• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Hacking tool swipes encrypted credentials from password manager

SubZero

SubZero

Alfrescian
Loyal
Joined
Aug 12, 2013
Messages
50
Points
0

Hacking tool swipes encrypted credentials from password manager

"KeeFarce" targets KeePass, but virtually all password managers are vulnerable.

by Dan Goodin - Nov 3, 2015 2:16am CST

keefarce-logo-640x653.png


Using a password manager is one of the biggest ways that average computer users can keep their online accounts secure, but their protection is pretty much meaningless when an end user's computer is compromised. Underscoring this often ignored truism is a recently released hacking tool that silently decrypts all user names, passwords, and notes stored by the KeePass password manager and writes them to a file.

KeeFarce, as the tool has been dubbed, targets KeePass, but there's little stopping developers from designing similar apps that target virtually every other password manager available today. Hackers and professional penetration testers can run it on computers that they have already taken control of. When it runs on a computer where a logged in user has the KeePass database unlocked, KeeFarce decrypts the entire database and writes it to a file that the hacker can easily access.

In fairness to KeePass developers, they have long warned users that no password manager can secure passwords on a compromised computer. Still, KeeFarce generated interest among security professionals and hobbyists over the past week, in large part because of the ease and convenience it provides.

"Indeed, if the operating system is owned, then it's game over," Denis Andzakovic, a researcher at Security Assessment and the creator of KeeFarce, told Ars. "The point of KeeFarce is to actually obtain the contents of the password database. Say a penetration tester has achieved domain admin access to a network but also wants to obtain access to networking hardware, non-domain infrastructure, etcetera. The tester can compromise a sysadmin's machine and use the tool to swipe the password details from the KeePass instance the sysadmin has open."

KeePass provides process memory protection that encrypts master password keys and other sensitive data when stored in computer memory. That system goes a long way to preventing malicious apps from scraping random access memory and retrieving the credentials. KeeFarce obtains passwords using a different technique, known as DLL injection. The injected dynamic link library code calls an existing KeePass export method to copy the contents of a currently open database to a CSV file. The resulting file contains user names, passwords, notes, and URLs all in cleartext.

Again, the ability for one process to inject itself into a second process and execute things in the context of the second process is by no means a KeePass-specific issue. This injection process is one of the things that allows programs to interoperate in useful ways. But in the event of a compromise, it can also streamline the process of gathering sensitive data and sending it to the attacker. Something like KeeFarce could prove to be especially scary if it was folded into Metasploit or other hacker frameworks. Andzakovic said existing features in Metasploit can already be used to manually run KeeFarce on a compromised computer.

KeeFarce will no doubt rekindle the common criticism that when password managers fail, they offer a one-stop destination for hackers to obtain all of a target's passwords. There's no doubt that password managers represent a single point of failure that could be catastrophic. Still, on the whole, they provide more benefit than risk when used correctly. That's because password managers allow average people to generate and store virtually crack-proof passcodes that are unique for every site. Password managers also prevent a breach on one site—say, the recent compromise of 000Webhost—from contributing to account hijacks on other sites because the account holder used the same password.

But it's also important that people recognize that there are some threats that password managers do nothing to mitigate, and chief among them is password theft from an infected computer to begin with. Lest anyone forget, KeeFarce is here to remind them.


 
You must log in or register to reply here.

Similar threads

Rogue Trader
[Jo Teo Fucks Up Again] ICA suspends online address change function after scammers change victims addresses
Replies
16
Views
499
millim6868
M
S
Serious Fierce US Cyberattack on Deep Seek!
Replies
3
Views
237
rotiprata
rotiprata
riceberry
Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, Linkedin, and Dropbox - here's how to
Replies
2
Views
1K
eatshitndie
eatshitndie
LITTLEREDDOT
China hacks Singtel, PAP govt kept quiet until Bloomberg news reported the incident
Replies
11
Views
754
nabeifuckpap
nabeifuckpap
Chase
John Wick: Australian gangs using an app to organise underworld hits
Replies
0
Views
425
Chase
Chase
Back
Top