hashcat Forum Support hashcat v
http authentication

Thread Closed 
Threaded Mode
http authentication
mos Offline
Junior Member
**
Posts: 1
Threads: 1
Joined: Nov 2017
#1
11-28-2017, 04:31 PM
hi
i have a http authentication and i want to crack with hashcat with SIP 11400 attack.
but i dont know how to order the data
 the data for the example is:
Digest username="Mufasa",
                    realm="testrealm@host.com",
                    nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                    uri="/dir/index.html",
                    qop=auth,
                    nc=00000001,
                    cnonce="0a4f113b",
                    response="6629fae49393a05397450978507c4ef1",
                    opaque="5ccc069c403ebaf9f0171e9517f40e41"
                   method : GET
the password for example is "Circle Of Life"

if i understand the sip and http authentication is the same algoritm
HA1=MD5(username:realm:password)HA2=MD5(method:digestURI)response=MD5(HA1:nonce:HA2)

can u help me?
Find
philsmd Offline
I'm phil
******
Posts: 2,267
Threads: 16
Joined: Feb 2013
#2
11-28-2017, 05:16 PM (This post was last modified: 11-28-2017, 05:29 PM by philsmd.)
The format is as explained here: https://github.com/hashcat/hashcat/issues/1021 just this one:
$sip$*[URI_SERVER]*[URI_CLIENT]*[USERNAME]*[REALM]*[METHOD]*[URI_PREFIX]*[URI_RESOURCE]*[URI_SUFFIX]*[NONCE_SERVER]*[NONCE_CLIENT]*[NONCE_COUNT]*[QOP]*[DIRECTIVE]*[MD5]

Therefore your hash should look like this:
Code:
$sip$***Mufasa*testrealm@host.com*GET**/dir/index.html**dcd98b7102dd2f0e8b11d0f600bfb0c093*0a4f113b*00000001*auth*MD5*6629fae49393a05397450978507c4ef1

BTW: Do NOT post hashes on the forum when not asked by a moderator/admin. You will get banned
Find
Thread Closed