Penetration Testing mailing list archives
RE: SIP Digest Authentication
From: Bassem Ammar <basem () live ru>
Date: Sun, 2 Oct 2011 01:35:26 +0200
Hi Jaso, Both of sipdump/sipcrack needs sniffed captured data .below info are not sniffed from the network or if you can help me if sipdump/sipcrack can do this !
Subject: Re: SIP Digest Authentication From: justiceguy () pobox com Date: Sat, 1 Oct 2011 14:22:45 -0500 CC: pen-test () securityfocus com To: basem () live ru Bassem, Try sipdump/sipcrack tool. Jason On Sep 30, 2011, at 11:02 PM, Bassem Ammar wrote:HI, How can i got the SIP password if i have the following 1- SIP USER which use in Digest Authorization 2- realm name 3- nonce 4- uri 5- response 6-cnonce 7- REGISTERED captured messages As i know this should be {HA1} ={MD5}{A1}={MD5}{username}{realm}{password} {HA2} ={MD5}{A2}={MD5}{method}:{digestURI} response=MD5{HA1}{nonce}{HA2} but i can't find any free script or tool to get it and am working on , so is there any ideas how to break the SIP digest information leakage and the appropriate tool for this except immunity canvas ? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- SIP Digest Authentication Bassem Ammar (Oct 01)
- Re: SIP Digest Authentication Jason Ostrom (Oct 01)
- RE: SIP Digest Authentication Bassem Ammar (Oct 01)
- Re: SIP Digest Authentication Jason Ostrom (Oct 01)