
>
> This third-party keepass2john.py program cannot be recommended for general
> use. It is known to be incomplete and possibly broken.
>
>> Dhiru - perhaps we need to enhance our keepass2john.c to include the
>> numeric enc_flag in the "Unsupported file encryption!" message, so
>> we"d know from reports like the above which exact ciphers are in demand.
>
> Sure, that sounds good. I have opened a pull request on GitHub,
>
> https://github.com/magnumripper/JohnTheRipper/pull/2718
>
> --
> Dhiru
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