CRAM-MD5 authentication online generator

2016-04-17
5,742 Views
3 Min Read

CRAM-MD5 online generation

CRAM-MD5 Online generator
CRAM-MD5 Online generator

Fill the below text fileds for on-line generation of login string (JUMP directly).
IMAP
a AUTHENTICATE CRAM-MD5
+ PDBFOTRCMUMwMkY5NDFFEFU2QkM5MjVFMUITFCMjZAbGaABCDFGRWNlLml0Pg==   Challenge
dXNlcm5hbWUgM2VlZWRmNWRmZGJmMDhlNzI4YWMwMjdiMTVkZjAxY2Q=  login answer
a OK authentication successful
SMTP
AUTH CRAM-MD5
334 PDUzMzk4QzlBMDQ3QzAxKKdAYWxpY2UuhThYM2OEE5MUBzdC5hbGljZS5pdD4=   Challenge
bS5yb3NzNTAwMWUzMYWxpY2UuaXQgZGU4YmKhdyAdhjfzYzNTAwzhiNjI2MGVmOTg=  login answer
235 CRAM-MD5 authentication successful

(click example) Complete IMAP login transaction
Note: RED are answers from server / GREEN are client commands
Busybook:~ busycrack$ telnet in.server.test 143
Trying 192.168.2.1…
Connected to in.server.test.
Escape character is ‘^]’.
* OK IMAP4 PROXY server ready
a CAPABILITY
* CAPABILITY IMAP4rev1 LOGIN-REFERRALS QUOTA CHILDREN AUTH= CRAM-MD5  AUTH=PLAIN
a OK capabilities listed
a AUTHENTICATE CRAM-MD5
+ PDBFOTRCMUMwMkY5NDFFEFU2QkM5MjVFMUITFCMjZAbG9naW5wcm94eTZiLLmFsaWNlLml0Pg==  Challenge
dXNlcm5hbWUgM2VlZWRmNWRmZGJmMDhlNzI4YWMwMjdiMTVkZjAxY2Q=
a OK authentication successful
(click example) Complete SMTP login transaction
Note: RED are answers from server / GREEN are client commands
Busybook:~ busycrack$ telnet smtp.test.priv 587
Trying 192.168.2.1
Connected to smtp.test.priv.
Escape character is ‘^]’.
220 smtp202.test.priv ESMTP Service ready
EHLO me.it
250-smtp202.test.priv
250-DSN
250-8BITMIME
250-PIPELINING
250-HELP
250-AUTH=LOGIN
250-AUTH LOGIN  CRAM-MD5  DIGEST-MD5 PLAIN
250-DELIVERBY 300
250 SIZE 31457280
AUTH CRAM-MD5
334 PDUzMzk4QzlBMDQ3QzAxKKdAYWxpY2UuhThYM2OEE5MUBzdC5hbGljZS5pdD4=  Challenge
bS5yb3NzNTAwMWUzMYWxpY2UuaXQgZGU4YmKhdyAdhjfzYzNTAwzhiNjI2MGVmOTg= 
235 CRAM-MD5 authentication successful

#1 Specify here :

Email Address:

(example: tst123@testdom.it)
Password:

can’t guarantee protection of information

#2 CRAM-MD5 generator:

(click example) Authentication Challenge
IMAP
a AUTHENTICATE CRAM-MD5
+ PDBFOTRCMUMwMkY5NDFFEFU2QkM5MjVFMUITFCMjZAbGaABCDFGRWNlLml0Pg==   Challenge
dXNlcm5hbWUgM2VlZWRmNWRmZGJmMDhlNzI4YWMwMjdiMTVkZjAxY2Q=
a OK authentication successful

SMTP
AUTH CRAM-MD5
334 PDUzMzk4QzlBMDQ3QzAxKKdAYWxpY2UuhThYM2OEE5MUBzdC5hbGljZS5pdD4=   Challenge
bS5yb3NzNTAwMWUzMYWxpY2UuaXQgZGU4YmKhdyAdhjfzYzNTAwzhiNjI2MGVmOTg= 

Please insert below the Challenge from server  without + or 334 like:  PDBFOTRCMUMwM…NlLml0Pg== 
Challenge:


#2.1 Info

https://en.wikipedia.org/wiki/CRAM-MD5
PHP like…

Challenge: The server sends a base64-encoded string to the client. Before encoding, it could be any random string, but the standard that currently defines CRAM-MD5 says that it is in the format of a Message-ID email header value (including angle brackets) and includes an arbitrary string of random digits, a timestamp, and the server’s fully qualified domain name. $Challenge=”+PDBFOTRNwLmFsaWNlLml0Pg==”
Response: The client responds with a string created as follows.
1. The challenge is base64-decoded.
2. The decoded challenge is hashed using HMAC-MD5, with a shared secret (typically, the user’s password, or a hash thereof) as the secret key.
3, The hashed challenge is converted to a string of lowercase hex digits.
4. The username and a space character are prepended to the hex digits.
5. The concatenation is then base64-encoded and sent to the server		 $ch = base64_decode($Challenge);
$ps = hash_hmac(‘MD5’, $ch ,”password“);
$Response=base64_encode(“username $ps“);
Comparison: The server uses the same method to compute the expected response. If the given response and the expected response match, then authentication was successful.  

Sending
User Review
3.83 (6 votes)
Tags

Advertisement