Cain and Abel (often abbreviated to Cain) was a password recovery tool for

Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

. It could recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.

Cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic se ...

attacks were done via

rainbow table A rainbow table is a precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes. Passwords are typically stored not in plain text form, but as hash values. If such a database of hashed passw ...

s which could be generated with the winrtgen.exe program provided with Cain and Abel. Cain and Abel was maintained by Massimiliano Montoro and Sean Babcock.

Features

* WEP cracking * Speeding up packet capture speed by wireless packet injection * Ability to record

VoIP Voice over Internet Protocol (VoIP), also known as IP telephony, is a set of technologies used primarily for voice communication sessions over Internet Protocol (IP) networks, such as the Internet. VoIP enables voice calls to be transmitted as ...

conversations * Decoding scrambled passwords * Calculating hashes *

Traceroute In computing, traceroute and tracert are diagnostic command-line interface commands for displaying possible routes (paths) and transit delays of packets across an Internet Protocol (IP) network. The command reports the round-trip times of ...

* Revealing password boxes * Uncovering cached passwords * Dumping protected storage passwords *

ARP spoofing In computer networking, ARP spoofing (also ARP cache poisoning or ARP poison routing) is a technique by which an attacker sends ( spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate ...

* IP to

MAC Address A MAC address (short for medium access control address or media access control address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use i ...

resolver * Network

Password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...

Sniffer * LSA secret dumper * Ability to crack: ** LM &

NTLM In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft ...

hashes ** NTLMv2 hashes ** Microsoft Cache hashes **

PWL files **

Cisco IOS The Internetworking Operating System (IOS) is a family of proprietary network operating systems used on several router and network switch models manufactured by Cisco Systems Cisco Systems, Inc. (using the trademark Cisco) is an American ...

– MD5 hashes ** Cisco PIX – MD5 hashes ** APOP – MD5 hashes **

CRAM-MD5 In cryptography, CRAM-MD5 is a challenge–response authentication mechanism (CRAM) based on the HMAC-MD5 algorithm. As one of the mechanisms supported by the Simple Authentication and Security Layer (SASL), it is often used in email software as p ...

MD5 hashes ** OSPF – MD5 hashes ** RIPv2 MD5 hashes ** VRRP –

HMAC In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a se ...

hashes **

Virtual Network Computing VNC (Virtual Network Computing) is a graphical desktop-sharing system that uses the RFB protocol, Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the computer keyboard, keyboard and computer mouse, mouse in ...

(VNC)

Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The 56-bit key of the Dat ...

** MD2 hashes **

MD4 The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" st ...

hashes **

MD5 The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as Request for Comments, RFC 1321. MD5 ...

hashes **

SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States ...

hashes **

SHA-2 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...

hashes ** RIPEMD-160 hashes ** Kerberos 5 hashes **

RADIUS In classical geometry, a radius (: radii or radiuses) of a circle or sphere is any of the line segments from its Centre (geometry), center to its perimeter, and in more modern usage, it is also their length. The radius of a regular polygon is th ...

shared key hashes ** IKE PSK hashes ** MSSQL hashes **

MySQL MySQL () is an Open-source software, open-source relational database management system (RDBMS). Its name is a combination of "My", the name of co-founder Michael Widenius's daughter My, and "SQL", the acronym for Structured Query Language. A rel ...

hashes **

Oracle An oracle is a person or thing considered to provide insight, wise counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. If done through occultic means, it is a form of divination. Descript ...

and SIP hashes

Status with virus scanners

Some virus scanners (and browsers, e.g.

Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...

20.0.1132.47) detect Cain and Abel as

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

. Avast! detects it as "Win32:Cain-B ool and classifies it as "Other potentially dangerous program", while

Microsoft Security Essentials Microsoft Security Essentials (MSE) is a discontinued antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and Trojan horses. Prior to version 4.5, ...

detects it as "Win32/Cain!4_9_14" and classifies it as "Tool: This program has potentially unwanted behavior." Even if Cain's install directory, as well as the word "Cain", are added to Avast's exclude list, the real-time scanner has been known to stop Cain from functioning. However, the latest version of Avast no longer blocks Cain. Symantec (the developer of the Norton family of computer security software) identified a buffer overflow

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...

in version 4.9.24 that allowed for

remote code execution In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in softwar ...

in the event the application was used to open a large

RDP RDP may refer to: Computing * Ramer–Douglas–Peucker algorithm, an algorithm for polygonal simplification * Recombination detection program, for analysing genetic recombination * Recursive descent parser, a type of top-down parser * Remote Desk ...

file, as might occur when using the program to analyze network traffic. The vulnerability had been present in the previous version (4.9.23) as well and was patched in a subsequent release.

References

External links

* * {{Password Cracking Software Windows-only freeware Password cracking software Windows security software Network analyzers Windows network-related software

Features

Status with virus scanners

See also

References

External links