hashcat 11400 sintax dude
#2
(08-23-2024, 10:47 AM)Tolete Wrote: Good day to everyone.

Could someone please clarify for me the, possibly silly, question about the syntax of the hashcat command in an 11400 attack?

If the Wireshark capture indicates, for example: realm="sip.blablabla.com" and uri="sipConfusedip.blablabla.com" (the same).
Is the hash structure exactly as it is, or does it include the resolution in the form of the IP address of blablabla.com?

That is, would it be something like, for example:
$sip$***user*sip.blablabla.com*REGISTER*sip*blablabla.com**nonce****MD5*Response

Or something like, for example:
$sip$***user*sip.blablabla.com*REGISTER*sip*123.456.789.0000*5060*nonce****MD5*Response

Or:
sip$***user*123.456.789.0000:5060*REGISTER*sip*123.456.789.0000*5060*nonce****MD5*Response

Regards to all.

I've never worked with SIP, but according to https://hashcat.net/wiki/doku.php?id=example_hashes this is what it should look like:

$sip$*192.168.100.100*192.168.100.121*username*asterisk*REGISTER*sip*192.168.100.121**2b01df0b****MD5*ad0520061ca07c120d7e8ce696a6df2d
Reply


Messages In This Thread
hashcat 11400 sintax dude - by Tolete - 08-23-2024, 10:47 AM
RE: hashcat 11400 sintax dude - by b8vr - 08-23-2024, 11:32 AM