Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-32784 PoC — KeePass 安全漏洞

Source
https://github.com/G4sp4rCS/CVE-2023-32784-password-combinator-fixer
Associated Vulnerability
Title:KeePass 安全漏洞 (CVE-2023-32784)
Description:In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Description
After using the KeePass password dumper maybe some character parsed as ● is incorrect and you want to know the real character
Readme
# 🔒 CVE-2023-32784 Password Combinator Fixer


## USEFUL FOR KEEPER HTB MACHINE

After using the KeePass password dumper, some characters might be parsed as `●` incorrectly. This script helps you identify the real characters and fix the issue efficiently. 🚀

## 🛠️ How to Use


1. **Run the Script**  
    Execute the script with the required input file:  
    ```bash
    python3 generate_passwords_param.py <pattern> <unknown_chars> <output_file>
    ```
    - Example: `python3 generate_passwords.py "●ødgrød med fløde" "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" "pass.txt"`

2. **Review the Output**  
    The script will generate a corrected version of the password combinations.

## ✨ Useful Modifications

- **Custom Character Mapping**  
  Modify the `character_map` dictionary in `fixer.py` to handle additional or specific character replacements.

- **Input/Output File Names**  
  Update the script to accept custom input and output file names via command-line arguments.

- **Logging**  
  Add logging to track which characters were replaced for better debugging.

## ⚠️ Disclaimer

Use this tool responsibly and only on data you own or have explicit permission to analyze. Unauthorized use may violate privacy laws. 🔐
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →