SIPcrack - SIP login dumper/cracker
Download: SIPcrack-0.2.tar.gzMD5: codito.de/remote-exploit-md5/sipcrack.txt
Author: Martin J. Muench
Background:
Session Initiation Protocol (SIP) is a protocol developed by the IETF MMUSIC Working Group and is a proposed standard for initiating, modifying, and terminating an interactive user session that involves multimedia elements such as video, voice, instant messaging, online games, and virtual reality.
In November 2000, SIP was accepted as a 3GPP signaling protocol and permanent element of the IMS architecture.
It is one of the leading signalling protocols for Voice over IP, along with H.323. In most VOIP solutions SIP is used to authenticate the SIPclient.
The protocol is documented inside the RFC at www.ietf.org/rfc/rfc3261.txt
Components:
SIPcrack is a SIP login sniffer/cracker that contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input.
Compile / Build instructions:
Download the tar.gz and unpack it into a folder.
Change into that folder and type 'make'.
If you don't have OpenSSL installed or encounter any building problems try 'make no-openssl' to build with integrated MD5 function (which is slower than the OpenSSL implementation).
Generic usage:
SIPdump: Use sipdump to dump SIP digest authentications. If a login is found, the sniffed login is written to the dump file.
See 'sipdump -h' for options.
SIPcrack: Use sipcrack to bruteforce the user's password with the dump file generated by sipdump. If a password is found, the sniffed and cracked login will be updated in the dump file. See 'sipcrack -h' for options.
Example usage:
sipdump: sipdump -i eth0 logins.dump
sipcrack: sipcrack -w mywordlist.txt logins.dump
Support && Bugs:
If you find any SIP logins that SIPdump does not detect please create a packet dump (e.g. 'tcpdump -s 0 -w packetdump.txt tcp or udp') and send it to mjm (-@-) remote-exploit.org including the name and the version of the client and server you use! (If it's your own SIP login/account just use a wrong password and username).
Screenshot:
SIPCrack 0.1 ( MaJoMu | www.remote-exploit.org ) -------------------------------------------------- * Reading and parsing dump file... * Found Accounts: Num Server Client User Algorithm Hash / Password 1 192.168.19.81 192.168.19.120 500 PLAIN 12345 2 192.168.19.81 192.168.19.120 500 PLAIN 34after12 3 192.168.19.81 192.168.19.120 500 MD5 d3bc10e4f2c9c275fe7da2f20f17600f 4 192.168.19.81 192.168.19.120 500 MD5 e5827d8cda285252d5ce87ad8e3c64ca 5 192.168.19.81 192.168.19.120 500 MD5 6524e36531b0dd77efa87cede26b4af3 * Select which entry to crack (1 - 5): 3 * Generating static MD5 hash...1a24e68fa4904bd8ce0b7a2b37fffab2 * Starting bruteforce against user '500' (MD5 Hash: 'd3bc10e4f2c9c275fe7da2f20f17600f') * Loaded wordlist: 'big-wordlist.txt' * Tried 8462686 passwords in 13 seconds * Found password: 'a1b2c3' * Updating 'logins-sip.txt'...done
Please note, this was not on a fast computer. We did some testing with other systems and had results of up to 1.000.000 password tries per second.