08-23-2024, 11:32 AM
(08-23-2024, 10:47 AM)Tolete Wrote: Good day to everyone.
Could someone please clarify for me the, possibly silly, question about the syntax of the hashcat command in an 11400 attack?
If the Wireshark capture indicates, for example: realm="sip.blablabla.com" and uri="sipip.blablabla.com" (the same).
Is the hash structure exactly as it is, or does it include the resolution in the form of the IP address of blablabla.com?
That is, would it be something like, for example:
$sip$***user*sip.blablabla.com*REGISTER*sip*blablabla.com**nonce****MD5*Response
Or something like, for example:
$sip$***user*sip.blablabla.com*REGISTER*sip*123.456.789.0000*5060*nonce****MD5*Response
Or:
sip$***user*123.456.789.0000:5060*REGISTER*sip*123.456.789.0000*5060*nonce****MD5*Response
Regards to all.
I've never worked with SIP, but according to https://hashcat.net/wiki/doku.php?id=example_hashes this is what it should look like:
$sip$*192.168.100.100*192.168.100.121*username*asterisk*REGISTER*sip*192.168.100.121**2b01df0b****MD5*ad0520061ca07c120d7e8ce696a6df2d