RSS FeedsIn this post i will show you how to sniff the passwords & chat conversations in your lan this is only the basic tut my next post will be covering arp poisoning with this u can make filter & fine-tune all the date of the victim
hii guys in this post i will show u how to use cain & abel its the best & fastest tool both for sniffing & cracking the passwords
Download Link :- http://oxid.netsons.org/download/ca_setup.exe (sometimes the link doesn’t work)
what’s Cain & Able ?
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force & Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords & analyzing routing protocols. (taken from their website)
This tutorial is meant for sniffing only there’s a lot other things you can do with cain as mentioned above
Softpedia link :- > here <
How to sniff with CAIN
Step 1:- Install Cain & Launch it
Step 2:- Click on Sniffer tab
Step 5:- Click OK on the next window that comes -> CAIN is told to scan all the host in our subnet
Step 3:- Activate the sniffer by clicking 2nd icon (seems like micro chip — tooltip says Start/Stop Sniffer) from the left on top bar
Step 4:- Click on blue coloured & icon to scan for MAC address on LAN or basically right click ->scan MAC address
Step 6:- Click on APR tab at the bottom
Step 7: Now Click on the & sign again at the top to add Computers to sniff on . A windows will pop up . In that windows . Select the router/gateway of your lan on the left side & the computer you need to sniff on the right side. Mostly the gateway is the two with ending octet 1 eg. 10.10.10.1 or 10.129.71.1 as in my case. Ususally last no. is 1
Step 8:- Now you’ll see the computers are added to the list. Click on 3rd icon from the left on the top which is like has a biohazard sign . You’ll see something like this
Step 9:- Step back & relax & let cain do its work you’ll see passwords rolling in passwords tab.(click it to enter password)
well its 3 in the morning & i don’t think somebody else is online besides me so this picture does’t show you any passwords
Suggestions & Feedbacks are appreciated
related post :Arp poisoning to redirect the victom to other site in your lan
This tutorial will cover (version 4.9.8)
check complete tut that cain & abel can do
Cain is an easy application to install & configure. However, there’s several powerful tools that should only be configured after you fully understand both the capabilities & consequences to the application & the target network. After all, you can’t well hack a network if you take it down. Proceed with caution.
INTRODUCTION
1. Enumerate the computers on the network
they need to accomplish the following steps to get the admin account:
3. Harvest user account information
2. connect to a computer & install the Abel remote app
5. Login to the target machine with the admin account
4. Crack user account information passwords to get the admin account
7. Harvest all of the hashes from a server & sent to the cracker
6. Install the Abel service on the target server
First things first, after you launch the application you will need configure the Sniffer to use the appropriate network card. If you’ve multiple network cards, it might be useful to know what your MAC address is for your primary connection or the two that you will be using for Cain network access. You can determine your MAC address by performing the following steps:
two times they’ve the admin account on the server, the rest is up to you.
1. Go to “Start”
2. Run
3. enter the “CMD”
4. A black window will appear
5. Enter the following information in to the window without the quotes
“Ipconfig /all” & then Enter
6. Determine which two of the Ethernet adapters you are using & copy the MAC address to notepad. You use this to help determine which NIC to select in the Cain application
With the Cain application open, select the Configure menu option on the main menu bar at the top of the application. The Configuration Dialog box will appear. From the list select the tool with the MAC Address of Ethernet or Wireless network card that you will be using for hacking. While they are here, let’s review a number of the other tabs & information in the Configuration Dialog Box. Here is a brief description of each tab & its configuration:
Sniffer Tab: allows the user to specify the Ethernet interface & the start up options for the sniffer & ARP features of the application.
ARP Tab: Allows the user to in effect to lie to the network & tell all of the other hosts that your IP is actually that of a more important host on the network like a server or router. This feature is useful in that you can impersonate the other tool & have all traffic for that tool “routed” to you workstation. Keep in mind that servers & routers & designed for multiple high capacity connections. If the tool that you are operating from can not keep up with traffic generated by this configuration, the target network will slow down & even come to a halt. This will surly lead to your detection & eventual demise as a hacker as the event is easily detected & tracked with the right equipment.
Filters & Ports: Most standard services on a network operate on predefined ports. These ports are defined under this tab. If you right click on two of the services you will be able to change both the TCP & UDP ports. But this won’t be necessary for this tutorial, but will be useful future tutorials.
HTTP Fields: Several features of the application such as the LSA Secrets dumper, HTTP Sniffer & ARP-HTTPS will parse the sniffed or stored information from web pages viewed. basically put, the more fields that you add to the HTTP & passwords field, the more likely you are to capture a relevant string from an HTTP or HTTPS transaction.
