[john-users] KeePass2John

Discussion:

Blambpudding

2017-08-29 19:57:08 UTC

Hello,

I am getting an error of unsupported file encryption when using KeePass2John on a Windows machine. Could someone please assist with that error?

Sent with [ProtonMail](https://protonmail.com) Secure Email.

Blambpudding

2017-08-30 19:48:36 UTC

Permalink

Hello,

I need to get a hash from keePass but I am getting this error.

C:\john\run>keepass2john NewDatabase.kdbx
File "C:\john\run\keepass2john.py", line 33
print "Unsupported file encryption!"
^
SyntaxError: Missing parentheses in call to 'print'

Has anyone ever seen this error? Or know of another way to get this hash?

I am using a Windows machine and I am able to use John and Hashcat without issue but I am not able to pull the hash.

Sent with [ProtonMail](https://protonmail.com) Secure Email.

Solar Designer

2017-09-02 18:34:10 UTC

Permalink

Post by Blambpudding
I need to get a hash from keePass but I am getting this error.
C:\john\run>keepass2john NewDatabase.kdbx
File "C:\john\run\keepass2john.py", line 33
print "Unsupported file encryption!"
^
SyntaxError: Missing parentheses in call to 'print'

What version of JtR is that? There's no keepass2john.py in the latest
bleeding-jumbo. There's a keepass2john program written in C. It does
also contain the "Unsupported file encryption!" message, which is now
printed for ciphers other than AES and Twofish. Do you know what cipher
your NewDatabase.kdbx file uses?

Dhiru - perhaps we need to enhance our keepass2john.c to include the
numeric enc_flag in the "Unsupported file encryption!" message, so we'd
know from reports like the above which exact ciphers are in demand.

Post by Blambpudding
Has anyone ever seen this error? Or know of another way to get this hash?
I am using a Windows machine and I am able to use John and Hashcat without issue but I am not able to pull the hash.

You should start by upgrading to latest bleeding-jumbo. Maybe it will
just work. If it does not, then perhaps we lack support for your file.

You can download the latest source code here:

https://github.com/magnumripper/JohnTheRipper/archive/bleeding-jumbo.tar.gz

and build it using Cygwin.

Alternatively, you can download a slightly older binary build here:

http://openwall.info/wiki/john/custom-builds#Compiled-for-Windows

As we recently found out, unfortunately the "2017-03-06: John the Ripper
v1.8.0.9-jumbo-1-bleeding (Bleeding version on 2017-03-06)" build has
the *2john symlinks broken, so you'll need to copy its john.exe over to
keepass2john.exe.

Alexander

Dhiru Kholia

2017-09-03 03:40:05 UTC

Permalink

Post by Solar Designer

The user seems to be using keepass2john.py published by harmj0y.

http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/

This version of "keepass2john" seems to suffer from multiple problems,

1. It is known to be incomplete. It lacks some sanity checks and has no
support for keyfiles.

2. Only works with Python 2.x. The user runs into a SyntaxError with
presumably a different version of Python.

3. Correctness problem(s), according to a comment on the above blog link.

This third-party keepass2john.py program cannot be recommended for
general use. It is known to be incomplete and possibly broken.

Post by Solar Designer
Dhiru - perhaps we need to enhance our keepass2john.c to include the
numeric enc_flag in the "Unsupported file encryption!" message, so we'd
know from reports like the above which exact ciphers are in demand.

Sure, that sounds good. I have opened a pull request on GitHub,

https://github.com/magnumripper/JohnTheRipper/pull/2718

--
Dhiru

r***@netscape.net

2017-09-03 15:16:14 UTC

Permalink

I just built the latest version of the bleeding tree and it has the
executable. Maybe you should try that.

-----Original Message-----
From: Dhiru Kholia [mailto:***@gmail.com]
Sent: Saturday, September 02, 2017 11:40 PM
To: john-***@lists.openwall.com
Subject: Re: [john-users] KeePass2John

Post by Solar Designer

The user seems to be using keepass2john.py published by harmj0y.

http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/

This version of "keepass2john" seems to suffer from multiple problems,

1. It is known to be incomplete. It lacks some sanity checks and has no
support for keyfiles.

2. Only works with Python 2.x. The user runs into a SyntaxError with
presumably a different version of Python.

3. Correctness problem(s), according to a comment on the above blog link.

This third-party keepass2john.py program cannot be recommended for general
use. It is known to be incomplete and possibly broken.

Post by Solar Designer
Dhiru - perhaps we need to enhance our keepass2john.c to include the
numeric enc_flag in the "Unsupported file encryption!" message, so
we'd know from reports like the above which exact ciphers are in demand.

