Penetration Testing
SIP Digest Authenticationþ Oct 01 2011 04:02AM
Bassem Ammar (basem live ru) (1 replies)
Re: SIP Digest Authentication� Oct 01 2011 07:22PM
Jason Ostrom (justiceguy pobox com) (1 replies)
RE: SIP Digest Authenticationþ Oct 01 2011 11:35PM
Bassem Ammar (basem live ru)

Hi Jaso,

 Both of sipdump/sipcrack needs sniffed captured data .below info are not sniffed from the network or if you can help me if
sipdump/sipcrack can do this !

> Subject: Re: SIP Digest Authenticationþ
> From: justiceguy (at) pobox (dot) com [email concealed]
> Date: Sat, 1 Oct 2011 14:22:45 -0500
> CC: pen-test (at) securityfocus (dot) com [email concealed]
> To: basem (at) live (dot) ru [email concealed]
>
> Bassem,
>
> Try sipdump/sipcrack tool.
>
> Jason
> On Sep 30, 2011, at 11:02 PM, Bassem Ammar wrote:
>
> >
> > HI,
> >
> > How can i got the SIP password if i have the following
> >
> > 1- SIP USER which use in Digest Authorization
> > 2- realm name
> > 3- nonce
> > 4- uri
> > 5- response
> > 6-cnonce
> > 7- REGISTERED captured messages
> >
> > As i know this should be
> >
> > {HA1} ={MD5}{A1}={MD5}{username}{realm}{password}
> > {HA2} ={MD5}{A2}={MD5}{method}:{digestURI}
> > response=MD5{HA1}{nonce}{HA2}
> >
> > but
> > i can't find any free script or tool to get it and am working on , so
> > is there any ideas how to break the SIP digest information leakage and
> > the appropriate tool for this except immunity canvas ?
> >
> > ------------------------------------------------------------------------

> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------

> >
> >
>
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus