SIP: search using the dictionary is not working.
#1
Hi!

I found that hashcat can not find the password for the SIP-account using the dictionary. With HTTPBrute I calculated response to SIP-request (see the picture httpbrute.gif - it's just an example). Then I formed hash-file mytrunk1.hash:
Code:
$sip$***mytrunk1*asterisk*REGISTER*sip*77.12.87.99:8077**1821d72d****MD5*9638ced4c962449466deee5d4aca2b3f

Then I downloaded rockyou.txt (of about 137 megabytes), and add the password aM13xzv2h in the first row (see the picture rockyou.gif).
Launched hashcat:
Code:
hashcat-cli64 -m 11400 mytrunk1.hash rockyou.txt -o result_mytrunk1.txt
Unsuccessfully.

But if I run hashcat like this:
Code:
hashcat-cli64 -m 11400 -a 3 mytrunk1.hash ?l?u?d?dxzv?d?l -o result_mytrunk1.txt
that password is searched in less than 5 seconds.

What am I doing wrong?


Attached Files
.gif   httpbrute.gif (Size: 9.81 KB / Downloads: 22)
.gif   rockyou.gif (Size: 7.21 KB / Downloads: 15)
#2
You need to remove all extra characters around the correct password (remove all extra spaces, tabs etc)

Also why do you not simple create a new word list with just the correct password in it and troubleshoot if that works or not?

I tried to do the same and it works here (with rockyou.txt and a dedicated/new word list with just the single/correct password in it). Seems to be a problem on your side (pebkac ?).
#3
I did as you said - has created a new dictionary file pass.txt and add the password. No additional characters (see picture pass.gif).
Start hashcat:
Code:
hashcat-cli64 -m 11400 mytrunk1.hash pass.txt -o result_mytrunk1.txt
And again - the password is not found. What you are using the OS? I'm using Windows 7 x64. Maybe this is the problem?

Update:
It's strange, but re-doing the same command produced a positive result. But now I need to check the file rockyou - to search for the real password. A rockyou still not working.

Update 2:
I found a problem. Dictionary file was still open in a text editor, when I ran the search. Although the file has already been saved to disk hashcat could not find the password. As soon as I closed the dictionary - hashcat immediately found the password.


Attached Files
.gif   pass.gif (Size: 4.77 KB / Downloads: 17)
#4
It was pebkac, closed.