Rating: 5.0

We assume that the master password to unlock Johnny's database is a permutation of the words Johnny, 37, Ripper, Cracker and with @ that might appear as a separator. We can test every possible combination on the Confidential.kdbx file:

python
import itertools
from pykeepass import PyKeePass

elements = ['John', '37', 'Ripper', 'Cracker']
permutations = list(itertools.permutations(elements))

possibilities = []
for p in permutations:
possibilities.append(p[0] + p[1] + p[2] + p[3])
possibilities.append(p[0] + '@' + p[1] + p[2] + p[3])
possibilities.append(p[0] + p[1] + '@' + p[2] + p[3])
possibilities.append(p[0] + '@' + p[1] + '@' + p[2] + p[3])
possibilities.append(p[0] + p[1] + p[2] + '@' + p[3])
possibilities.append(p[0] + '@' + p[1] + p[2] + '@' + p[3])
possibilities.append(p[0] + p[1] + '@' + p[2] + '@' + p[3])
possibilities.append(p[0] + '@' + p[1] + '@' + p[2] + '@' + p[3])

for p in possibilities:
try:

We get the password [email protected]@Ripper that we can use to open the database using KeePass. Here is the flag:
Notice that the author (mistakenly?) omitted an underscore in the flag, which caused me a bit of hair-pulling. Anyway, here is the correct flag: vulncon{Programming_Is_Necessary_For_Cyber_Right?}.