CVE-2023-32784

This PoC extracts KeePass 2.x master passwords from memory dumps by scanning for Unicode characters masked by KeePass's SecureTextBoxEx (displayed as '●'). It reconstructs potential password candidates by analyzing sequences of these characters and adjacent valid Unicode characters.

This is a Python-based PoC for CVE-2023-32784, which exploits a memory dump vulnerability in KeePass 2.X to extract masterkey characters. It includes features like partial scanning, character recovery, and wordlist-based searches to reconstruct passwords from memory dumps.

This PowerShell script automates brute-forcing KeePass master passwords by generating a dictionary based on user-provided characters and a known suffix, then testing each entry against a KeePass database file. It leverages KeePass libraries to validate credentials.

This PoC extracts the master password from a memory dump of a KeePass process by scanning for specific byte patterns (0xCF 0x25) that precede password characters. It reconstructs potential characters by position and generates a John the Ripper mask for further cracking.

This PoC exploits CVE-2023-32784 to dump KeePass process memory on Linux, extracting master password remnants by scanning for specific Unicode patterns. It requires root access to `/proc/[pid]/mem` and targets KeePass versions before 2.54.

Technical analysis of CVE-2023-32784, a memory leak vulnerability in KeePass 2.53, detailing how master passwords can be extracted from memory dumps and proposing detection/mitigation strategies.

This repository contains a functional Python script that exploits CVE-2023-32784 to dump passwords from KeePass 2.X memory dumps by scanning for Unicode characters and reconstructing password strings. The script reads a binary file and uses regex to filter valid characters, demonstrating the vulnerability effectively.

This repository provides a Python script to generate password combinations for CVE-2023-32784, addressing incorrect character parsing in KeePass. It replaces placeholder characters with potential valid characters to recover the original password.

This repository provides a detailed writeup and step-by-step guide for exploiting CVE-2023-32784, a memory leakage vulnerability in KeePass versions prior to 2.54. The exploit involves dumping KeePass process memory and using a .NET-based tool to recover the master password (excluding the first character).

This PoC analyzes a memory dump to extract potential password candidates by identifying patterns of bytes (0xCF 0x25) followed by printable ASCII characters. It is designed to exploit an information leak vulnerability in a specific context, likely related to password recovery or extraction from memory.

This PoC extracts potential KeePass master key candidates from a memory dump by analyzing patterns and reconstructing possible passwords. It leverages the vulnerability in KeePass where master key material may remain in memory after use.

This Python script exploits CVE-2023-32784 by dumping KeePass process memory using WerFault and extracting the master password from the dump. It checks for or spawns KeePass, performs the dump, and parses the memory for password characters.

This Rust-based PoC exploits CVE-2023-32784 to dump the master password from a KeePass 2.X memory dump by analyzing byte patterns and reconstructing possible password candidates.

KeePwn is a Python-based tool designed to discover KeePass instances, extract secrets via plugin and trigger abuse, and parse memory dumps for master password candidates (CVE-2023-32784). It includes modules for SMB-based discovery, plugin manipulation, trigger injection, and memory dump parsing.