Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

hashcat Forum > Support > hashcat > http authentication
Full Version: http authentication
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mos

11-28-2017, 04:31 PM
hi
i have a http authentication and i want to crack with hashcat with SIP 11400 attack.
but i dont know how to order the data
 the data for the example is:
Digest username="Mufasa",
                    realm="[email protected]",
                    nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                    uri="/dir/index.html",
                    qop=auth,
                    nc=00000001,
                    cnonce="0a4f113b",
                    response="6629fae49393a05397450978507c4ef1",
                    opaque="5ccc069c403ebaf9f0171e9517f40e41"
                   method : GET
the password for example is "Circle Of Life"

if i understand the sip and http authentication is the same algoritm
HA1=MD5(username:realm:password)HA2=MD5(method:digestURI)response=MD5(HA1:nonce:HA2)

can u help me?

philsmd

11-28-2017, 05:16 PM
The format is as explained here: https://github.com/hashcat/hashcat/issues/1021 just this one:
$sip$*[URI_SERVER]*[URI_CLIENT]*[USERNAME]*[REALM]*[METHOD]*[URI_PREFIX]*[URI_RESOURCE]*[URI_SUFFIX]*[NONCE_SERVER]*[NONCE_CLIENT]*[NONCE_COUNT]*[QOP]*[DIRECTIVE]*[MD5]

Therefore your hash should look like this:
Code:
$sip$***Mufasa*[email protected]*GET**/dir/index.html**dcd98b7102dd2f0e8b11d0f600bfb0c093*0a4f113b*00000001*auth*MD5*6629fae49393a05397450978507c4ef1

BTW: Do NOT post hashes on the forum when not asked by a moderator/admin. You will get banned
hashcat Forum > Support > hashcat > http authentication