Tags: keepass password-cracking 

Rating: 5.0

We assume that the master password to unlock Johnny's database is a permutation of the words `Johnny`, `37`, `Ripper`, `Cracker` and with `@` that might appear as a separator. We can test every possible combination on the `Confidential.kdbx` file:

```python
import itertools
from pykeepass import PyKeePass

elements = ['John', '37', 'Ripper', 'Cracker']
permutations = list(itertools.permutations(elements))

possibilities = []
for p in permutations:
possibilities.append(p[0] + p[1] + p[2] + p[3])
possibilities.append(p[0] + '@' + p[1] + p[2] + p[3])
possibilities.append(p[0] + p[1] + '@' + p[2] + p[3])
possibilities.append(p[0] + '@' + p[1] + '@' + p[2] + p[3])
possibilities.append(p[0] + p[1] + p[2] + '@' + p[3])
possibilities.append(p[0] + '@' + p[1] + p[2] + '@' + p[3])
possibilities.append(p[0] + p[1] + '@' + p[2] + '@' + p[3])
possibilities.append(p[0] + '@' + p[1] + '@' + p[2] + '@' + p[3])

for p in possibilities:
try:
kp = PyKeePass('Confidential.kdbx', password=p)
print(p)
break
except:
pass
```

We get the password `[email protected]@Ripper` that we can use to open the database using KeePass. Here is the flag:

![](https://i.imgur.com/z5d2fbCl.png)

(yes I use Windows, please be forgiving)

Notice that the author (mistakenly?) omitted an underscore in the flag, which caused me a bit of hair-pulling. Anyway, here is the correct flag: `vulncon{Programming_Is_Necessary_For_Cyber_Right?}`.