Penetration Testing
SIP Digest Authenticationþ Oct 01 2011 04:02AM
Bassem Ammar (basem live ru) (1 replies)

HI,

How can i got the SIP password if i have the following

1- SIP USER which use in Digest Authorization
2- realm name
3- nonce
4- uri
5- response
6-cnonce
7- REGISTERED captured messages

As i know this should be

{HA1} ={MD5}{A1}={MD5}{username}{realm}{password}
{HA2} ={MD5}{A2}={MD5}{method}:{digestURI}
response=MD5{HA1}{nonce}{HA2}

but
i can't find any free script or tool to get it and am working on , so
is there any ideas how to break the SIP digest information leakage and
the appropriate tool for this except immunity canvas ?

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: SIP Digest Authentication� Oct 01 2011 07:22PM
Jason Ostrom (justiceguy pobox com) (1 replies)
RE: SIP Digest Authenticationþ Oct 01 2011 11:35PM
Bassem Ammar (basem live ru)


 

Privacy Statement
Copyright 2010, SecurityFocus