that should be easy to add in hashcat cpu. can we please have some example real-world hashes?
This would be a very nice feature to have. Atom: I suppose you mean hashcat gpu. Anyway.. I will add some examples later tonight
Lets start with CPU first
This would be an awesome feature. Here is a sample hash:
Authorization: Digest username="ktxrk56yevb52dg4", realm="192.168.100.21", nonce="f9230a7f-77e0-426e-83c4-cf3ffd9315a7", qop=auth, cnonce="prNDNtHQotLf1Vp", nc=00000103, uri="sip:192.168.100.21:5065", response="3b1c269c6e13644538304b6a8e5626ff", algorithm=MD5, password="y7zwayvt94pu4jc8"
which would be:
str1 = MD5("ktxrk56yevb52dg4:192.168.100.21:y7zwayvt94pu4jc8")
str2 = MD5("REGISTER
ip:192.168.100.21:5065")
final = MD5("$str1:f9230a7f-77e0-426e-83c4-cf3ffd9315a7:$str2")
Actually there are two forms of digest auth for sip. One that includes cnonce and one that doesn't. See the description here:
http://en.wikipedia.org/wiki/Digest_acce...entication
It turns out my example is of the type that does use cnonce.
The perl script to compute the 'qop' version of the sip digest is as follows:
use Digest::MD5 qw(md5_hex);
my $str1 = "ktxrk56yevb52dg4:192.168.100.21:y7zwayvt94pu4jc8";
my $str2 = "REGISTER
ip:192.168.100.21:5065";
my $nonce = ":f9230a7f-77e0-426e-83c4-cf3ffd9315a7:00000103:prNDNtHQotLf1Vp:auth:";
print md5_hex(md5_hex($str1) . $nonce . md5_hex($str2)) . "\n";
It looks like SIP has at least two places that use MD5 digest:
One of which is in the password storage on disk on the SIP server - that's the MD5(username:domain:password).
The other place is during the in-flight network operations, and that, I think, is what quentusrex was referring to, since he was mentioning the nonce/salt and two md5 operations.
SIP password storage from one vendor, under a1-hash
http://wiki.freeswitch.org/wiki/XML_User...tory_Guide
of which the most relevant part is:
openssl dgst -md5 < filename, or echo -n "username:domain:password" | openssl dgst -md5.
Additional guidance on the in-flight MD5 use may be found at:
http://www.sipsorcery.com/mainsite/Help/...rdSecurity
I don't have FreeSwitch running, but when I have a test install, I'll generate some test samples.