KeeFarce Logo

KeeFarce

0
Free
Visit Website

KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%. KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# code execution is achieved by first injecting an architecture-appropriate bootstrap DLL. This spawns an instance of the dot net runtime within the appropriate app domain, subsequently executing KeeFarceDLL.dll (the main C# payload). The KeeFarceDLL uses CLRMD to find the necessary object in the KeePass processes heap, locates the pointers to some required sub-objects (using offsets), and uses reflection to call an export method. An appropriate build of KeeFarce needs to be used depending on the KeePass target's architecture (32 bit or 64 bit). Archives and their shasums can be found under the 'prebuilt' directory. In order to execute on the target host, the following files need to be in the same folder: BootstrapDLL.dll, KeeFarce.exe, KeeFarceDLL.dll, Microsoft.Diagnostic.Runtime.dll. Copy these files across to the target and execute Kee.

FEATURES

ALTERNATIVES

Okta Workforce Identity Cloud is an identity and access management platform that provides secure, streamlined access for an organization's workforce across various applications and resources.

Commercial

A fully automated AD build script that configures a domain fully with adjustable XML files.

Free

Zoho Vault is a secure password management tool that allows you to store and automatically fill in passwords on websites and apps.

Commercial

A list of Windows privilege escalation techniques, categorized and explained in detail.

Free

Tool for generating AWS IAM policy statements with a fluent interface.

Free

Identify AWS IAM permissions by brute-forcing API calls.

Free

BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.

Free

Helm plugin for decrypting encrypted Helm value files on the fly and integrating with cloud native secret managers.

Free