Traceroute: trace route or the ability to determine the path that your data will take from point A to point B. Cain adds some functionality to the GUI by allowing for hostname resolution, Net mask resolution, & Whois information gathering. This feature is key in determining the proper or available devices to spoof or siphon on your LAN or internetwork.
Console: This is the command prompt on the remote machine. Anything that you can do on your computer from the CMD prompt can be done from here. Examples include mapping a drive back to your computer & copying all the files from the target or adding local users to the local security groups or anything . With windows, everything is possible from the command prompt.
Hashes: Allows for the enumeration of user accounts & their associated hashes with further ability to send all harvested information to the cracker.
LSA Secrets: Windows NT & Windows 2000 support cached logon accounts. The operating process default is to cache (store locally), the last 10 passwords. there’s registry settings to turn this feature off or restrict the number of accounts cached. RAS DUN account names & passwords are stored in the registry. Service account passwords are stored in the registry. The password for the computers secret account used to communicate in domain access is stored in the registry. FTP passwords are stored in the registry. All these secrets are stored in the following registry key: HKEY_LOCAL_MACHINE SECURITYPolicySecrets
TCP Table: A simple listing of all of the processes & ports that are jogging & their TCP session status.
Routes: From this object, you can determine all of the networks that this tool is aware of. This can be powerful if the tool is multihommed on two different networks.
UDP Table: A simple listing of all of the processes & ports that are jogging & their UDP session status.
Dictionary Cracking – Select all of the hashes & select Dictionary Attack (LM). You could select the NTLM but the method is slower & with few exceptions the NTLM & NT passwords are the same & NT cracks (Guesses) faster. In the Dictionary window, you will need to populate the File window with each of you dictionary files.you have to download the tables.and copy them to cain installation directory, Check the following boxes: As is Password, Reverse, Lowercase, uppercase, & two numbers.)
Dictionary Cracking process
Click start & watch Cain work. The more lists & words that you’ve, the longer it will take. When Cain is completed, click exit & then look at the NT password column. All of the passwords cracked will show up next to the now
Take a second to look carefully at the accounts & passwords in the list. Look for patterns like the use of letters & characters in sequence. plenty of administrators use reoccurring patterns to help users remember their passwords. Example: Ramius password reset in November would have a user account of RAMNOV. If you can identify patterns like this you can use word generators to generate all possible combinations & shorten the window.
Alright then… Resort your hashes so single out the accounts that you’ve left to crack. Now select all of the un-cracked or guessed accounts & right click on the accounts again & select Cryptanalysis (LM). Add the tables that you downloaded from the net to the Cain LM hashes Cryptanalysis Sorted rainbow tables window. Click start. This should go speedy. Take a second to review your progress & look for additional patterns.
Cryptanalysis attacking
At this point, use program like sam grab that has the ability to determine which accounts are members of the domain administrators group to see if you’ve gotten any admin level accounts. two times you move to the next step, which is bruting, most of what you’ve left are long passwords that are going to be difficult & time consuming. Any time saver applications that you can find will be helpful.
Bruting
Repeat the same method for selecting the accounts. Here is the first time that you will actually have to use your brain Bruting can be very time consuming. Look closely at all of the passwords that you’ve cracked & look for patterns. First do you see any special characters in any of the passwords cracked. How about numbers? A lot of all upper case of all lower case? Use what you see to help you determine what parameters to include when you are bruting. As you will see, the addition of a single character or symbol can take you from hours to days or even years to crack a password. The objective is to use the least amount of characters & symbols to get the account that you need. So lets finish it off. Select all of the un cracked accounts & follow the previous steps & select Brute Force (LM). The default for LM is A-Z & 0-9. This is because that is due nature of LM hashes & the way that they are stored. Another note is that sometimes you will see a “?” or several “????” & then some numbers or letters. This is also due to the nature of NT versus NTLM & the method that NT used to store passwords. If not see if you can find a repeating structure that is based on the number 7. Anyway, based on the other passwords & those accounts with an “*” in the <8>
Some definition
MAC: Media Access Control – In computer networking a media access control address (MAC address) is a code on most forms of networking equipment that allows for that tool to be uniquely identified. Each manufacturer for Network Cards has been assigned a predefined range or block of numbers.
Sniffing: Sniffing is the act or method of “Listening” to some or all of the information that is being transmitted on the same network segment that a tool is on. On an OSI Model Layer 1 network, even the most basic Sniffers are capable of “hearing” all of the traffic that is sent across a LAN. Moving to a Layer 2 network complicates the method , however tools like Cain allow for the spanning of all ports to allow the exploitation of layer 2 switched networks.
ARP: Address Resolution Protocol – Address Resolution Protocol; a TCP/IP function for associating an IP address with a link-level address. Understanding ARP & its functions & capabilities are key skills for hackers & security professionals alike. A basic understanding of ARP is necessary to properly utilize all of the functions that Cain is capable of.
