1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
[ SIPcrack ]
-[ Introduction
SIPcrack is a suite for sniffing and cracking the digest authentification
used in the SIP protocol.
For more details regarding the digest authentication mechanism see:
RFC3261 - SIP: Session Initiation Protocol
RFC2617 - HTTP Authentication: Basic and Digest Access Authentication
-[ Compile
Just type 'make'.
If you don't have OpenSSL installed or encounter any building problems try
'make no-openssl' to build with integrated MD5 function (which is slower
than the OpenSSL implementation).
-[ Usage
Use sipdump to dump SIP digest authentications to a file.
If a login is found, the sniffed login is written to the dump file.
See 'sipdump -h' for options.
Use sipcrack to bruteforce the user password using the dump file
generated by sipdump.
If a password is found, the sniffed login in the dump file is updated
See 'sipcrack -h' for options.
USAGE_EXAMPLES contains some extended usage examples.
-[ Support && Bugs
If you find any SIP logins that sipdump does not detect or sipcrack is
not able to crack please create a packet dump:
e.g. 'tcpdump -s 0 -w packetdump.txt tcp or udp')
...and send it to mjm'at'codito.de!
NOTE: For this purpose use a wrong password and include it in your
bug report.
-[ Author
Martin J. Muench
Mail: mjm'at'codito.de
Web: www.codito.de | www.remote-exploit.org
-[ Thanks
Max Moser
Lucian Hanga
|
