![]() ![]() If your computer is already infected by malware that's running in the background with the privileges of your user, this finding doesn't make your situation much worse. Alternatively you can add another parameter dotnet run PATH_TO_DUMP PATH_TO_PWDLIST to generate a list of all possible passwords beginning from the second character.ĭepends on your threat model.The easiest way to test this on Windows is to create a process dump in the task manager by right-clicking the KeePass process and selecting "Create dump file". ![]() Enter the project directory in your terminal (Powershell on Windows) cd keepass-password-dumper.Clone the repository: git clone or download it from GitHub.NET (most major operating systems supported). PoC might have issues with databases created by older versions of KeePass, but I wasn't able to reproduce it (see issue #4).įinding was confirmed by Dominik Reichl, KeePass's author, here. Unfortunately, enabling the Enter master key on secure desktop option doesn't help in preventing the attack. It should work for the macOS version as well. Tested with KeePass 2.53.1 on Windows (English) and KeePass 2.47 on Debian (keepass2 package). It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it's been since then. It doesn't matter whether or not the workspace is locked. It doesn't matter where the memory comes from - can be the process dump, swap file ( pagefile.sys), hibernation file ( hiberfil.sys), various crash dumps or RAM dump of the entire system. No code execution on the target system is required, just a memory dump. Apart from the first password character, it is mostly able to recover the password in plaintext. KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Rule of thumb is that if it isn't the original KeePass 2.X app written in. Incomplete list of products that are not impacted (please create a pull request or an issue for adding more). Or just overwrite your HDD and do a fresh install of your OS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |