CRAM-MD5 online generation
Fill the below text fileds for on-line generation of login string (JUMP directly).
IMAP
a AUTHENTICATE CRAM-MD5
+ PDBFOTRCMUMwMkY5NDFFEFU2QkM5MjVFMUITFCMjZAbGaABCDFGRWNlLml0Pg== Challenge
dXNlcm5hbWUgM2VlZWRmNWRmZGJmMDhlNzI4YWMwMjdiMTVkZjAxY2Q= login answer
a OK authentication successful
SMTP
AUTH CRAM-MD5
334 PDUzMzk4QzlBMDQ3QzAxKKdAYWxpY2UuhThYM2OEE5MUBzdC5hbGljZS5pdD4= Challenge
bS5yb3NzNTAwMWUzMYWxpY2UuaXQgZGU4YmKhdyAdhjfzYzNTAwzhiNjI2MGVmOTg= login answer
235 CRAM-MD5 authentication successful
(click example) Complete IMAP login transaction
Note: RED are answers from server / GREEN are client commands
Busybook:~ busycrack$ telnet in.server.test 143
Trying 192.168.2.1...
Connected to in.server.test.
Escape character is '^]'.
* OK IMAP4 PROXY server ready
a CAPABILITY
* CAPABILITY IMAP4rev1 LOGIN-REFERRALS QUOTA CHILDREN AUTH= CRAM-MD5 AUTH=PLAIN
a OK capabilities listed
a AUTHENTICATE CRAM-MD5
+ PDBFOTRCMUMwMkY5NDFFEFU2QkM5MjVFMUITFCMjZAbG9naW5wcm94eTZiLLmFsaWNlLml0Pg== Challenge
dXNlcm5hbWUgM2VlZWRmNWRmZGJmMDhlNzI4YWMwMjdiMTVkZjAxY2Q=
a OK authentication successful
Busybook:~ busycrack$ telnet in.server.test 143
Trying 192.168.2.1...
Connected to in.server.test.
Escape character is '^]'.
* OK IMAP4 PROXY server ready
a CAPABILITY
* CAPABILITY IMAP4rev1 LOGIN-REFERRALS QUOTA CHILDREN AUTH= CRAM-MD5 AUTH=PLAIN
a OK capabilities listed
a AUTHENTICATE CRAM-MD5
+ PDBFOTRCMUMwMkY5NDFFEFU2QkM5MjVFMUITFCMjZAbG9naW5wcm94eTZiLLmFsaWNlLml0Pg== Challenge
dXNlcm5hbWUgM2VlZWRmNWRmZGJmMDhlNzI4YWMwMjdiMTVkZjAxY2Q=
a OK authentication successful
(click example) Complete SMTP login transaction
Note: RED are answers from server / GREEN are client commands
Busybook:~ busycrack$ telnet smtp.test.priv 587
Trying 192.168.2.1
Connected to smtp.test.priv.
Escape character is '^]'.
220 smtp202.test.priv ESMTP Service ready
EHLO me.it
250-smtp202.test.priv
250-DSN
250-8BITMIME
250-PIPELINING
250-HELP
250-AUTH=LOGIN
250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN
250-DELIVERBY 300
250 SIZE 31457280
AUTH CRAM-MD5
334 PDUzMzk4QzlBMDQ3QzAxKKdAYWxpY2UuhThYM2OEE5MUBzdC5hbGljZS5pdD4= Challenge
bS5yb3NzNTAwMWUzMYWxpY2UuaXQgZGU4YmKhdyAdhjfzYzNTAwzhiNjI2MGVmOTg=
235 CRAM-MD5 authentication successful
Busybook:~ busycrack$ telnet smtp.test.priv 587
Trying 192.168.2.1
Connected to smtp.test.priv.
Escape character is '^]'.
220 smtp202.test.priv ESMTP Service ready
EHLO me.it
250-smtp202.test.priv
250-DSN
250-8BITMIME
250-PIPELINING
250-HELP
250-AUTH=LOGIN
250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN
250-DELIVERBY 300
250 SIZE 31457280
AUTH CRAM-MD5
334 PDUzMzk4QzlBMDQ3QzAxKKdAYWxpY2UuhThYM2OEE5MUBzdC5hbGljZS5pdD4= Challenge
bS5yb3NzNTAwMWUzMYWxpY2UuaXQgZGU4YmKhdyAdhjfzYzNTAwzhiNjI2MGVmOTg=
235 CRAM-MD5 authentication successful
#1 Specify here :
Email Address:
(example: tst123@testdom.it)
Password:
can't guarantee protection of information
#2 CRAM-MD5 generator:
Please insert below the Challenge from server without + or 334 like: PDBFOTRCMUMwM...NlLml0Pg==Challenge:
#2.1 Info
https://en.wikipedia.org/wiki/CRAM-MD5
PHP like...
| Challenge: The server sends a base64-encoded string to the client. Before encoding, it could be any random string, but the standard that currently defines CRAM-MD5 says that it is in the format of a Message-ID email header value (including angle brackets) and includes an arbitrary string of random digits, a timestamp, and the server's fully qualified domain name. | $Challenge="+PDBFOTRNwLmFsaWNlLml0Pg==" |
| Response: The client responds with a string created as follows. 1. The challenge is base64-decoded. 2. The decoded challenge is hashed using HMAC-MD5, with a shared secret (typically, the user's password, or a hash thereof) as the secret key. 3, The hashed challenge is converted to a string of lowercase hex digits. 4. The username and a space character are prepended to the hex digits. 5. The concatenation is then base64-encoded and sent to the server |
$ch = base64_decode($Challenge); $ps = hash_hmac('MD5', $ch ,"password"); $Response=base64_encode("username $ps"); |
| Comparison: The server uses the same method to compute the expected response. If the given response and the expected response match, then authentication was successful. |
User Rating
( votes)
