Tags: misc 

Rating:

challenge description : While in Rome, a few heisters spotted a computer in the dumpster outside of a bank and took it. After brute forcing the computer credentials and getting in with "admin/password", there was a password-protected client database discovered. A Desktop sticky note had the following information: "To fellow bank employee - a way to remember each database PIN is that it is 4-digits ranging between 1000 and 9999". It appears the sticky note was auto-translating from another language as well - let's turn that off. Are you able to assist the heisters from here?

challenge hint : After scrolling down, there was additional text on the Desktop sticky note that says "wyptbt lza zlwalt". These bank employees should be removed from the payroll immediately...

challenge file : clients.kdbx

step by step writeup :
1- discover the file type ( file type : Keepass password database 2.x KDBX )
2- after reading about this type i found there are program named (keepassx) used to open this type of files
3- open it but it require a password
4- we can crack KDBX files using john the ripper
5- command : keepass2john clients.kdbx > clients.hash
6- if we read the description we found that the database PIN consists of 4 digits in range from 1000 to 9999
7- i generate numbers from 1000 to 9999 wordlist to crack the password using command ( seq 1000 9999 > 1000-9999.txt )
8- crack password command ( john --wordlist=1000-9999.txt clients.hash )
9- the password is ( 7182 )
10- open the file

### flag : jctf{R1ch_p3rson_#4}