Penetration Testing mailing list archives
Re: SIP Digest Authentication
From: Jason Ostrom <justiceguy () pobox com>
Date: Sat, 1 Oct 2011 14:22:45 -0500
Bassem, Try sipdump/sipcrack tool. Jason On Sep 30, 2011, at 11:02 PM, Bassem Ammar wrote:
HI, How can i got the SIP password if i have the following 1- SIP USER which use in Digest Authorization 2- realm name 3- nonce 4- uri 5- response 6-cnonce 7- REGISTERED captured messages As i know this should be {HA1} ={MD5}{A1}={MD5}{username}{realm}{password} {HA2} ={MD5}{A2}={MD5}{method}:{digestURI} response=MD5{HA1}{nonce}{HA2} but i can't find any free script or tool to get it and am working on , so is there any ideas how to break the SIP digest information leakage and the appropriate tool for this except immunity canvas ? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- SIP Digest Authentication Bassem Ammar (Oct 01)
- Re: SIP Digest Authentication Jason Ostrom (Oct 01)
- RE: SIP Digest Authentication Bassem Ammar (Oct 01)
- Re: SIP Digest Authentication Jason Ostrom (Oct 01)