+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: SIP hash sintax (/thread-12126.html)
SIP hash sintax - Tolete - 08-25-2024
Hello everyone.
Could someone help me create a correct sintax SIP hash for a 11400 attack based on Wireshark captures? It’s for my own phone line provided by my internet service provider. Therefore, I know the password and am sure it is correct.
I have successfully extracted the keys in some examples from this same forum and naively thought I had understood it.
I’m using the command hashcat -m 11400 -a 0 hashsip.txt pass.txt.
pass.txt only contains one line with my password. I’ve double-checked it with copy/paste to avoid any typographical errors.
hashsip.txt contains the hash.
and all I get is:
Status...........: Exhausted Status...........: Exhausted.....Status...........: Exhausted AAAAAAGGHHH
Please, if anyone finds my mistake in the hash, feel free to hit me over the head with it.
This is the hash that I have tested, created according to the guide $sip$*[URI_SERVER]*[URI_CLIENT]*[USERNAME]*[REALM]*[METHOD]*[URI_PREFIX]*[URI_RESOURCE]*[URI_SUFFIX]*[NONCE_SERVER]*[NONCE_CLIENT]*[NONCE_COUNT#]*[QOP]*[DIRECTIVE]*[MD5]
$sip$***e34xxxxxxxxx@ims.masmovil.com*ims.mnc004.mcc214.3gppnetwork.org*REGISTER*sip*ims.masmovil.com**3D64861AC0FDC8660000000061D93042*07638752*00000001*auth*MD5*609ce2d50bfxxxxxxxxxxxxxxxxf846c
The captures with Wireshark are:
REGISTER sip:ims.masmovil.com SIP/2.0
Via: SIP/2.0/UDP 172.xx.xx.18:6166;branch=z9hG4bK642747057;rport
Route: <sip:evimsemad.yoigo.com:5060;lr>
From: "+34xxxxxxxxx" <sip:+34xxxxxxxxx@ims.masmovil.com>;tag=1902733385
To: <sip:+34xxxxxxxxx@ims.masmovil.com>
Call-ID: 1825079765-6166-1@BHC.BG.DA.BI
CSeq: 2005 REGISTER
Contact: <sip:+34xxxxxxxxx@172.xx.xx.18:6166>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-1000-8000-C074AD2EEA76>"
Authorization: Digest username="e34xxxxxxxxx@ims.masmovil.com", realm="ims.mnc004.mcc214.3gppnetwork.org", nonce="3D64861AC0FDC8660000000061D93042", uri="sip:ims.masmovil.com", response="609ce2d50bfxxxxxxxxxxxxxxxxf846c", algorithm=MD5, cnonce="07638752", qop=auth, nc=00000001
Max-Forwards: 70
User-Agent: Grandstream HT812 1.0.53.3
Supported: path
Expires: 3600
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE
Content-Length: 0
SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.xx.xx.18:6166;received=185.xxx.xx.81;rport=6166;branch=z9hG4bK642747057
To: <sip:+34xxxxxxxxx@ims.masmovil.com>;tag=h7g4Esbg_784f54940f42506206061f275de
From: "+34xxxxxxxxx" <sip:+34xxxxxxxxx@ims.masmovil.com>;tag=1902733385
Call-ID: 1825079765-6166-1@BHC.BG.DA.BI
CSeq: 2005 REGISTER
Contact: <sip:+34xxxxxxxxx@172.xx.xx.18:6166>;expires=2390;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-1000-8000-C074AD2EEA76>"
Contact: <sip:+34xxxxxxxxx@172.xx.xx.18:6166>;expires=0;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-1000-8000-C074AD2EEA76>"
P-Associated-Uri: <sip:+34xxxxxxxxx@ims.masmovil.com>
P-Associated-Uri: <tel:+34xxxxxxxxx>
Path: <sip:212.230.247.90;transport=udp;lr>
Service-Route: <sip:212.230.247.90:5060;transport=udp;lr>
Content-Length: 0
Authentication-Info: qop=auth,rspauth="272f41d23axxxxxxxxxxxxxxxx081169",cnonce="07638752",nc=00000001