Description of Cain and Abel Software
According to the official website http://www.oxid.it/cain.html , Cain and Abel software is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kinds of passwords by sniffing the network, cracking hashes passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analysing routing protocols.
The latest version is faster and contains a lot of new features like APR (ARP Poison Routing) which enables Sniffing on switched LANs and man in the middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
Who should use Cain and abel software?
Cain and abel has been develepod in the hope that it will be use full for Network administrator, teachers, security counsultants/professional, forensecc staff, security software vender, professional penetration tester, and everyone else that plans to use it for ethical reason.
The system requirements to setup Cain & Abel
The minimum system requirements to use cain and abel are following
– Minimum 10MB hard disk space
– Microsoft Windows OS 2000/XP/2003/Vista OS
– Winpcap Packet Driver (v2.3 or above). http://www.winpcap.org/install/default.htm
– Airpcap Packet Driver (for passive wireless sniffer / WEP cracker). http://airpcap.software.informer.com/
Cain and Abel download and Installation
First we need to download Cain and Abel, go on given link to download Cain and Abel
Installation Cain and Abel is very easy just double click self run executable file and follow the instruction.
Usage Of Cain and Abel software:
After installation complete launch and configure the application, after launching application click on configure option in upper menu.
Now let’s go through the configuration dialog tabs and take a brief look at most of them:
In this Tab you find all the connected Ethernet interface, you can select Ethernet interface card use for sniffing.
This tab allows users to configure ARP poison routing to perform ARP poisoning attack, this trick used the MITM (Man in the Middle Attack).
Filters and Ports Tab:
This tab has the most standard services with their default port running on.You can change the port by right-clicking on the service whose port you want to change and then enabling or disabling it.
Cain’s sniffer filters and application protocol TCP/UDP port.
HTTP Fields Tab:
There are some extreme usefull features of Cain that grab the information from web pages surfed by the victim such as LSA Secrets dumper, HTTP Sniffer and ARP-HTTPS,so the more fields you add to the username and passwords fields, the more you capture HTTP usernames and passwords from HTTP and HTTPS requests.
Traceroute is a technique to find out the path between two points by counting how many hops the packet will travel from the source device to reach the destination device. Cain also adds more functionality that allows hostname resolution, Net mask resolution, and Whois information gathering.
Certificate Spoofing Tab:
This tab will allow Certificate spoofing.From Wikipedia:
“In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document that uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users (“endorsements”). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.”
We can simply think of it as some sort of data (cipher suites & Public key and some other information about the owner of the certificate) that has information about the destination server and is encrypted by trusted companies (CA) that are authorized for creating these types of data.The server sends its own certificate to the client application to make sure it’s talking to the right server.
Certificate Collector Tab:
This tab will collect all certificates back and forth between servers and clients by setting proxy IPs and ports that listen to it.
CHALLENGE SPOOFING TAB:
Here you can set the custom challenge value to rewrite into NTLM authentications packets. This feature can be enabled quickly from Cain’s toolbar and must be used with APR. A fixed challenge enables cracking of NTLM hashes captured on the network by means of Rainbow Tables.
You find cracker tab at the top menu ,the most important feature of Cain.When Cain captures some LM and NTLM hashes or any kind of passwords, Cain sends these passwords into to the Cracker tab automatically. We will import a local SAM file just for demonstration purposes to illustrate this point. Here is how to import the SAM file. When you click on + sign in blue color new window will be popup. Here you will find three options
- Import hashes from local system: this menu allow user to import hashes from SAM Database of local System.
- Import hashes from text file: this option work when you have already dumped hashses into a text file.
- Import hashes from SAM database: in this option you required two files one file contain boot key and another have SAM database.
For demonstration select first option and click Next for next process.
Hi Prabitha, were can we get the AirPCap driver. Its not available in the link you gave.