Help with SIP digest authentication
#1
Hi,
This is my SIP authorization request (I replaced some data with test data):
Authorization: Digest username="33333", realm="sip.aaa.it", nonce="1234:d6e8ea03e10d4e39954c0f75e9f1547f", uri="sipConfusedip.aaa.it", response="7468b74b7257b05671242ad0a8b0eb16", algorithm=MD5

So I want to use SIP digest attack and the sintax should be this:
$sip$*[URI_SERVER]*[URI_CLIENT]*[USERNAME]*[REALM]*[METHOD]*[URI_PREFIX]*[URI_RESOURCE]*[URI_SUFFIX]*[NONCE_SERVER]*[NONCE_CLIENT]*[NONCE_COUNT]*[QOP]*[DIRECTIVE]*[MD5]

So I run this command:
hashcat -m 11400 '$sip$*sipConfusedip.aaa.it**33333*sip.aaa.it*REGISTER*sip*sip.aaa.it**1234****MD5*7468b74b7257b05671242ad0a8b0eb16'

But it seems the requests are hanging, what I'm doing wrong?
I have many doubt about  uri prefix, uri_resource, nonce client / server.

Someone can help me?
#2
You have failed to specify an attack and have only provided hashcat with the hash mode and hash. If you do not provide hashcat with an attack to run, it will start in Pipe mode. The process appears to be "hung" as it is currently blocked while waiting to read candidates from stdin (e.g. from an external candidate generator), of which none are being supplied. Refer to https://hashcat.net/wiki/#core_attack_modes for a list of available attack modes and examples.
#3
(08-09-2017, 06:53 PM)MrMeeseeks Wrote: You have failed to specify an attack and have only provided hashcat with the hash mode and hash. If you do not provide hashcat with an attack to run, it will start in Pipe mode. The process appears to be "hung" as it is currently blocked while waiting to read candidates from stdin (e.g. from an external candidate generator), of which none are being supplied. Refer to https://hashcat.net/wiki/#core_attack_modes for a list of available attack modes and examples.

Ops.. I concentrated on the hash and didn't notice that I had to specify the attack mode as well. 
Yes, I'm noob. This tool is very powerful, I just have to read more Smile 
Thanks for the tip, I'll look into mask attack probably. 
I will back later
#4
I added the below attack type and related mask: 10 chars, first letter upper case, then any upper/lower letter, a number and a "!".
I hope to be lucky with this patter that I deducted from only 2 previously know passwords Big Grin

-a 3 -1 ?u -2 ?l?u -3 ?d -4 ! ?1?2?2?2?2?2?2?2?3?4

The problem is that it says around 60 days to complete. Of course there are a lot of permutations, and actually it is fast as hell!
I must found more powerful hardware lol
At least I can pause and resume as I wish