Hi, My name is Dustin Perry and welcome to password Cracking Cain and Abel is a password recovery tool that was built for Microsoft operating systems. It allows easy recovery of various passwords by sniffing the network, cracking encrypted passwords by brute forcing in dictionary attacks, and it can also recover wireless network. Ese
Cain and Abel can also uncover cast credentials and analyze routing protocols. While stiffing the network,
came enable a typically used by network at Mons teachers, pen testers and Attackers alike.
Installing Cain and Abel is really easy to do.
All you need to do is download the installer, which can be found on O X i d dot i t slash king,
run the self in song package and follow the installation instructions. Um, I have seen their site be blocked or down in a lot of places, so you may need to find it somewhere else. But once you get that installer, it's just a regular E x C thing can run on your machine.
So let's go ahead and hop into our lab environment and I'll walk you through it.
Okay, so you can see now we are in our lab environment. I do have the installer right here. It's just the sea. A underscore setup dot e x e.
And as I mentioned, it's just a regular e x c. So it's really easy to install on your Windows machine.
The first thing we're gonna go ahead and do it just double click the installer,
and it will launch the installation wizard.
And, as you can see, this installation program will install Cain and Abel version 4.9 point 56
So if you hit next tells you a little bit about the licensing agreement for the program and self you can hit next
here, you can tell it where to install the program. Typically, I just leave it at the default, which is seed program files and that cane. Go ahead and click next.
Here. You can name um into the name of the program manager group. We just leave it as cane. Next,
you are now ready to install its really quick so school hadn't hit next,
and there we go, so it has already been successfully installed. If you click finish, it does prompt you to install the wind pea cap driver for that network sniffing. I've already done that on this machine, so I'm not going to do that. But if you haven't installed that and you do plan to use
Cain and Abel for that network sniffing portion and not just password cracking,
you can click install here, but I won't. And then you can see I've got it on my desktop right here. And that's just keen
any time you launch it. If you've got the Windows firewall enabled, you will get this little error. It says Windows Firewall is enabled. Some of cane teachers will not work correctly, so that's just letting you know that Window's fire will may be blocking some things. If you were going to do a lot of the network sniffing stuff, you may want to disable
your Windows firewall or other security programs. He may have running because
this they will catch this as a hacking program and Bloxham stuff.
Go and click okay
and you see it launches right up.
So that's it. Before we get too far into this, we're gonna hop back into our slide show and discuss a few of the things that were able to do with Cain and Abel, and then we'll get started,
So using Cain and Abel is relatively straightforward. There's a lot of stuff you can do with it, but the first thing we're going to try and do is a little bit of network sniffing to see what's going on in the network. After that, we're going to run. Some are poisoning attacks in order to be the gateway for the network or a man in the middle.
And after that real quick demo, we're going to get into the real reason we installed Cain and Abel,
and that's cracking some passwords. So let's go ahead and hop in our lab and get started,
Okay? So you can see I am in the lab now and I've got Cain and Abel open. We're gonna blow it up here so you can see everything. So the first step in order to our what we're gonna do, sniff on the network, we're gonna need to make sure network is configured. So if we go to configure up here
and go to our sniffer, we've only got the one device, so that is good there. So it's going to hit. Okay,
so we're going to stay sniff on that network, and we can just click this one right here. Start.
And if you hover over the buttons, that will tell you what they do. But this is the start and stop sniffers. Let's go and start this.
All right. And now I'm thinking about I don't think there's actually on this current network Kasich Issa, um, a lab network.
But let's go ahead and see if we can
scanned for all hosts.
He had a little plus and all hosts in my sub net.
And then you can click, Okay?
And we did that from the sniffer taps you sniffer and then the plus.
And once you've got a host, you can scan the Mac address, and you can also try and resolve it or remove it if you don't want it in these results. So let's go ahead and try and resolve these. I'm not sure if it's actually going to work in on, but you just right click
and resolve hosting
what I go.
Okay, It doesn't look like it's actually gonna resolve any of these,
and I'm not sure what they are, since they're just in one of my pre built labs
for his last one real quick.
OK, so it didn't actually resolve anything. They're just lab devices, so nothing real crazy there. But let's go ahead and do our Ah, So you had to do the art poisoning and all you need to do to run the art poisoning and act as that man in the middle is click, start and stop so you can see the art poisoning is a little radioactive icon.
And you can just click start on that, um, you will see, um, the Windows firewall in any other security tools you have is and I want to try and block them. Exit deceit is a hacking tool. But we're gonna go ahead and allow that.
And we're allowing this on our private network. Since it is just lab devices again, we're not gonna see a whole lot of traffic here. Um, we're not able to actually perform any real man in the middle attacks. But I'm just showing you this is something else of this tool can do in addition to cracking passwords.
Okay, So let's go ahead and get into what we really want to use Cain and Abel for, and that's cracking passwords. So if you go to the cracker tap.
This is where you have all the options for password cracking. You can see it'll crack all sorts of different types of passwords depending on what you're looking for. This one, we're looking for the NT lm passions. So let's go ahead and add hashes from this system so you can click the plus button on ad.
And this is where you can import ashes from a file like a sam database you dumped earlier or from the current system that you are on.
So we're gonna do the, uh, passwords from this system, so import ashes from local system and next, And as you can see, it already imported those.
And we did build that custom dictionary for our last attacks. Will make sure we so got that. Yet we've got that custom wordless there. So we're gonna try and use that to crack these passwords because it will be a little quicker.
So all we need to do right now is let's go ahead and select all those right click. And this is where you can choose the different types of attacks that you've got.
So you got your dictionary attack A brute force attack crypt analysis Rainbow Rainbow cracking with online rainbow tables were going to do the N T L M with a word list.
So let's go and click that and you can see we've got our word list here
and we can go add toe list to make sure we've got the right one custom word list. That is the one we've got there. And so you can tell a couple different options. You can reverse the words double past lower case upper case numbers, so it'll replace like AIDS with fours essence with five things like that. So it's been hit start
and you can see we've already got one password cracked
and let's see what it's not liking.
So let's see here might know like that wordless. Let's see, I think actually built another one. That's when add another word list. So right click and add to the list,
and I think we got that other one in the John folder gathered a CZ.
There's another customer list might get those mixed up, so it's going to hit start again and bam! It's already cracked. Two of the four
and there we go so you can see it's cracked. All of these passwords. We've got Dwight's, which is mega desk Guests had an empty password. Jim had a password. Jello Michael had a password of best boss.
And the S S H D Damon are user was empty password as well. So you can actually, um, try and perform other attacks on the passwords that it didn't crack. If you right click.
So say we didn't get it. With our custom wordless, we can run a brute force attack.
And here's where you got your pre defined set of characters. So you've got your standard alphabet along with the numbers, and this is gonna try like we said every single combination. So if we hit start, it's going to start
Brute Forcing that password with all those letters was gonna try every single combination, try and match the hash that we already have.
So, Prue forcing does take a lot longer. Um, it's a bit slower method, but it will eventually get there