Cain and Abel

Is a password recovery tool for Microsoft Windows. It can recover many kinds of passwords
using methods such as network packet sniffing, cracking various password hashes by using methods
such as dictionary attacks, brute force and cryptanalysis attacks. Cryptanalysis attacks are done
via rainbow tables which can be generated with the winrtgen.exe program provided with Cain and
Abel. Cain and Abel is maintained by Massimiliano Montoro and Sean Babcock.
The latest version is faster and contains a lot of new features like APR (Address Resolution
Protocol) Poison Routing which enables sniffing on switched LANs and Man-in-the-Middle attacks.
The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS and contains
filters to capture credentials from a wide range of authentication mechanisms. The new version also
ships routing protocols authentication monitors and routes extractors, dictionary and brute-force
crackers for all common hashing algorithms and for several specific authentications, password/hash
calculators, cryptanalysis attacks, password decoders and some not so common utilities related to
network and system security

What features are supported by Cain and Abel?

• To crack Wired Equivalent Privacy (WEP)
• Wireless packet injection could be done by it as well, allowing the speed of packet capture to
go up and be boosted.
• Voice over internet protocol (VoIP) conversations could be recorded.
• Password boxes could be revealed
• Scrambled passwords could be decoded
• Used hashes could be calculated
• Cached passwords could be detected

Who Should Use This Tool?

Cain & Abel is a tool that will be quite useful for network administrators, teachers,
professional penetration testers, security consultants/professionals, forensic staff and security
software vendors.
ADVANTAGE
• Password recovery tool is completely free
• As shown before, cracking passwords are accomplished through diverse methodologies
through this software
• Several methods can be employed to crack passwords
• Recovery of passwords is very fast, at least with my several tests
• Windows account passwords could be discovered with a 99.9% success. Yet, this percentage
is highly dependable on the rainbow tables in use.

DISADVANTAGE
• Separate "Rainbow Tables" must be downloaded from other sources online
• Program must be installed on the hard drive, unlike many other password recovery tools
• Must have access to another administrator account on the computer.
• Variety of other built-in hacking tools might intimidate novice users

IS CAIN AND ABEL MALWARE?

Certain anti-virus tools claim that it is, however the authors of Cain and Abel claim that their
software is not dangerous and does not perform any actions without the owner’s consent.

Requirements
The system requirements needed to successfully setup Cain & Abel are:
– At least 10MB hard disk space
– Microsoft Windows 2000/XP/2003/Vista OS
– Winpcap Packet Driver (v2.3 or above).
– Airpcap Packet Driver (for passive wireless sniffer / WEP cracker).

TOOLS USED FOR CAIN AND ABEL

• Rainbow Table - A rainbow table is a precomputed table for reversing cryptographic hash
functions, usually for cracking password hashes. Tables are usually used in recovering a
plaintext password (or credit card numbers, etc.) up to a certain length consisting of a limited
set of characters.
References
• https://en.wikipedia.org/wiki/Cain_and_Abel_(software)
• http://resources.infosecinstitute.com/password-cracking-using-cain-abel/