Help with SIP digest authentication - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Help with SIP digest authentication (/thread-6768.html) |
Help with SIP digest authentication - userAAA - 08-09-2017 Hi, This is my SIP authorization request (I replaced some data with test data): Authorization: Digest username="33333", realm="sip.aaa.it", nonce="1234:d6e8ea03e10d4e39954c0f75e9f1547f", uri="sipip.aaa.it", response="7468b74b7257b05671242ad0a8b0eb16", algorithm=MD5 So I want to use SIP digest attack and the sintax should be this: $sip$*[URI_SERVER]*[URI_CLIENT]*[USERNAME]*[REALM]*[METHOD]*[URI_PREFIX]*[URI_RESOURCE]*[URI_SUFFIX]*[NONCE_SERVER]*[NONCE_CLIENT]*[NONCE_COUNT]*[QOP]*[DIRECTIVE]*[MD5] So I run this command: hashcat -m 11400 '$sip$*sipip.aaa.it**33333*sip.aaa.it*REGISTER*sip*sip.aaa.it**1234****MD5*7468b74b7257b05671242ad0a8b0eb16' But it seems the requests are hanging, what I'm doing wrong? I have many doubt about uri prefix, uri_resource, nonce client / server. Someone can help me? RE: Help with SIP digest authentication - MrMeeseeks - 08-09-2017 You have failed to specify an attack and have only provided hashcat with the hash mode and hash. If you do not provide hashcat with an attack to run, it will start in Pipe mode. The process appears to be "hung" as it is currently blocked while waiting to read candidates from stdin (e.g. from an external candidate generator), of which none are being supplied. Refer to https://hashcat.net/wiki/#core_attack_modes for a list of available attack modes and examples. RE: Help with SIP digest authentication - userAAA - 08-09-2017 (08-09-2017, 06:53 PM)MrMeeseeks Wrote: You have failed to specify an attack and have only provided hashcat with the hash mode and hash. If you do not provide hashcat with an attack to run, it will start in Pipe mode. The process appears to be "hung" as it is currently blocked while waiting to read candidates from stdin (e.g. from an external candidate generator), of which none are being supplied. Refer to https://hashcat.net/wiki/#core_attack_modes for a list of available attack modes and examples. Ops.. I concentrated on the hash and didn't notice that I had to specify the attack mode as well. Yes, I'm noob. This tool is very powerful, I just have to read more Thanks for the tip, I'll look into mask attack probably. I will back later RE: Help with SIP digest authentication - userAAA - 08-09-2017 I added the below attack type and related mask: 10 chars, first letter upper case, then any upper/lower letter, a number and a "!". I hope to be lucky with this patter that I deducted from only 2 previously know passwords -a 3 -1 ?u -2 ?l?u -3 ?d -4 ! ?1?2?2?2?2?2?2?2?3?4 The problem is that it says around 60 days to complete. Of course there are a lot of permutations, and actually it is fast as hell! I must found more powerful hardware lol At least I can pause and resume as I wish |