NA

CVE-2023-32784

Published: 15/05/2023 Updated: 26/05/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

In KeePass 2.x prior to 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

keepass keepass

Github Repositories

Re-write of original KeePass 2.X Master Password Dumper (CVE-2023-32784) POC in python.

KeePass-dump-py My attempt to re-write the original KeePass 2X Master Password Dumper (CVE-2023-32784) POC in python Please head over to Original POC for more details about the vulnerability and exploitation process What this script does: Checks if KeePass process is running, otherwise it spawns the KeePass Dumps KeePass process using WerFault (code snippet adapted from LSA

Keeper New user Initial password set to Welcome2023! ---------------------------------------------------- KeePass CVE-2023-32784: Detection of Processes Memory Dump - - -- - - - - - - -- - - - - -- - - - - -- - - - - -- - - allows the recovery of the cleartext master password from a memory dump The memory dump can be a KeePass process dump, swap file (pagefilesys), hibernat

This script complements the results obtained through the keepass-password-dumper tool when exploiting the CVE-2023-32784 vulnerability affecting KeePass.

BruteForce-to-KeePass This script complements the results obtained through the keepass-password-dumper tool when exploiting the CVE-2023-32784 vulnerability affecting KeePass Description This script prompts the user to input a list of characters and a known suffix It then generates a list of possible strings (dictionary) by combining each character in the list with the known

A CVE-2023-32784 proof-of-concept implementation in Rust

KeePass 2X Master Password Dumper (CVE-2023-32784) This is a CVE-2023-32784 proof-of-concept implemented in Rust The code is probably ugly due to my poor coding skills, feel free to make a PR to improve it Original proof-of-concept here Python proof-of-concept here License /* * ---------------------------------------------------------------------------- * "THE BEER-

A curated list of ressources for Volatility 2 & 3

Awesome Volatility A collection of interesting resources for Volatility Volatility is a framework for extracting digital artifacts from volatile memory (RAM) samples Use volatility 2 & 3 with docker Volatility 2 Volatility 2 - Volatility2 framework AutoVolatility - Run several volatility plugins at the same time Profiles Linux profiles (Debian, Ubuntu, Fedora,

Files, challenges and writeups for Neuland CTF 2023 Winter

Neuland-CTF-2023 ctfneuland-ingolstadtde/ Flag-Format: nland{} Crypto RSA (Basic RSA) - Easy (Jen) Hash (MD5,SHA1,LM) - Easy (Jen) Secrets (Basic Encoding/Encryption) - Easy (Jen) All the Colors of Christmas (Hexahue Cipher) - Medium (Jen) FIPS Aesmussen - Hard (Dominik) OSINT Geoguessr (Find Photo Location) - Easy (Jen) For old times sake (WayBack Maschine)

KeePass 2.X dumper (CVE-2023-32784)

Keepass-Dumper This is my PoC implementation for CVE-2023-32784 My version is a python port of @vdohney's PoC along with a few changes and additional features Changes One change, was to use known strings that can be found within the dump file in order to more accurately jump to the location of the masterkey characters This results in less false positive characters and g

Keeper HTB Write -Up

HackTheBox Write-Up: Keeper Author: Mashrur Rahman Published: Aug 16, 2023 Introduction: Prepare to embark on an epic journey of cybersecurity exploration through this expansive write-up Tailored meticulously for beginners, this walkthrough will guide you step by step through the labyrinthine "Keeper" challenge on HackTheBox With in-depth explanations, tool usage, a

About This repository contains volatility3 plugins for the volatility3 framework Windows plugins Prefetch The plugin is scanning, extracting and parsing Windows Prefetch files from Windows XP to Windows 11 More information here : wwwforensicxlabcom/posts/prefetch/ AnyDesk The plugin is scanning, extracting and parsing Windows AnyDesk trace files More information

Ducky script for quicky grabbing a KeePass master password.

