According to the developers, Cain & Abel is a password recovery tool for Windows. This is a big understatement, though—it is a multi-purpose security tool. So what does this tool offer besides password recovery? A network enumerator, a remote registry editor, a network sniffer, a route table manager, a password cracker, a password decoder, a traceroute GUI, a Cisco Config Downloader/Uploader, a wireless scanner, a database query tool, and much more. Because of this vast application area, I can’t describe every function in detail here. I will concentrate on the password recovery features.
- Set up a SharePoint 2010 development environment - Mon, Sep 3 2012
- MBAM 2.0 – BitLocker Administration and Monitoring changes in Windows 8 - Thu, Jul 26 2012
- BitLocker in Windows 8 - Thu, Jul 19 2012
The homepage says that Windows is only supported up to XP, but the tool also installs smoothly on Windows 7. However, some of the functions don’t make sense in a Windows 7 environment, such as the feature to recover Internet Explorer 7 passwords. Some features won’t work at all. But the limitations for Windows 7 users are few.
When you download Cain & Abel, your anti-virus or anti-spy software may generate a warning message that the tool is malicious. Don’t ignore that: Cain & Abel is a very powerful tool that can be dangerous in the wrong hands. So only download and install it when you know what you are doing. The program also installs the Wincap drivers, which are used by other networking tools such as Wireshark.
When you launch Cain & Abel, you will probably see a warning that some functions are disabled because your firewall is running. Again it’s up to your judgment if you want to risk deactivating your firewall. I would recommend keeping it active unless you run into problems. If you ever deactivate the firewall, make sure you immediately reactivate it after the specific task is finished.
Enough said about the technical details; let’s move on to the features. One major feature set is the password decoder tool. Cain & Abel can restore passwords from the Windows protected storage, the Credential Manager, standard edit boxes, LSA secrets, SQL Enterprise Manager, Windows Mail, dialup, Remote Desktop profiles, and the Windows wireless configuration service. The tool also supports non-Microsoft applications such as VNC and Cisco VPN client profiles. You can find them all on the Decoders tab. Common to these passwords is that the recovery is instant. Here’s a sample screenshot from discovered wireless passwords:
On the right, you see the list of discovered wireless passwords. To generate this list, you select “Wireless Passwords” on the left and click the plus sign in the toolbar. It can’t get any easier. You probably understand now that you should treat this tool with caution. Besides opening security holes, you can break the law by using this tool. So make sure that your usage is in line with your country’s data protection laws.
Some passwords can’t be discovered that easily. For those, there is another tab called Cracker. Cain & Abel supports the following hashes and encryption methods:
Hash Types: MD2, MD4, MD5, SHA1, SHA2 (256 bit), SHA2 (384 bit), SHA2 (512 bit), RIPEMD160.
Encryption algorithms: PWL files, Cisco-IOS Type-5 enable passwords, Cisco PIX enable passwords, APOP-MD5, CRAM-MD5, LM, LM + Challenge, NTLM, NTLM + Challenge, NTLM Session Security, NTLMv2, RIPv2-MD5, OSPF-MD5, VRRP-HMAC-96, VNC-3DES, MS-Kerberos5 Pre-Auth, RADIUS Shared Secrets, IKE Pre-Shared Keys, Microsoft SQL Server 2000, Microsoft SQL Server 2005, Oracle, Oracle-TNS-DES, Oracle-TNS-3DES, Oracle-TNS-AES128, Oracle-TNS-AES192, MySQL323, MySQLSHA1, SIP-MD5, WPA-PSK, WPA-PSK-AUTH, CHAP-MD5, MS-CHAPv1, MS-CHAPv2.
Cain & Abel offers a few different approaches to cracking passwords. You can use dictionary, brute force, or cryptanalysis attacks. Regardless of which method you choose, decrypting the passwords can take a long time. For example, my laptop needs 5 minutes to break an account password with 6 characters. For one that is 10 characters long it would need more than 17 years! You can easily test your account’s password strength by going to the Cracker tab and selecting “LM & NTLM Hashes” from the list on the left. Then, click the free space on the right and choose “Add to List” from the context menu. Select “Import Hashes from local system,” and then click “next ->”. On the resulting list of all your accounts, right-click one and choose the cracking method. If this account has a short password, you will have the results within minutes.
I want to close the review of this security tool now because the discussed features should give you enough reasons to explore the application by yourself. There are just too many features to review, and some of them (for example, arp poisoning and IP spoofing) will only interest a small group of people who already know Cain & Abel.