NA

CVE-2023-32784

Published: 15/05/2023 Updated: 26/05/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

In KeePass 2.x prior to 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

keepass keepass

Github Repositories

CVE-2023-32784 KeePass 2X < version 254 is susceptible to a vulnerability in which the master password may be retrievable from a memory dump of an unlocked KeePass database This was assigned CVE-2023-32784 This program aims to retrieve the master password from a memory dump of a running KeePass process It outputs potential characters by position, a potential passphra

https://ctf.neuland-ingolstadt.de/

Neuland-CTF-2023 ctfneuland-ingolstadtde/ Flag-Format: nland{} Crypto RSA (Basic RSA) - Easy (Jen) Hash (MD5,SHA1,LM) - Easy (Jen) Secrets (Basic Encoding/Encryption) - Easy (Jen) All the Colors of Christmas (Hexahue Cipher) - Medium (Jen) FIPS Aesmussen - Hard (Dominik) OSINT Geoguessr (Find Photo Location) - Easy (Jen) For old times sake (WayBack Maschine)

HTB KEEPER Walktrough This walktrough is about the "hacking" of the HTB box "Keeper" Step 1: Getting Information Simple NMAP scan sudo nmap -sV {IP} What interests us here is the open TCP port 80 This port hosts an Nginx server that's up and running So, we'll go ahead and check out this website On the page

5ª Edición de la National Cyberleague de la Guardia Civil

Andrés de la Hoz Camiroaga RETO-2 National Cyberleague - Guardia Civil @nocnoc37 Equipo NotAnonymous - UFVMadrid 1      ENUNCIADO: Peter es un apasionado de la tecnología y trabaja como desarrollador de software en una empresa de renombre Ha pasado innumerables horas creando programas innovadores y asegur&a

PoC KeePass master password dumper

Keedump A PoC KeePass master password dumper using CVE-2023-32784, find further instructions and the original POC here Installation Cargo Make sure the current stable release of Rust is installed Registry cargo install keedump Manual git clone githubcom/ynuwenhof/keedumpgit cd keedump cargo install --path

Original PoC for CVE-2023-32784

KeePass 2X Master Password Dumper (CVE-2023-32784) Update The vulnerability was assigned CVE-2023-32784 and fixed in KeePass 254 Thanks again to Dominik Reichl for his fast response and creative fix! Clarification: the password has to be typed on a keyboard, not copied from a clipboard (see the How it works sections) What can you do First, update to KeePass 254 or higher

Ducky script for quicky grabbing a KeePass master password.

DuckPass Ducky script for quicky grabbing a KeePass process dump and database Pairs well with CVE-2023-32784 🍷

KeePass Master Password Extraction PoC for Linux

KeePass 253< Master Password Dumper PoC (CVE-2023-32784) for Linux Thanks to vdohney for finding this vulnerability and responsibly reporting it, and Dominik Reichl for the great open source software and quick acknowledgement/fix of the issue Should I be worried ? Probably not This exploit requires access to the /proc virtual filesystem Specifically, proc/[pid]/mem

A curated list of ressources for Volatility 2 & 3

Awesome Volatility A collection of interesting resources for Volatility Volatility is a framework for extracting digital artifacts from volatile memory (RAM) samples Use volatility 2 & 3 with docker Volatility 2 Volatility 2 - Volatility2 framework AutoVolatility - Run several volatility plugins at the same time Profiles Linux profiles (Debian, Ubuntu, Fedora,

Writeup of the room called "Keeper" on HackTheBox done for educational purposes.

Keeper First, I run a quick scan on the target $ sudo nmap -sS -Pn --max-retries 1 --min-rate 20 -p- keeperhtb Starting Nmap 793 ( nmaporg ) at 2023-09-22 14:50 CEST Warning: 101011227 giving up on port because retransmission cap hit (1) Nmap scan report for keeperhtb (101011227) Host is up (0053s latency) Not shown: 65515 closed tcp ports (reset) PORT

A python tool to automate KeePass discovery and secret extraction.

A python script to help red teamers discover KeePass instances and extract secrets Features & Roadmap KeePwn is still in early development and not fully tested yet : please use it with caution and always try it in a lab before (legally) attacking real-life targets! KeePass Discovery Accept multiple target sources (IP, range, hostname, file) Automatically look f

This script complements the results obtained through the keepass-password-dumper tool when exploiting the CVE-2023-32784 vulnerability affecting KeePass.

