![[Image: 5Idxu.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_shH32TCyCrBOW532iJZBXhy9A2hprP6-enP_px5Isoe83nsvdG_8ZTWrTG2fMxjYFyHbetbIWS17AzXSqYy8g=s0-d)
How does it Work?
The goal of Cain and Abel was to be able to 'poison' a whole network through ethernet and steal passwords by making the clients think that you are the router instead of the real router and so everything is passed your way which you can 'capture' before sending it to the 'real' router so it can send the request out to the internet, such as click login on Facebook. By capturing this information Cain and Abel can decode it for you if the information is decryptable by Cain and Abel's standards. Basically, it is a program to monitor everything that is going on in a network.
Features:
Spoiler:
Cain's features
- Protected Storage Password Manager
Reveals locally stored passwords of Outlook, Outlook Express, Outlook Express Identities, Outlook 2002, Internet Explorer and MSN Explorer.
- Credential Manager Password Decoder
Reveals passwords stored in Enterprise and Local Credential Sets on Windows XP/2003.
- LSA Secrets Dumper
Dumps the contents of the Local Security Authority Secrets.
- Dialup Password Decoder
Reveals passwords stored by Windows "Dial-Up Networking" component.
- APR (ARP Poison Routing)
Enables sniffing on switched networks and Man-in-the-Middle attacks.
- Route Table Manager
Provides the same functionality of the Windows tool "route.exe" with a GUI front-end.
- SID Scanner
Extracts user names associated to Security Identifiers (SIDs) on a remote system.
- Network Enumerator
Retrieves, where possible, the user names, groups, shares, and services running on a machine.
- Remote Registry
Allows modification of registry parameters from the network.
- Service Manager
Allows you to stop, start, pause/continue or remove a service.
- Sniffer
Captures passwords, hashes and authentication information while they are transmitted on the network. Includes several filters for application specific authentications and routing protocols. The VoIP filter enables the capture of voice conversations transmitted with the SIP/RTP protocol saved later as WAV files.
- Routing Protocol Monitors
Monitors messages from various routing protocols (HSRP, VRRP, RIPv1, RIPv2, EIGRP, OSPF) to capture authentications and shared route tables.
- Full RDP sessions sniffer for APR (APR-RDP)
Allows you to capture all data sent in a Remote Desktop Protocol (RDP) session on the network. Provides interception of keystrokes activity client-side.
- Full SSH-1 sessions sniffer for APR (APR-SSH-1)
Allows you to capture all data sent in SSH-1 sessions on the network.
- Full HTTPS sessions sniffer for APR (APR-HTTPS)
Allows you to capture all data sent in HTTPS sessions on the network.
- Full FTPS sessions sniffer for APR (APR-FTPS)
Allows you to capture all data sent in implicit FTPS sessions on the network.
- Full POP3S sessions sniffer for APR (APR-POP3S)
Allows you to capture all data sent in implicit POP3S sessions on the network.
- Full IMAPS sessions sniffer for APR (APR-IMAPS)
Allows you to capture all data sent in implicit IMAPS sessions on the network.
- Full LDAPS sessions sniffer for APR (APR-LDAPS)
Allows you to capture all data sent in implicit LDAPS sessions on the network.
- Certificates Collector
Grab certificates from HTTPS, IMAPS, POP3S, LDAPS, FTPS web sites and prepares them to be used by relative APR-* sniffer filters.
- MAC Address Scanner with OUI fingerprint
Using OUI fingerprint, this makes an informed guess about what type of device the MAC address from.
- Promiscuous-mode Scanner based on ARP packets
Identifies sniffers and network Intrusion Detection systems present on the LAN.
- Wireless Scanner
Can scan for wireless networks signal within range, giving details on its MAC address, when it was last seen, the guessed vendor, signal strength, the name of the network (SSID), whether it has WEP or not (note WPA encrypted networks will show up as WEPed), whether the network is an Ad-Hoc network or Infrastructure, what channel the network is operating at and at what speed the network is operating (e.g. 11Mbps). Passive scanning and WEP IVs sniffing are also supported using the AirpCap adapter from CACE Technologies.
- 802.11 Capture Files Decoder
Decode 802.11 capture files (wireshark, pcap) containing wireless frames encrypted with WEP or WPA-PSK.
- Access (9x/2000/XP) Database Passwords Decoder
Decodes the stored encrypted passwords for Microsoft Access Database files.
- Base64 Password Decoder
Decodes Base64 encoded strings.
- Cisco Type-7 Password Decoder
Decodes Cisco Type-7 passwords used in router and switches configuration files.
- Cisco VPN Client Password Decoder
Decodes Cisco VPN Client passwords stored in connection profiles (*.pcf).
- VNC Password Decoder
Decodes encrypted VNC passwords from the registry.
- Enterprise Manager Password Decoder
Decodes passwords used by Microsoft SQL Server Enterprise Manager (SQL 7.0 and 2000 supported).
- Remote Desktop Password Decoder
Decodes passwords in Remote Desktop Profiles (.RPD files).
- PWL Cached Password Decoder
Allows you to view all cached resources and relative passwords in clear text either from locked or unlocked password list files.
- Password Crackers
Enables the recovery of clear text passwords scrambled using several hashing or encryption algorithms. All crackers support Dictionary and Brute-Force attacks.
- Cryptanalysis attacks
Enables password cracking using the ‘Faster Cryptanalytic time – memory trade off’ method introduced by Philippe Oechslin. This cracking technique uses a set of large tables of pre calculated encrypted passwords, called Rainbow Tables, to improve the trade-off methods known today and to speed up the recovery of clear text passwords.
- WEP Cracker
Performs Korek's and PTW WEP attacks on 802.11 capture files containing enough WEP initialization vectors.
