sipdump –p invite.pcap invite
把invite.pcap中带鉴权的信息转换为文本,存在invite中
sipcrack –w pw.txt invite
把所有可能的密码写到pw.txt中(每个密码占一行),再使用pw.txt去破解invite中的鉴权
如果破解不成功,会提示如下
[root@telpotest sipcrack-0.2]# ./sipcrack -w pw.txt invite
SIPcrack 0.2 ( MaJoMu | www.codito.de )
----------------------------------------
* Found Accounts:
Num Server Client User Hash|Password
1 172.28.129.8 172.28.129.152 9001 42a31dc80689472a8cec2618e53b1fb3
* Select which entry to crack (1 - 1): 1
* Generating static MD5 hash... eb6759ce61812e566ce1e89ed6f98bb2
* Loaded wordlist: 'pw.txt'
* Starting bruteforce against user '9001' (MD5: '42a31dc80689472a8cec2618e53b1fb3')
* Tried 1 passwords in 0 seconds
Tried all passwords, no match
破解成功会提示如下
[root@telpotest sipcrack-0.2]# ./sipcrack -w pw.txt invite
SIPcrack 0.2 ( MaJoMu | www.codito.de )
----------------------------------------
* Found Accounts:
Num Server Client User Hash|Password
1 172.28.129.8 172.28.129.152 9002 f3268e120ffc4d3e8253500dfbc2405f
* Select which entry to crack (1 - 1): 1
* Generating static MD5 hash... 6fe695c44d56ddf46c396b3bd0c1ef4c
* Loaded wordlist: 'pw.txt'
* Starting bruteforce against user '9002' (MD5: 'f3268e120ffc4d3e8253500dfbc2405f')
* Tried 1 passwords in 0 seconds
* Found password: '123456'
* Updating dump file 'register'... done