KeePassXC-Logo

Dumping unique passwords from a KeePass file

Recently, I was asked by a customer to help recovering a password of a VeraCrypt encrypted volume they lost access to. I did not wanted to fire a password cracking software like JohnTheRipper or HashCat with brute force attack because that should always be the last resort.

The recommended approach for this particular case is to start with the attack with the least (time) complexity first then gradually move to a more time consuming attacks.

After the dictionary attacks failed with several different dictionaries and with several different combination rules. I needed to try one last thing before moving to the brute-force nightmare.

On the assumption that the user reused the password or different versions of the software, I decided to run a password-reuse attack, or password-stuffing attack.

Luckily the customer was using a password manager, although he was not using it yet at the time of encrypting the volume. Passwords stored in that KeePass-compatible password manager could be a great place to start for the password stuffing attack.

All I needed to do was to dump all passwords from the KeePass file to a personalised dictionary that can be used the password cracking software. But how do I achieve that…

“Easy…” KeePass UX usually has an option to export entry to a csv, or a .json, then it is possible with some command line magic to extract the passwords by parsing that output and get the seed for the personalised dictionary.

Now that will solve the issue for this particular customer. But what if I needed at some point in the future, to quickly extract the passwords from a KeePass file from the command line interface.

“Google it!” I told myself and looked around on google for what is available. Then I searched GitHub, and GitLab for a tool or a script that does exactly that or at least something similar… Without any luck. Something that does not already exist. I discovered a very small niche. Nevertheless I found a python package that is appropriately called pykeepass, and that allows interacting with keepass files with python.

So I spent the next 15 minutes creating the script the does the job and the next hour adding the parameters and argument parsing, logging and pushing it to a github repository.

The script does the following:

# Opening the keepass file
kp = PyKeePass(filename, password=password)
# Iterating over all entries
passwords = set()
for entry in kp.entries:
    passwords.add(entry.password)
    # filtering
passwords.remove(None)
# sorting
passwords = list(passwords)
passwords.sort()
#exporting
for password in passwords:
    print(password)

You can find the complete script also on GitHub here.