- Rainbowcrack-online client
Enables password cracking by mean of the outstanding power of this on-line cracking service based on RainbowTable technology.
- NT Hash Dumper + Password History Hases (works with Syskey enabled)
Will retrieve the NT password hash from the SAM file regardless of whether Syskey in enabled or not.
- Syskey Decoder
Will retrieve the Boot Key used by the SYSKEY utility from the local registry or "off-line" SYSTEM files.
- MSCACHE Hashes Dumper
Will retrieve the MSCACHE password hashes stored into the local registry.
- Wireless Zero Configuration Password Dumper
Will retrieve the wireless keys stored by Windows Wireless Configuration Service.
- Microsoft SQL Server 2000 Password Extractor via ODBC
Connects to an SQL server via ODBC and extracts all users and passwords from the master database.
- Oracle Password Extractor via ODBC
Connects to an Oracle server via ODBC and extracts all users and passwords from the database.
- MySQL Password Extractor via ODBC
Connects to an MySQL server via ODBC and extracts all users and passwords from the database.
- Box Revealer
Shows passwords hidden behind asterisks in password dialog boxes.
- RSA SecurID Token Calculator
Can calculate the RSA key given the token's .XML activation file.
- Hash Calculator
Produces the hash values of a given text.
- TCP/UDP Table Viewer
Shows the state of local ports (like netstat).
- TCP/UDP/ICMP Traceroute with DNS resolver and WHOIS client
A improved traceroute that can use TCP, UDP and ICMP protocols and provides whois client capabilities.
- Cisco Config Downloader/Uploader (SNMP/TFTP)
Downloads or uploads the configuration file from/to a specified Cisco device (IP or host name) given the SNMP read/write community string.
Abel Features
- Remote Console
Provides a remote system shell on the remote machine.
- Remote Route Table Manager
Enable to manage the route table of the remote system.
- Remote TCP/UDP Table Viewer
Shows the state of local ports (like netstat) on the remote system.
- Remote NT Hash Dumper + Password History Hases (works with Syskey enabled)
Will retrieve the NT password hash from the SAM file regardless of whether Syskey in enabled or not; works on the Abel-side.
- Remote LSA Secrets Dumper
Dumps the contents of the Local Security Authority Secrets present on the remote system.
How do I use it?
Spoiler:
1.This is labelled to show the important buttons and what shows up once you open Cain and Abel.
![[Image: ILCGF.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v0QsPQw8lrRjWGS-EjvJypvIxgdOnC6bY0QBwid1zsxp1Tvcrvixzzgz72yh4CJkAPMXXJ3B3jKrLaWPAk9A=s0-d)
Familiarise yourself with Cain and Abel and take a poke around. You you click random stuff nothing will stuff up your PC.
2.Networks Tab:
![[Image: k0to3.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tGJmKuPbgiHZtykJsJwNK1D9HUeSO1ppmR8lSBt-vlhz7aREKccp4U5XxMPLy6f7-wdkKyVJcJPB74ix0QKkY=s0-d)
Shows all of the computers connected to your network and if you have the password and username you can access them.
3.SnifferTab:
![[Image: Dq8FL.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sgqXBzBP_-nMC-ei5BVkoLhSyxlPtCUHiJLNCxzHSSMSUZT2GlS9KOucK1mAqt-qx9mluAX25Iqf__rWbiqCM=s0-d)
Note: Turn off firewalls to prevent AVs and other firewalls to stop Cain and Abel from scouring your network! Cain and Abel is NOT a virus, but has hacking behaviours which AVs pick up.
3.APR:
![[Image: YB7pe.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ti-g-5L_-Ru6pOz-asH3-pK4kESCyx3lklrZGiL0U_SO8dMNvNPmqFxtZZDM3pqdJ_zBQQ-mwnCMXqaUebKsI=s0-d)
The next image will show what you see when you click the +
![[Image: rfjTi.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v50LAH7XJGOVj3bHsKULB344AXMQ46ExH6sViTz8E2RwFcxILqswX30xdFevY95p1-HiuTJaf6Ps6ydBhKAAA=s0-d)
2.Password Tab:
This is where all the stuff that has been picked up by the sniffer and APR will be here. High-lighted in red is where everything picked up via HTTP or browsers are sent out to router:
![[Image: YoamA.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t3lQrUAUFHlgIWIZjmdALr5yiv1ehibVBqmNfmx6pOuNZDHhqVleki_ZX5I0RsztgX32rxKHJfB6Qb0gUDTA=s0-d)
3.Cracker Tab:
Once you have received some hashes for RDC for example you can use the cracker and by Right-clicking you can add a list to crack:
![[Image: GiZdW.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vNuZGEFQWRAiWtf9pcwBoUwZkkCpaDyvU-1Z3Hj5SqMwcI7cIMLg7LWExA8CbGE3RkTheadCatuQkipwESA6A=s0-d)
Familiarise yourself with Cain and Abel and take a poke around. You you click random stuff nothing will stuff up your PC.
2.Networks Tab:
Shows all of the computers connected to your network and if you have the password and username you can access them.
3.SnifferTab:
Note: Turn off firewalls to prevent AVs and other firewalls to stop Cain and Abel from scouring your network! Cain and Abel is NOT a virus, but has hacking behaviours which AVs pick up.
3.APR:
The next image will show what you see when you click the +
2.Password Tab:
This is where all the stuff that has been picked up by the sniffer and APR will be here. High-lighted in red is where everything picked up via HTTP or browsers are sent out to router:
3.Cracker Tab:
Once you have received some hashes for RDC for example you can use the cracker and by Right-clicking you can add a list to crack:
All the other options are easy to use and other crackers just involve putting in the hashes!
I hope this TUT was satisfactory!
