hashcat Forum
hashcat 11400 sintax dude - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Developer (https://hashcat.net/forum/forum-39.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-40.html)
+--- Thread: hashcat 11400 sintax dude (/thread-12125.html)

hashcat 11400 sintax dude - Tolete - 08-23-2024

Good day to everyone.

Could someone please clarify for me the, possibly silly, question about the syntax of the hashcat command in an 11400 attack?

If the Wireshark capture indicates, for example: realm="sip.blablabla.com" and uri="sipConfusedip.blablabla.com" (the same).
Is the hash structure exactly as it is, or does it include the resolution in the form of the IP address of blablabla.com?

That is, would it be something like, for example:
$sip$***user*sip.blablabla.com*REGISTER*sip*blablabla.com**nonce****MD5*Response

Or something like, for example:
$sip$***user*sip.blablabla.com*REGISTER*sip*123.456.789.0000*5060*nonce****MD5*Response

Or:
sip$***user*123.456.789.0000:5060*REGISTER*sip*123.456.789.0000*5060*nonce****MD5*Response

Regards to all.

RE: hashcat 11400 sintax dude - b8vr - 08-23-2024

(08-23-2024, 10:47 AM)Tolete Wrote: Good day to everyone.

Could someone please clarify for me the, possibly silly, question about the syntax of the hashcat command in an 11400 attack?

If the Wireshark capture indicates, for example: realm="sip.blablabla.com" and uri="sipConfusedip.blablabla.com" (the same).
Is the hash structure exactly as it is, or does it include the resolution in the form of the IP address of blablabla.com?

That is, would it be something like, for example:
$sip$***user*sip.blablabla.com*REGISTER*sip*blablabla.com**nonce****MD5*Response

Or something like, for example:
$sip$***user*sip.blablabla.com*REGISTER*sip*123.456.789.0000*5060*nonce****MD5*Response

Or:
sip$***user*123.456.789.0000:5060*REGISTER*sip*123.456.789.0000*5060*nonce****MD5*Response

Regards to all.

I've never worked with SIP, but according to https://hashcat.net/wiki/doku.php?id=example_hashes this is what it should look like:

$sip$*192.168.100.100*192.168.100.121*username*asterisk*REGISTER*sip*192.168.100.121**2b01df0b****MD5*ad0520061ca07c120d7e8ce696a6df2d