.TH SVCRACK "1" "November 2012" "svcrack v0.2.8" "User Commands" .SH NAME svcrack \- online password guessing tool for SIP devices .SH SYNOPSIS .B svcrack \fI-u username \fR[\fIoptions\fR] \fItarget\fR .SH DESCRIPTION svcrack is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. .PP .SH OPTIONS .TP \fB\-\-version\fR show program's version number and exit .TP \fB\-h\fR, \fB\-\-help\fR show this help message and exit .TP \fB\-v\fR, \fB\-\-verbose\fR Increase verbosity .TP \fB\-q\fR, \fB\-\-quiet\fR Quiet mode .TP \fB\-p\fR PORT, \fB\-\-port\fR=\fIPORT\fR Destination port or port ranges of the SIP device \- eg \fB\-p5060\fR,5061,8000\-8100 .TP \fB\-P\fR PORT, \fB\-\-localport\fR=\fIPORT\fR Source port for our packets .TP \fB\-x\fR IP, \fB\-\-externalip\fR=\fIIP\fR IP Address to use as the external ip. Specify this if you have multiple interfaces or if you are behind NAT .TP \fB\-b\fR BINDINGIP, \fB\-\-bindingip\fR=\fIBINDINGIP\fR By default we bind to all interfaces. This option overrides that and binds to the specified ip address .TP \fB\-t\fR SELECTTIME, \fB\-\-timeout\fR=\fISELECTTIME\fR This option allows you to trottle the speed at which packets are sent. Change this if you're losing packets. For example try 0.5. .TP \fB\-R\fR, \fB\-\-reportback\fR Send the author an exception traceback. Currently sends the command line parameters and the traceback .TP \fB\-A\fR, \fB\-\-autogetip\fR Automatically get the current IP address. This is useful when you are not getting any responses back due to SIPVicious not resolving your local IP. .TP \fB\-s\fR NAME, \fB\-\-save\fR=\fINAME\fR save the session. Has the benefit of allowing you to resume a previous scan and allows you to export scans .TP \fB\-\-resume\fR=\fINAME\fR resume a previous scan .TP \fB\-c\fR, \fB\-\-enablecompact\fR enable compact mode. Makes packets smaller but possibly less compatible .TP \fB\-u\fR USERNAME, \fB\-\-username\fR=\fIUSERNAME\fR username to try crack .TP \fB\-d\fR DICTIONARY, \fB\-\-dictionary\fR=\fIDICTIONARY\fR specify a dictionary file with passwords .TP \fB\-r\fR RANGE, \fB\-\-range\fR=\fIRANGE\fR specify a range of numbers. example: 100\-200,300\-310,400 .TP \fB\-e\fR EXTENSION, \fB\-\-extension\fR=\fIEXTENSION\fR Extension to crack. Only specify this when the extension is different from the username. .TP \fB\-z\fR PADDING, \fB\-\-zeropadding\fR=\fIPADDING\fR the number of zeros used to padd the password. the options "\-r 1\-9999 \fB\-z\fR 4" would give 0001 0002 0003 \&... 9999 .TP \fB\-n\fR, \fB\-\-reusenonce\fR Reuse nonce. Some SIP devices don't mind you reusing the nonce (making them vulnerable to replay attacks). Speeds up the cracking. .TP \fB\-T\fR TEMPLATE, \fB\-\-template\fR=\fITEMPLATE\fR A format string which allows us to specify a template for the extensions example svwar.py \fB\-e\fR 1\-999 \fB\-\-template=\fR"123%#04i999" would scan between 1230001999 to 1230999999" .TP \fB\-\-maximumtime\fR=\fIMAXIMUMTIME\fR Maximum time in seconds to keep sending requests without receiving a response back .TP \fB\-D\fR, \fB\-\-enabledefaults\fR Scan for default / typical passwords such as 1000,2000,3000 ... 1100, etc. This option is off by default. Use \fB\-\-enabledefaults\fR to enable this functionality .TP \fB\-\-domain\fR=\fIDOMAIN\fR force a specific domain name for the SIP message, eg. \fB\-d\fR example.org .IP SIPvicious password cracker is an online password guessing tool for SIP devices Copyright (C) 2012 Sandro Gauci .IP This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. .IP This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. .IP You should have received a copy of the GNU General Public License along with this program. If not, see . .SH EXAMPLES To try guess the password of user 100 in server 10.0.0.1: .PP svcrack \fB\-u100\fR \fB\-d\fR dictionary.txt 10.0.0.1 .PP To try guess the password of range the user 1-9999 in server 10.0.0.1: .PP svcrack \fB\-u100\fR \fB\-r1\-9999\fR \fB\-z4\fR 10.0.0.1 .SH "SEE ALSO" The full documentation for .B svcrack is maintained as a Texinfo manual. If the .B info and .B svcrack programs are properly installed at your site, the command .IP .B info svcrack .PP should give you access to the complete manual.