DuckPass Ducky script for quicky grabbing a KeePass process dump and database Pairs well with CVE-2023-32784 🍷

PoC KeePass master password dumper

Keedump A PoC KeePass master password dumper using CVE-2023-32784, find further instructions and the original POC here Installation Cargo Make sure the current stable release of Rust is installed Registry cargo install keedump Manual git clone githubcom/ynuwenhof/keedumpgit cd keedump cargo install --path

KeePass 2X Master Password Dumper (CVE-2023-32784) Update The vulnerability was assigned CVE-2023-32784 It should be fixed in KeePass 254, which should come out in the beginning of June 2023 Thanks again to Dominik Reichl for his fast response and creative fix! Clarification: the password has to be typed on a keyboard, not copied from a clipboard (see the How it works secti

5ª Edición de la National Cyberleague de la Guardia Civil

Andrés de la Hoz Camiroaga RETO-2 National Cyberleague - Guardia Civil @nocnoc37 Equipo NotAnonymous - UFVMadrid 1      ENUNCIADO: Peter es un apasionado de la tecnología y trabaja como desarrollador de software en una empresa de renombre Ha pasado innumerables horas creando programas innovadores y asegur&a

https://ctf.neuland-ingolstadt.de/

Neuland-CTF-2023 ctfneuland-ingolstadtde/ Flag-Format: nland{} Crypto RSA (Basic RSA) - Easy (Jen) Hash (MD5,SHA1,LM) - Easy (Jen) Secrets (Basic Encoding/Encryption) - Easy (Jen) All the Colors of Christmas (Hexahue Cipher) - Medium (Jen) FIPS Aesmussen - Hard (Dominik) OSINT Geoguessr (Find Photo Location) - Easy (Jen) For old times sake (WayBack Maschine)

Useful informations about tools and methods

Basics to Pentesting NMAP Scan for open ports nmap -sV {IP} or namp -p- {IP} -sU for UDP -sV allows to perform version detection -sC allows to run safe script that can help for version detection We can speedup the scan using --min-rate {RATE} or -T{RATE} Identify service on port nmap -p23 {IP} As we can see 23/tcp telnet open so we can try to connect to the machine using t

Original PoC for CVE-2023-32784

KeePass 2X Master Password Dumper (CVE-2023-32784) Update The vulnerability was assigned CVE-2023-32784 and fixed in KeePass 254 Thanks again to Dominik Reichl for his fast response and creative fix! Clarification: the password has to be typed on a keyboard, not copied from a clipboard (see the How it works sections) What can you do First, update to KeePass 254 or higher

KeePass Master Password Extraction PoC for Linux

KeePass 253< Master Password Dumper PoC (CVE-2023-32784) for Linux Thanks to vdohney for finding this vulnerability and responsibly reporting it, and Dominik Reichl for the great open source software and quick acknowledgement/fix of the issue Should I be worried ? Probably not This exploit requires access to the /proc virtual filesystem Specifically, proc/[pid]/mem

A python tool to automate KeePass discovery and secret extraction.

A python script to help red teamers discover KeePass instances and extract secrets Features & Roadmap KeePwn is still in early development and not fully tested yet : please use it with caution and always try it in a lab before (legally) attacking real-life targets! KeePass Discovery Accept multiple target sources (IP, range, hostname, file) Automatically look f

Writeup of the room called "Keeper" on HackTheBox done for educational purposes.

Keeper First, I run a quick scan on the target $ sudo nmap -sS -Pn --max-retries 1 --min-rate 20 -p- keeperhtb Starting Nmap 793 ( nmaporg ) at 2023-09-22 14:50 CEST Warning: 101011227 giving up on port because retransmission cap hit (1) Nmap scan report for keeperhtb (101011227) Host is up (0053s latency) Not shown: 65515 closed tcp ports (reset) PORT

Embark on my CTFs Journey, where I document my conquests and lessons learned while navigating the dynamic challenges of Capture The Flag contests. From cracking codes to outsmarting puzzles, join me in exploring the diverse landscape of cybersecurity challenges.

Description Welcome to my personal Capture The Flags (CTFs) repository! This repository is created to track my progress, achievements, and detailed notes regarding cybersecurity challenges, especially on popular platforms like TryHackMe, Hack The Box and Rootme Contents This repository contains an organized list of CTF Machines that I have successfully exploited Each entry in

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 2023-11-15T09:54:51Z qq-tim-elevation githubcom/vi3t1/qq-tim-elevation CVE-2

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 2023-11-15T09:54:51Z qq-tim-elevation githubcom/vi3t1/qq-tim-elevation CVE-2

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 202

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 请注意所有工具是否有后门或者其他异常行为,建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

PoC in GitHub 2023 CVE-2023-0045 (2023-04-25) The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bi