How can you extract the hash of the password from an encrypted
container, such as a KeePass file, or a LUKS, TrueCrypt or Veracrypt
volume?
It depends :-). You will need a program that can read the respective file format, and extract information about the password.
Also note that a file/container protected by a password does not usually contain a hash of the password (like for example a UNIX Shadow file would). Instead it contains data protected by an encryption key (which is computed from the password), and possibly information about how the encryption key was computed. Typically some special algorithm (a key derivation function) is used to calculate the key.
This data can be attacked in a similar fashion to brute-forcing a password hash: You can try different passwords, run them through the right key derivation function, and check whether they match the encrypted data.
Then you will need a program that performs this brute-forcing. Hashcat is one popular choice (and Hashcat happens to support the data format used by KeePass - see PR 282 on GitHub).
I tried to use keepass2john from John the Ripper, but it did not work
with a KDBX file from KeePass (error message: "file version not
supported") .
That could be any number of problems, and is probably out of scope here. Try asking a more specific question on http://superuser.com .
During my research I found some people saying that you cannot extract
the hash. If so, then what are scripts like keepass2john for?
Well, sometimes some people are wrong :-). keepass2john is indeed for extracting information from a KeePass database that allows you to crack the password with John The Ripper.
Also, if you cannot extract the hash, how does the encryption software
validate the key?
They do it like the cracking programs: They try the password, and complain if it does not work.
