Network

Hello,

I’m stuck trying to reproduce the first client proof for the first XMPP exchange (the one in which the authentication fail). According to the PCAP the server provide theses responses:

“r=hydra4OjoFBGFJyzTaBWKiGfuqNM+v9rDA0wn,s=qgiJIJQsQPhvAotJWVNHPQ==,i=4096”

And the challenge author have indicated, as hint, that for this exchange, the login = password. The client proof generated is (p parameter):

“c=biws,r=hydra4OjoFBGFJyzTaBWKiGfuqNM+v9rDA0wn,p=anvxRRv7SVKIwwsJ3Y6/0hKC0YU=”

But when i use the salt, the iteration and the initial login (koma_test) provided the proof computed is never equals to one expected (using SCRAM-SHA1). I have also try using a XMPP client supporting SASL with SCRAM-SHA1 without success :(

Anyone know where I have miss something ?

Thanks you very much in advance :)

Hello,

Xmpp challenge password dictionary advice? I have working script but no wordlist file. I think its contain partialy the username: ****. Maybe I have to filter rockyou.txt list with *** or *** string?

Thanks!