Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Sep 2017 16:35:32 -0400
From: Blambpudding <blambpudding@...tonmail.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: KeePass2John

The github page has the c verison. Do you have directions on how to run it on windows or do you have a binary that has the c in it?

Sent with [ProtonMail](https://protonmail.com) Secure Email.

> -------- Original Message --------
> Subject: Re: [john-users] KeePass2John
> Local Time: September 2, 2017 11:40 PM
> UTC Time: September 3, 2017 3:40 AM
> From: dhiru.kholia@...il.com
> To: john-users@...ts.openwall.com
>
> On Sat, Sep 02, 2017 at 08:34:10PM +0200, Solar Designer wrote:
>> On Wed, Aug 30, 2017 at 03:48:36PM -0400, Blambpudding wrote:
>> > I need to get a hash from keePass but I am getting this error.
>> >
>> > C:\john\run>keepass2john NewDatabase.kdbx
>> > File "C:\john\run\keepass2john.py", line 33
>> > print "Unsupported file encryption!"
>> > ^
>> > SyntaxError: Missing parentheses in call to "print"
>>
>> What version of JtR is that? There"s no keepass2john.py in the latest
>> bleeding-jumbo. There"s a keepass2john program written in C. It does
>> also contain the "Unsupported file encryption!" message, which is now
>> printed for ciphers other than AES and Twofish. Do you know what cipher
>> your NewDatabase.kdbx file uses?
>
> The user seems to be using keepass2john.py published by harmj0y.
>
> http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/
>
> This version of "keepass2john" seems to suffer from multiple problems,
>
> 1. It is known to be incomplete. It lacks some sanity checks and has no
> support for keyfiles.
>
> 2. Only works with Python 2.x. The user runs into a SyntaxError with
> presumably a different version of Python.
>
> 3. Correctness problem(s), according to a comment on the above blog link.
>
> This third-party keepass2john.py program cannot be recommended for
> general use. It is known to be incomplete and possibly broken.
>
>> Dhiru - perhaps we need to enhance our keepass2john.c to include the
>> numeric enc_flag in the "Unsupported file encryption!" message, so we"d
>> know from reports like the above which exact ciphers are in demand.
>
> Sure, that sounds good. I have opened a pull request on GitHub,
>
> https://github.com/magnumripper/JohnTheRipper/pull/2718
>
> --
> Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