BruteForce-to-KeePass This script complements the results obtained through the keepass-password-dumper tool when exploiting the CVE-2023-32784 vulnerability affecting KeePass Description This script prompts the user to input a list of characters and a known suffix It then generates a list of possible strings (dictionary) by combining each character in the list with the known

A CVE-2023-32784 proof-of-concept implementation in Rust

KeePass 2X Master Password Dumper (CVE-2023-32784) This is a CVE-2023-32784 proof-of-concept implemented in Rust The code is probably ugly due to my poor coding skills, feel free to make a PR to improve it Original proof-of-concept here Python proof-of-concept here License /* * ---------------------------------------------------------------------------- * "THE BEER-

Re-write of original KeePass 2.X Master Password Dumper (CVE-2023-32784) POC in python.

KeePass-dump-py My attempt to re-write the original KeePass 2X Master Password Dumper (CVE-2023-32784) POC in python Please head over to Original POC for more details about the vulnerability and exploitation process What this script does: Checks if KeePass process is running, otherwise it spawns the KeePass Dumps KeePass process using WerFault (code snippet adapted from LSA

Keeper New user Initial password set to Welcome2023! ---------------------------------------------------- KeePass CVE-2023-32784: Detection of Processes Memory Dump - - -- - - - - - - -- - - - - -- - - - - -- - - - - -- - - allows the recovery of the cleartext master password from a memory dump The memory dump can be a KeePass process dump, swap file (pagefilesys), hibernat

Useful info about tools and methods

Basics to Pentesting NMAP Scan for open ports nmap -sV {IP} or namp -p- {IP} -sU for UDP -sV allows to perform version detection -sC allows to run safe script that can help for version detection We can speedup the scan using --min-rate {RATE} or -T{RATE} Identify service on port nmap -p23 {IP} As we can see 23/tcp telnet open so we can try to connect to the machine using te

Files, challenges and writeups for Neuland CTF 2023 Winter

Neuland-CTF-2023 ctfneuland-ingolstadtde/ Flag-Format: nland{} Crypto RSA (Basic RSA) - Easy (Jen) Hash (MD5,SHA1,LM) - Easy (Jen) Secrets (Basic Encoding/Encryption) - Easy (Jen) All the Colors of Christmas (Hexahue Cipher) - Medium (Jen) FIPS Aesmussen - Hard (Dominik) OSINT Geoguessr (Find Photo Location) - Easy (Jen) For old times sake (WayBack Maschine)

KeePass 2X Master Password Dumper (CVE-2023-32784) Update The vulnerability was assigned CVE-2023-32784 It should be fixed in KeePass 254, which should come out in the beginning of June 2023 Thanks again to Dominik Reichl for his fast response and creative fix! Clarification: the password has to be typed on a keyboard, not copied from a clipboard (see the How it works secti

KeePass 2.X dumper (CVE-2023-32784)

Keepass-Dumper This is my PoC implementation for CVE-2023-32784 My version is a python port of @vdohney's PoC along with a few changes and additional features Changes One change, was to use known strings that can be found within the dump file in order to more accurately jump to the location of the masterkey characters This results in less false positive characters and g

About This repository contains volatility3 plugins for the volatility3 framework Windows plugins Prefetch The plugin is scanning, extracting and parsing Windows Prefetch files from Windows XP to Windows 11 More information here : wwwforensicxlabcom/posts/prefetch/ AnyDesk The plugin is scanning, extracting and parsing Windows AnyDesk trace files More information

Keeper HTB Write -Up

HackTheBox Write-Up: Keeper Author: Mashrur Rahman Published: Aug 16, 2023 Introduction: Prepare to embark on an epic journey of cybersecurity exploration through this expansive write-up Tailored meticulously for beginners, this walkthrough will guide you step by step through the labyrinthine "Keeper" challenge on HackTheBox With in-depth explanations, tool usage, a

Keepas-si-safe Writeup THCON 2024 Difficulty: 500 points | 6 solves Description: We believe the bad guys got a hold of a memory dump on one of our machines Looking through our logs, we also realized they were able to access this Database file The person responsible for this machine says there is no way they could have gained access to his password manager - could you have a l

Cyber Security Technical Skills: Splunk, Qradar, Crowdstrike, Qualys, Tenable Nessus, Lacework, Cisco Umbrella, Jira, Confluence, Docker, Kubernetes, AWS, Azure( Sentinel, Defender for EndPoint), GCP, Frameworks (MITRE ATT&CK, Cyber Kill Chain), Active Directory,Network Security Groups, Autopsy, FTK Imager, SIFT, WireShark, TCPdump, Python, Powershell Education MEng,