HackTheBox-Keeper Walkthrough

3 min readSep 7, 2023


This is a short guide for Keeper machine.

Get the IP address of the machine and perform the nmap scan.

Nmap scan result

Looking at website on port 80.

Mapping IP address to host in /etc/hosts

Added line to /etc/hosts file

Now visiting tickets.keeper.htb we see login page of Best Practical Request Tracker.

Best Practical Request Tracker

Trying default credential of root:password, we get logged in as root.

Looking around the application we can see two users root and lnorgaard. On user lnorgaard profile we can see its password on comment.

lnorgaard user profile

Using this password to login through ssh.

User flag is present in the home directory

User flag

There is also a zip file. Extracting the content of zip file we get a .dmp file and .kdbx file of keep pass.

lnorgaard home directory contents

After some googling, found a KeePass 2.X Master Password Dumper (CVE-2023–32784) exploit

Downloading the KeePassDumpFull.dmp & passcodes.kdbx file into the local machine and running the above exploit on KeePassDumpFull.dmp file.

We can see that the first character is unkown, the second character has multiple options and after that the characters are “dgrød med fløde”. So we need first two character to obtain the password.

Taking a quick look on the word “dgrød med fløde”, we can see the brave search result showing “rødgrød med fløde”.

Trying the password “rødgrød med fløde” to unlock KeePass Database. We get successfully login.

Looking on the network tab we can see a root user login credentials for keeper.htb along with a note which includes PuTTY-User-Key-File.

As PuTTY default format is .ppk, lets copy the contents on the note and copy it to a new file with .ppk file extension.

Now using puttygen to create a .pem key file using the .ppk file.

Set the correct permission for .pem file

Changing the permission of .pem file to 400

Finally using the key.pem file to login as root through ssh.

Root flag is located in the root home directory

Root Flag

Thank you for reading.

Twitter: Vengenace0x0




Penetration Tester | Trader/ Investor | Cyber Security Enthusiast | Bibliophile