05-15-2017, 11:26 PM
Well, i "think" I have the line correct...it runs now anyways However, it will not crack a known password in my test.
$sip$***$username*$realm*digest**$uri**$nonce*$cnonce*$nc*$qop*MD5*$response
The uri is one star over now and it runs.
Can someone tell me how SIP Digest auth works in hashcat?
Here is my sample python program that works with the data I have:
QUOTE
import hashlib, itertools, sys
def gen_passwords(universe,l):
# use itertools to create a list of all password permutations
wl = []
for i in itertools.product(universe,repeat=l):
wl.append("".join(i))
return wl
def gen_response_unspec(username, password, nonce, realm, uri):
hash1 = hashlib.md5(username+':'+realm+':'+password).hexdigest()
hash2 = hashlib.md5('GET:'+uri).hexdigest()
response = hashlib.md5(hash1+':'+nonce+':'+hash2).hexdigest()
return response
def gen_response_auth(username, password, nonce, realm, uri,nonceCount,clientNonce,qop):
# this remains the same unless directive is MD5-sess, there is no algorithm directive indicated so MD5 assumed
hash1 = hashlib.md5(username+':'+realm+':'+password).hexdigest()
# qop = 'auth' which is default, so this is still good
hash2 = hashlib.md5('GET:'+uri).hexdigest()
# qop = 'auth' so this one is different
response = hashlib.md5(hash1+':'+nonce+':'+nonceCount+':'+clientNonce+':'+qop+':'+hash2).hexdigest()
return response
def crack_digest(username):
if len(sys.argv) < 2:
wl = gen_passwords("abcdefghijklmnopqrstuvwxyz1234567890",4)
else:
wl = [sys.argv[1]]
# the following is from the pcap
nonce = ' '
realm = ' '
uri = ' '
nonceCount = ' '
clientNonce = ' '
qop = ' '
for pw in wl:
response = gen_response_auth(username,pw,nonce,realm,uri,nonceCount,clientNonce,qop)
print pw," \r",
if response == ' ':
print 'Success!'
print 'Username: %s Password: %s'%(username,pw)
return
crack_digest('username')
END_QUOTE
Is there a way in hashcat to do the above?...or am i looking in the wrong place?
Again, thanks for the help!
$sip$***$username*$realm*digest**$uri**$nonce*$cnonce*$nc*$qop*MD5*$response
The uri is one star over now and it runs.
Can someone tell me how SIP Digest auth works in hashcat?
Here is my sample python program that works with the data I have:
QUOTE
import hashlib, itertools, sys
def gen_passwords(universe,l):
# use itertools to create a list of all password permutations
wl = []
for i in itertools.product(universe,repeat=l):
wl.append("".join(i))
return wl
def gen_response_unspec(username, password, nonce, realm, uri):
hash1 = hashlib.md5(username+':'+realm+':'+password).hexdigest()
hash2 = hashlib.md5('GET:'+uri).hexdigest()
response = hashlib.md5(hash1+':'+nonce+':'+hash2).hexdigest()
return response
def gen_response_auth(username, password, nonce, realm, uri,nonceCount,clientNonce,qop):
# this remains the same unless directive is MD5-sess, there is no algorithm directive indicated so MD5 assumed
hash1 = hashlib.md5(username+':'+realm+':'+password).hexdigest()
# qop = 'auth' which is default, so this is still good
hash2 = hashlib.md5('GET:'+uri).hexdigest()
# qop = 'auth' so this one is different
response = hashlib.md5(hash1+':'+nonce+':'+nonceCount+':'+clientNonce+':'+qop+':'+hash2).hexdigest()
return response
def crack_digest(username):
if len(sys.argv) < 2:
wl = gen_passwords("abcdefghijklmnopqrstuvwxyz1234567890",4)
else:
wl = [sys.argv[1]]
# the following is from the pcap
nonce = ' '
realm = ' '
uri = ' '
nonceCount = ' '
clientNonce = ' '
qop = ' '
for pw in wl:
response = gen_response_auth(username,pw,nonce,realm,uri,nonceCount,clientNonce,qop)
print pw," \r",
if response == ' ':
print 'Success!'
print 'Username: %s Password: %s'%(username,pw)
return
crack_digest('username')
END_QUOTE
Is there a way in hashcat to do the above?...or am i looking in the wrong place?
Again, thanks for the help!