SIP (MD5) - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html) +--- Forum: Feature Requests (https://hashcat.net/forum/forum-7.html) +--- Thread: SIP (MD5) (/thread-1455.html) |
SIP (MD5) - m-i-k-e-e - 08-13-2012 Hi, would it be possible to include an option to crack SIP MD5 passwords? There are already some tools to do that but it can't use GPU. So here is the source code: http://www.darknet.org.uk/2008/08/sipcrack-sip-login-dumper-hashpassword-cracker/. And here is the info how to generate SIP MD5 hash: http://bramp.net/blog/2011/09/md5-digest-authorisation-in-sip-with-php/ Thank you very much, mikee RE: SIP (MD5) - atom - 08-13-2012 that should be easy to add in hashcat cpu. can we please have some example real-world hashes? RE: SIP (MD5) - ShArkY_ - 08-18-2012 This would be a very nice feature to have. Atom: I suppose you mean hashcat gpu. Anyway.. I will add some examples later tonight RE: SIP (MD5) - atom - 08-19-2012 Lets start with CPU first RE: SIP (MD5) - quentusrex - 08-31-2012 This would be an awesome feature. Here is a sample hash: Authorization: Digest username="ktxrk56yevb52dg4", realm="192.168.100.21", nonce="f9230a7f-77e0-426e-83c4-cf3ffd9315a7", qop=auth, cnonce="prNDNtHQotLf1Vp", nc=00000103, uri="sip:192.168.100.21:5065", response="3b1c269c6e13644538304b6a8e5626ff", algorithm=MD5, password="y7zwayvt94pu4jc8" which would be: str1 = MD5("ktxrk56yevb52dg4:192.168.100.21:y7zwayvt94pu4jc8") str2 = MD5("REGISTERip:192.168.100.21:5065") final = MD5("$str1:f9230a7f-77e0-426e-83c4-cf3ffd9315a7:$str2") Actually there are two forms of digest auth for sip. One that includes cnonce and one that doesn't. See the description here: http://en.wikipedia.org/wiki/Digest_access_authentication It turns out my example is of the type that does use cnonce. The perl script to compute the 'qop' version of the sip digest is as follows: use Digest::MD5 qw(md5_hex); my $str1 = "ktxrk56yevb52dg4:192.168.100.21:y7zwayvt94pu4jc8"; my $str2 = "REGISTERip:192.168.100.21:5065"; my $nonce = ":f9230a7f-77e0-426e-83c4-cf3ffd9315a7:00000103:prNDNtHQotLf1Vp:auth:"; print md5_hex(md5_hex($str1) . $nonce . md5_hex($str2)) . "\n"; RE: SIP (MD5) - Incisive - 08-31-2012 It looks like SIP has at least two places that use MD5 digest: One of which is in the password storage on disk on the SIP server - that's the MD5(username:domain:password). The other place is during the in-flight network operations, and that, I think, is what quentusrex was referring to, since he was mentioning the nonce/salt and two md5 operations. SIP password storage from one vendor, under a1-hash http://wiki.freeswitch.org/wiki/XML_User_Directory_Guide of which the most relevant part is: openssl dgst -md5 < filename, or echo -n "username:domain:password" | openssl dgst -md5. Additional guidance on the in-flight MD5 use may be found at: http://www.sipsorcery.com/mainsite/Help/SIPPasswordSecurity I don't have FreeSwitch running, but when I have a test install, I'll generate some test samples. |