Sure, that sounds good. I have opened a pull request on GitHub,

https://github.com/magnumripper/JohnTheRipper/pull/2718

--
Dhiru

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Blambpudding

2017-09-17 10:30:52 UTC

Permalink

Do you have a link. Or should I go to the Bleeding Jumbo website? Will this support keyfiles?

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-------- Original Message --------
Subject: RE: [john-users] KeePass2John
Local Time: September 3, 2017 11:16 AM
UTC Time: September 3, 2017 3:16 PM
I just built the latest version of the bleeding tree and it has the
executable. Maybe you should try that.
-----Original Message-----
Sent: Saturday, September 02, 2017 11:40 PM
Subject: Re: [john-users] KeePass2John

What version of JtR is that? There"s no keepass2john.py in the latest
bleeding-jumbo. There"s a keepass2john program written in C. It does
also contain the "Unsupported file encryption!" message, which is now
printed for ciphers other than AES and Twofish. Do you know what
cipher your NewDatabase.kdbx file uses?

The user seems to be using keepass2john.py published by harmj0y.
http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/
This version of "keepass2john" seems to suffer from multiple problems,
1. It is known to be incomplete. It lacks some sanity checks and has no
support for keyfiles.
2. Only works with Python 2.x. The user runs into a SyntaxError with
presumably a different version of Python.
3. Correctness problem(s), according to a comment on the above blog link.
This third-party keepass2john.py program cannot be recommended for general
use. It is known to be incomplete and possibly broken.

Dhiru - perhaps we need to enhance our keepass2john.c to include the
numeric enc_flag in the "Unsupported file encryption!" message, so
we"d know from reports like the above which exact ciphers are in demand.

Sure, that sounds good. I have opened a pull request on GitHub,
https://github.com/magnumripper/JohnTheRipper/pull/2718
--
Dhiru
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Blambpudding

2017-09-17 20:35:32 UTC

Permalink

The github page has the c verison. Do you have directions on how to run it on windows or do you have a binary that has the c in it?

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-------- Original Message --------
Subject: Re: [john-users] KeePass2John
Local Time: September 2, 2017 11:40 PM
UTC Time: September 3, 2017 3:40 AM

The user seems to be using keepass2john.py published by harmj0y.
http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/
This version of "keepass2john" seems to suffer from multiple problems,
1. It is known to be incomplete. It lacks some sanity checks and has no
support for keyfiles.
2. Only works with Python 2.x. The user runs into a SyntaxError with
presumably a different version of Python.
3. Correctness problem(s), according to a comment on the above blog link.
This third-party keepass2john.py program cannot be recommended for
general use. It is known to be incomplete and possibly broken.

Dhiru - perhaps we need to enhance our keepass2john.c to include the
numeric enc_flag in the "Unsupported file encryption!" message, so we"d
know from reports like the above which exact ciphers are in demand.

Sure, that sounds good. I have opened a pull request on GitHub,
https://github.com/magnumripper/JohnTheRipper/pull/2718
--
Dhiru

Solar Designer

2017-09-18 17:41:36 UTC

Permalink

Post by Blambpudding
Do you have a link. Or should I go to the Bleeding Jumbo website? Will this support keyfiles?
The github page has the c verison. Do you have directions on how to run it on windows or do you have a binary that has the c in it?

You either install Cygwin and build the whole bleeding-jumbo from source
typing e.g. "./configure && make -sj8" in the Cygwin terminal when
you're in the "src" directory, or simpler:

You use one of the binary builds of bleeding-jumbo, such as Robert's
build, which he recently announced in here (did you miss that?):

http://openwall.info/wiki/john/custom-builds#Compiled-for-Windows

There are also Windows builds produced by our continuous integration
system, but somehow that link from GitHub gives me error 500 now.
Dhiru, maybe you look into this and provide the proper answer here?
Thanks!

Alexander

Dhiru Kholia

2017-09-19 10:44:30 UTC

Permalink

Post by Solar Designer
There are also Windows builds produced by our continuous integration
system, but somehow that link from GitHub gives me error 500 now.
Dhiru, maybe you look into this and provide the proper answer here?

The underlying CircleCI API changed, and this led to HTTP 500 errors.

I have updated my "daily-builds" repository to use the new CircleCI API
now. See https://github.com/kholia/daily-builds for details.

The latest JtR MinGW builds for Windows can be downloaded from the
http://daily-builds.appspot.com/latest URL.

This URL is linked to from https://github.com/magnumripper/JohnTheRipper/.

--
Dhiru