NahamCon CTF easy_keesy challenge write-up
As I am just a beginner in this field and I participated in a CTF(nahamcon) first time. I really enjoyed solving the challenges but the sad thing is I was not able to understand many challenges. But on the other side I am happy too as I was expecting that I would not be able to complete a single challenge in this CTF but I solved some warm up challenges. I really enjoyed a challenge which named easy_keesy which involves a keepass database file. Let’s see how I was able to find flag from this file.
After downloading the file easy_keesy from the challenge I tried to get the file information using file command in linux. As you can see in the image shown below that it is a KeePass database file.
After seeing this information I knew that I need to open this but to know how I tried searching on google. So after this I downloaded the KeePassX using sudo apt install keepassx. Then I tried opening the file easy_keesy using keepassx. But It shows to enter some kind of master password or a keyfile, so again I am stuck. After thinking and searching, I thought cracking this file could work, so I searched about how I can crack a .kdbx file. Luckily there is a utility provided by john the ripper to extract the hash of the password from a .kdbx file.
Just copy the hash after “easy_keesy:” and paste it in a file because we will going to decrypt this hash using hashcat. Now we have a file having a hash in it, next we need to crack it using hashcat. It is a very excellent tool and it allows you to use GPU to enhance the performance of the cracking. Now to use hashcat first we need to select the hash type from the list provided by hashcat. You can look at the list from hashcat help menu in your terminal.
As you can see the unique ID for keepass hash crack is “13400”. Now in this case we will select the “straight” mode(attack ID 0) and need to choose a wordlist(rockyou.txt in my case). The screenshot given below shows the full command to crack the hash using hashcat. As I am not using any GPU in my case I need to use force flag also.
One of the good thing about hashcat is it will show you the results while cracking and after cracking in a very clean manner. As you can see, to crack the the hash we extracted in previous steps, hashcat took 6 seconds to crack.
Now we have successfully cracked the easy_keesy database file’s master password. Let’s try opening it using keepassx.
And here we have the flag. :) :) :) :) :)
Thank you for reading this write up hope you enjoyed reading it.
