A few years back I created a python script for a class I was teaching on password security. It is a basic script to run a dictionary attack against a KeePass database. Being that Python 2.7 EOL date is quickly approaching, I thought I might change my script to suit Python 3 – and do a quick blog post on how to run the new script.
First of all you will need to download and install the libkeepass module. This can be done using pip. If you haven’t installed pip3 you will need to do this first.
sudo apt-get install python3-pip
pip3 install libkeepass
Create a directory to store the script, and then change into the newly created directory.
cd ~ && mkdir keepassdictionaryattack
Download the passwords and rename the file to passwords.txt
curl -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/500-worst-passwords.txt
mv 500-worst-passwords.txt passwords.txt
Now, download the KeePass Dictionary Attack script.
curl -O https://raw.githubusercontent.com/0x6A6F7368/KeePassDictionaryAttack/master/KeePassAttack.py
Copy a KeePass database into ~/keepassdictionaryattack and then run the script.
If the KeePass database is using a weak password, you may gain access to the database and all the goodies inside.