Hi!
I'm trying to use hashcat to crack a SIP authentication password. I have good reasons to think the password is relatively short so I think it's feasible to brute force it. I have basically unlimited access to a traffic flow of a phone registering in to the server, but I don't have actual access to either of the endpoints, only the traffic between them. Because of this, I can provide dozens of challenge-response pairs that all map to the same username and password.
The question is: would hashcat benefit from this? I know if it was a simple hash this question wouldn't make sense, but since SIP authentication involves nonces and some more complex math, I'm not so sure.
Thanks
[link] [comments]
from hacking: security in practice https://ift.tt/EDdhzUL
Comments
Post a Comment