Open Mickydss opened 7 years ago
Please update your message to remove template stuff.
Also please remove "on Win10" in your title, as the mechanism is the same on all Windows versions.
Concerning this algorithm, iirc this is not straightfoward. While bound to a computer account, Keepass adds a layer of data protected by Windows DPAPI (cf. #2521). Please take a look at keepassx source code and provide further information.
Thx
See http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/ for details on how to approach this problem.
There are lot of steps involved in this process which JtR Jumbo can't help with. Hence I am closing this issue.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa382377(v=vs.85).aspx could be useful here.
Also see https://github.com/hashcat/hashcat/issues/1437. It has some internal details on how this works.
Please feel free to reopen this issue if you have a solution, and are actively working on it.
KeePass
.kdbx
databases can be protected with a keyfile and a Windows User Account. It would be nice to add support for such KeePass databases.