Recent Releases of https://github.com/byt3n33dl3/thc-jennifer
https://github.com/byt3n33dl3/thc-jennifer - .kdbx Cracker 0x00
0x00 Technical Fix Analysis
Primary binary patch address in 0x0000400C (attempt_password)
0x4008CF: Modified exec path from relative heap allocation to fixed stack buffer
0x4008E6: Changed IPC mechanism from pipe-to-stdin to file descriptor passthrough
0x4008F2: Implemented proper memory cleanup to prevent fd/handle leakage
0x02 change variables for root Cause Analysis
```asm ; Original faulty syscall chain 0x400A12: mov rdi, [rbp-0x18] ; Indirect password reference (VULN) 0x400A18: call system@plt ; Insecure system() call with unescaped chars 0x400A1F: xor eax, eax ; Return value not properly checked
; Patched syscall implementation 0x400B21: lea rdi, [rbp-0x800] ; Direct buffer reference (FIXED) 0x400B27: mov rcx, 0x2F62696E ; "/bin" prefix for direct execution 0x400B2E: call system@plt ; Proper execution path 0x400B35: test eax, eax ; Explicit return value verification ``` 03x00
Eliminated race condition at 0x4005F2 by implementing a sequential access pattern.
c
if (args->result->result) {
pthread_mutex_unlock(args->result_mutex);
break;
}
Last is 0x04 (Character Escaping Implementation)
Implemented proper shell character escaping at binary level:
0x400D15: Special character detection
0x400D21: Buffer overflow protection with boundary checks
0x400D35: ASCII validation for non-printable character prevention
These modifications ensure proper handling of any password containing shell metacharacters (0x21-0x2F, 0x3A-0x40, etc.).
- C
Published by byt3n33dl3 10 months ago
https://github.com/byt3n33dl3/thc-jennifer - .kdbx Cracker
J E N N I F E R
(c) 2025 by byt3n33dl3 https://github.com/byt3n33dl3 Advanced KeePass Password Cracker, 1.1.0 Licensed under BSD-2.0
Jennifer du' Casse is the most Advanced KeePass .kdbx cracking software. Support cracking KDBX3 (KeePass 2.x) and KDBX4. Designed to handle all versions of KeePass database files (.kdbx), including the newer 2.36+ versions that use the KDBX4 format.
Please do not use in military or secret service organizations, or for illegal purposes. (This is the wish of the author and non-binding. Many people working in these organizations do not care for laws and ethics anyways. You are not one of the "good" ones if you ignore this.)
Unlike some existing tools, Jennifer can efficiently process both AES-KDF and Argon2-based key derivation methods.
Supports all KeePass versions (including >=2.36) Works with both AES-KDF and Argon2 key derivation Multi-threaded for maximum performance Includes default wordlist for quick testing Progress tracking with accurate ETA Simple command-line interface
Jennifer Operates by directly parsing the KDBX file structure to extract cryptographic parameters such as:
Master seed Transform seed (KDBX3) Encryption IV Stream start bytes KDF parameters (including Argon2 parameters for KDBX4)
The binary implements several key technologies:
Multi-threaded password attempts for maximum performance Direct KDBX format parsing (both v3 and v4) Real-time progress statistics with ETA calculation Automatic detection of KeePass database version and encryption method Memory-efficient wordlist processing
Functions:
Parses the KDBX header to determine version and encryption parameters Loads the wordlist into memory for efficient processing Spawns multiple worker threads to attempt passwords in parallel Uses cryptographic operations to verify each password against the database Provides real-time statistics on cracking progress Immediately reports when a password is successfully found
Usage:
jennifer [kdbx-file]
jennifer [kdbx-file] [wordlist]
jennifer [kdbx-file] [wordlist] -v
┌──(kali㉿kali)-[~]
└─$ jennifer [kdbx-file]
┌──(kali㉿kali)-[~]
└─$ jennifer [kdbx-file] [wordlist]
┌──(kali㉿kali)-[~]
└─$ jennifer [kdbx-file] [wordlist] -v
By default, Jennifer is already advanced enough for knowing a wordlist usage, without a custom worlist jennifer can only crack a possible 100 password. and the verbosity [-v] is going to be just for seeing Jennifer cracking processes.
Usage:
┌──(kali㉿kali)-[~] └─$ jennifer secret.kdbx rockyou.txt -v ⠀⣀⣀⣀⣀⣀⣀⡀⢰⠆⠂⠄⡀⠀⠀⠀⠀⠀⠀ ⠁⠀⠀⠀⠀⠀⠈⢀⢠⠴⠒⢿⣉⣦⣱⡇⣧⢼⣯⣿⠲⣥⣀⡀⠁⠠⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⡀⢎⠰⣈⣵⣾⣿⣿⣿⣿⣿⣿⣿⣷⣿⣷⣯⡴⢆⡤⠀⡄⠀⠀ ⠀⠀⠀⠀⡀⢆⠱⣨⣶⠿⣿⠟⠋⣿⣿⣿⣿⣿⣿⣯⠛⠿⣿⣿⣷⣒⣩⠄⠀⠀ ⠀⠀⠐⠊⡴⢬⡾⠛⠁⠀⣿⣷⣼⣿⣿⣿⣿⣿⣿⣿⠀⠀⢈⠛⣻⡶⠶⠗⠂⠀ ⠀⠀⠐⢀⣴⠛⠀⠀⠀⠀⠹⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⡠⢀⣴⡿⠉⠡⠀⠀⠀ ⠀⠈⠀⠺⠕⠒⠂⠀⡀⠀⠀⠈⠙⠛⠻⠛⡛⠋⠀⠀⣠⣶⣿⠿⡣⠐⠀⠀⠀⠀ ⠃⢀⠀⠀⠀⠀⠀⠀⠐⠀⠠⢠⡴⢦⣤⣄⣶⡶⣾⢿⠛⠟⠂⠓⠀⠀⠀⠀⠀⠀ ⠀⠀⠈⠐⠀⠄⢀⠀⠀⠀⠒⠁⠊⠉⡇⢛⠾⠑⠁⠉⠀⠀⠠⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⢀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀ ⠀⠀⠐⠀⢀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠂
KeePass Password Cracker v1.0
[+] KeePass database detected (version 4) [+] Using Argon2 key derivation [+] Starting password cracking with 14344391 passwords [+] Progress: 9532/14344391 (0.07%) - 1906 p/s - ETA: 2h 5m 12s ... [+] Password found: myp@ssword123
For more, come to my collections of write-ups for real-world use cases on https://byt3n33dl3.substack.com if there's any security concern, please contact me at byt3n33dl3@proton.me
- C
Published by byt3n33dl3 10 months ago