Penetration Testing mailing list archives
SIP Digest Authentication
From: Bassem Ammar <basem () live ru>
Date: Sat, 1 Oct 2011 06:02:19 +0200
HI, How can i got the SIP password if i have the following 1- SIP USER which use in Digest Authorization 2- realm name 3- nonce 4- uri 5- response 6-cnonce 7- REGISTERED captured messages As i know this should be {HA1} ={MD5}{A1}={MD5}{username}{realm}{password} {HA2} ={MD5}{A2}={MD5}{method}:{digestURI} response=MD5{HA1}{nonce}{HA2} but i can't find any free script or tool to get it and am working on , so is there any ideas how to break the SIP digest information leakage and the appropriate tool for this except immunity canvas ? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- SIP Digest Authentication Bassem Ammar (Oct 01)
- Re: SIP Digest Authentication Jason Ostrom (Oct 01)
- RE: SIP Digest Authentication Bassem Ammar (Oct 01)
- Re: SIP Digest Authentication Jason Ostrom (Oct 01)