You are on page 1of 6

"Introduction to Cain and Abel cracking tool").

Now i am going to explain how to use the cain and abel tools for cracking MD5 passwords(Using Brute Force method). To know about Brute Force Attack read this Post: Introduction to Brute Force attack cracking Cracking Password Step 1: Open the cain &abel tool You can see the different types of tabs. we are going to crack the passwords ,right?! then why are you waiting ? click the Cracker tab

Cracking Step 2: In sidebar you can see list of hash methods. select MD5 Hashes in sidebar. Now you can see a blank sheet. There you are going to add the hash code for cracking.

. Cracking Step 3: Right click on the blank sheet and select "add to list" option.

Cracking Step 4: Now you can see the pop box and ask you to enter the Hash code in hex. copy and paste the hash code in that box and hit ok button. For instance, let us take this hash code c3ea886e7d47f5c49a7d092fadf0c03b now the code will be added to the work sheet.

Cracker Step 5: Right click on the hash code and select the Method. For now let's use Brute force attack(i will post cracking tutorials using other methods in my next posts). So select "Brute Force Attack"

Cain-Abel Cracker Tool Tutorials Step 6: you can see a small window. Click "Start" button to start the cracking of passwords. Special Options: if it take too long to crack then limit the password by fixing min and max of password length. for instance if you think the password length will be above the 4 then set the min as "5". You can start the password cracking from certain words(better don't use until you well know about victim and cracking).

Cracking Tutorials Step 7: At the end of the cracking ,you will see the message as "Attack stopped. Hash Cracked" you can see the password in "start from " box. or press the exit sheet button. you will see the cracked password in work sheet in the password column

Cain and Abel (sometimes called simply "Cain") is a Windows password recovery tool. It can recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. Cryptanalysis attacks are done via rainbow tables which can be generated with the winrtgen.exe program provided with Cain and Abel. Cain and Abel is maintained by Massimiliano Montoro.Kumar has already posted about how to use Cain and Abel to hack Networks. Cain & Abel is a useful tool for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons.

How to hack a Computer with Cain and Able



This hack will only work for Computers connected on LAN. First of all download Cain and Abel Software. Now install the software and open it . Make sure that you dont have any active antivirus on your pc. First Click the Sniffer Tab. Now Click on the sniffer button in the top toolbar. On clicking ,the sniffer will start. Now click on + button to add the range of ip address you want to hack on LAN. Like in my hostel my ip is something like 15.15.15.04 so I have given the range from 15.15.15.1 to 15.15.15.254 .

Tick the option which says " All Tests ". Click OK and you will see the software will start all the test. After completion of these tests you will see the MAC Addresses ,IP addresses and OUI fingerprints of all computers running in your LAN . Now click on APR tab below.In APR there are two windows . Click on the above window and the + button will appear above .Now Click that button and a new window will open. Left side window will show all the ip addresses and right window will be empty.

Click on any IP address in the Left Window and all other IPs will automatically appear in right window.Suppose I click on 15.15.15.1 . Press Cntrl and select all the ips in the right window and Click OK.

NOTE: What you are doing ? Actually you are going to poison all the other ips using 15.15.15.1 . In this way you will be totally safe . If someones tries to know who is poisoning then he will get the ip of 15.15.15.1 and you are safe here :)

All these ips will be shown in above window. Now Click on APR Button in the top toolbar and as you click on that button poisoning will start.It will show in the below window. Now click on the Password tab below. In the left list you will see HTML .Click on it. Hurrah you got the passwords of all the PCs and also the sites they have recently visited .

NOTE: APR poisoning is very dangerous , and during this hack your LAN is fully loaded and it affects the speed a lot .

Status with Virus Scanners



Some virus scanners, notably Avast! detect Cain and Abel as 'malware' "Win32:Cain-B [Tool]". It's classified in Avast! as "Other potentially dangerous program". The author, and owner of oxid.it states that his programs are not Malware. Even if Cain's install directory, as well as the word "Cain", are added to Avast's exclude list, the real-time scanner will stop Cain from functioning.

The latest version of Avast no longer blocks

Attacks Available in Cain and Abel



The latest version of this Computer Tool is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors. Dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.

Features

WEP cracking Speeding up packet capture speed by wireless packet injection Ability to record VoIP conversations

Decoding scrambled passwords Calculating hashes Traceroute Revealing password boxes Uncovering cached passwords Dumping protected storage passwords ARP spoofing IP to MAC Address resolver Network Password Sniffer