Aperi'CTF 2019 - Forensic (50 pts).

Aperi’CTF 2019 - OP’Rikube

Challenge details

Event Challenge Category Points Solves
Aperi’CTF 2019 OP’Rikube Forensic 50 29

We’re given an oprikube.kdbx file.

Task description:

Our intelligence services infiltrated the Telegram channel of an hacktivist group alleged to have been involved in the #OP’Rikube operation.

Many messages have been deleted on this channel following the operation. However, a file has been saved.

According to our sources, many hackers were involved in the operation, one of them rleportedly was a member of the Aperi’Kube group.

Analyze this file and find information about this hacker.


Crack the password of the KDBX file, export keepass data into a CSV file, search for APRK, get the flag.

Password cracking

Since, we’re given a KDBX file, let’s try to crack its password using a wordlist!

Generate a john-the-ripper compatible hash:

keepass2john files/oprikube.kdbx | tee hash.txt

Crack the password:

john --format=KeePass --fork=20 --wordlist=rockyou.txt hash.txt
john --show hash.txt

Woot! Let’s open it using KeePass2:

keepass entries

Looking at the entries, the file is composed of several users, the only item that allows us to identify them is their password (i. e., TEAM{sha1(user_id)}).

The user we’re looking for is a member of the Aperi’Kube team (APRK), let’s look for this user!

User lookup

First, we need to export the user database using the File > Export > KeePass CSV (1.x) feature then grep it for the APRK symbol:

grep "APRK" oprikube.csv



The user we’re looking for is the user758!

The final flag is APRK{82a50612a57ad5c00b0df9bafbcd379d25c6fbda!}

Happy Hacking!