Challenge Day 3 – Become the investigator

In this challenge, things are getting a little mysterious.
Firstly, you will have to discover the file type and extract its content. That will allow you to find further steps and try to hack into a protected database containing secrets needed to send us the solution.
You will have to use various useful techniques to discover the file type, break some password and digitally sign your answer

First of all we have a file with an unknow file extension. To find out the correct file extension I use a tool called TrID – File identifier.

TrID is an utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it’s extensible and can be trained to recognize new formats in a fast and automatic way.

Ok, there’s a readme file and a kdbx file which is protected by a password.

The kdbx file is a keepass password safe database file.

To crack the file we have several options for tools. John the ripper is a well know bruteforce attacking tool, but I’ve decided to search for others sources first.

I discovered an interessting project on github. It’s called mod0keecrack.

mod0keecrack is a simple tool to crack/bruteforce passwords of KeePass 2 databases. It implements a KeePass 2 Database file parser for .kdbx files, as well as decryption routines to verify if a supplied password is correct. mod0keecrack only handles the encrypted file format and is not able to parse the resulting plaintext database. The only purpose of mod0keecrack is the brute-forcing of a KeePass 2 database password.

Sadly there was no binary file provided and ther’s an instruction that we have to compile it first.

To build mod0keecrack on Windows, open your Dev-command prompt and enter:

cl.exe /Femod0keecrack.exe helper.c mod0keecrack.c crypto-ms.c bcrypt.lib

On my windows machine I have no C Compiler running. Before Installing any visual studio I’ve tried to get it to work with MinGW. It includes:

  • A port of the GNU Compiler Collection (GCC), including C, C++, ADA and Fortran compilers;
  • GNU Binutils for Windows (assembler, linker, archive manager)
  • A command-line installer, with optional GUI front-end, (mingw-get) for MinGW and MSYS deployment on MS-Windows
  • A GUI first-time setup tool (mingw-get-setup), to get you up and running with mingw-get.


But sadly I didn’t get mod0keecrack to work with MinGW.

But then I discovered chocolaty, a cool package manager for windows 🙂

To install it, we have to run the following command with powershell:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString(‚‘))

With a simple command I was able to install the visual C++ dev tools:

choco install visualcpp-build-tools

And with another command the OpenSSL Tools for Windows:

choco install openssl.light –params „/InstallDir:C:\Tools\OpenSSL\

Now I give it a new try to build mod0keecrack with the freshly installed dev shell.

Ok, that worked like a charm. Now I’ve to find a good wordlist file.

In my case I’ve used another wordlist that is provided with a similar project that I’ve discovered on github.

Let’s the attack start:

Some minutes later we have the password which is: mickeymouse 😀

Open the keypass database:

Further instructions:

Ok, we have a private key with it’s password attached to that keepass file. Now I’ve to create a text file and write the answers how I did solve that challenge.

Further more I have to sign that file with the private key. I’ll do this by using OpenSSL for windows:

Repeating questions:

What is the .kdbx file format?

  1. * It is a database used by windows operating system to store credentials saved in the web browsers
  2. * Extension of the file created by Microsoft Edge to store saved passwords
  3. * File format used by KeePass Password Manager to save databases created by the user
  4. * None of th answer is correct

Which one is, most often, more effective and faster in cracking passwords – GPU or CPU (assuming a similar price / quality for both)?

  1. * CPU, usually it has fewer cores than GPU, but they are much more powerful
  2. * GPU, usually it has more cores than CPU, therefore much more operations can be performed in parallel
  3. * They should both be equally fast, the differences is unnoticeable
  4. * CPU, because usually, it has more „weaker cores than GPUWhich of the sentences below shows the most efficient way of cracking the password hash? *

Which of the sentences below shows the most efficient way of cracking the password hash?

  1. * Dictionary attack – using an index of commonly known passwords and trying one after ano
  2. * Brute force attack – trying all possible combinations (depending on the attacker’s configuration – e.g. all possible alphanumeric passwords shorter that 10 characters).
  3. * Well-configured Mask Attack – similar to brute-force attack, but with some constrains (e.g. Uppercase letter in the first position + some number up to 4 digits – example: Paula2019).
  4. * None, it depends on the situation – in case of the well-known, weak password, dictionary attack would be the fastest, but well-played mask attack can crack password not present in a dictionary much faster than brute force.

Which of the following is a correct technical flow of signing the file (RSA scheme)?

  1. * RSA is based on a symmetric keys, therefore pre-shared, symmetric key is used to sign the file and verify the signature.
  2. * Signer is creating a signature using their Private Key to encrypt the hash of the file which is going to be signed. Receiver is using Signer Public Key to decrypt a signature and verify the hash included in the signature.
  3. * Signer is creating a signature using their Public Key to encrypt the hash of the file which is going to be signed. Receiver is using Signer’s Private Key to decrypt a signature and verify the hash included in the signature.
  4. * Only the Public Keys are used for digital signatures.


Kommentar hinterlassen

Schreib einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht.