KeePass is a free open source password manager which helps to organize passwords in a secure and easy way. KeePass stores all passwords in one database, which is locked with one master key or a key file. So the users have to remember only one single master password or select the key file to unlock the whole database.

KeeFarce - A Tool To Hack KeePass Passwords.


According to KeePass, the databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). Sounds good but it doesn't seem so safe anymore. A tool called KeeFarce, is now awailable,to hack KeePass. KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%

How KeeFarce Works


KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# code execution is achieved by first injecting an architecture-appropriate bootstrap DLL. This spawns an instance of the dot net runtime within the appropriate app domain, subsequently executing KeeFarceDLL.dll (the main C# payload). The KeeFarceDLL uses CLRMD to find the necessary object in the KeePass processes heap, locates the pointers to some required sub-objects (using offsets), and uses reflection to call an export method.

Building & Executing KeeFarce


All the required files can be obtained from KeeFarce's GitHub Page. 

To build the KeeFarce


  • Install Visual Studio (Preferably VS 2015,As development has been done in that). 
  • Open the KeeFarce.sln with Visual Studio and hit 'build'. 
  • The result files can be found at dist/$architecture.
  • Copy the KeeFarceDLL.dll files and Microsoft.Diagnostic.Runtime.dll files into the folder before executing, as these are architecture independent.

To execute KeeFarce on the target 

  • Make sure the following files are in the same folder:
  • BootstrapDLL.dll,KeeFarce.exe,KeeFarceDLL.dll,Microsoft.Diagnostic.Runtime.dll
  • Copy these files across to the target and execute KeeFarce.exe

KeeFarce Compatibility


According to the author,KeeFarce has been tested on KeePass 2.28, 2.29 and 2.30 - running on Windows 8.1 - both 32 and 64 bit and should be working fine on Windows 7 Machines too.


References:

https://github.com/denandz/KeeFarce
http://keepass.info/

Also ReadFree Zbigz Premium Account -January 2016 [No Survey]
Also Read 

Post a Comment

 
Top