platform. It allows easy recovery of various kinds of passwords by sniffing
the network, cracking encrypted passwords using Dictionary, Brute-Force
and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, revealing password boxes, uncovering cached passwords
and analyzing routing protocols. This tool covers some security weaknesses
present in the protocols, authentication methods and caching mechanisms.
Cain & Abel was developed for network administrators, security consultants
or professionals, forensic staff, security-software vendors, and professional
penetration testers.
Cain & Abel is actually two different programs. Cain has the following
features:
Protected Storage Password Manager: Reveals locally stored passwords
of Outlook, Outlook Express, Outlook Express Identities, Outlook
2002, Internet Explorer, and MSN Explorer.
Credential Manager Password Decoder: Reveals passwords stored in
Enterprise and Local Credential Sets on Windows XP/2003.
LSA Secrets Dumper: Dumps the contents of the Local Security
Authority Secrets.
Dialup Password Decoder: Reveals passwords stored by Windows “Dial-
Up Networking” component.
APR (ARP Poison Routing): Enables sniffing on switched networks and
Man-in-the-Middle attacks.
Route Table Manager: Provides the same functionality of the Windows
tool route.exe with a GUI front-end.
SID Scanner: Extracts usernames associated with Security Identifiers
(SIDs) on a remote system.
Network Enumerator: Retrieves, where possible, the user names,
groups, shares, and services running on a machine.
Service Manager: Allows you to stop, start, pause, continue, or remove
a service.
Sniffer: Captures passwords, hashes, and authentication information
during transmission on the network. Includes several filters for application
specific authentications and routing protocols. The VoIP filter
enables the capture of voice conversations transmitted with the SIP/RTP
protocol saved later as WAV files.
Routing Protocol Monitors: Monitors messages from various routing
protocols (HSRP, VRRP, RIPv1, RIPv2, EIGRP, OSPF) to capture authentications
and shared route tables.
Full SSH-1 sessions sniffer for APR (APR-SSH-1): Allows you to capture
all data sent in a HTTPS session on the network.
Full HTTPS sessions sniffer for APR (APR-HTTPS): Allows you to capture
all data sent in a HTTPS session on the network.
Certificates Collector: Grabs certificates from HTTPS Web sites and prepares
them for use by APR-HTTPS.
MAC Address Scanner with OUI fingerprint: Using OUI fingerprint,
makes an informed guess about the device based on the MAC address.
Promiscuous-mode Scanner based on ARP packets: Identifies sniffers
and network intrusion detection systems present on the LAN.
Wireless Scanner: Scans for wireless networks signal within range. This
feature is based on NetStumbler that we discuss in Chapter 9.
Access (9x/2000/XP) Database Passwords Decoder: Decodes the stored
encrypted passwords for Microsoft Access Database files.
Base64 Password Decoder: Decodes Base64 encoded strings.
Cisco Type-7 Password Decoder: Decodes Cisco Type-7 passwords used
in router and switches configuration files.
VNC Password Decoder: Decodes encrypted VNC passwords from the
registry.
Enterprise Manager Password Decoder: Decodes passwords used by
Microsoft SQL Server Enterprise Manager (SQL 7.0 and 2000 supported).
Remote Desktop Password Decoder: Decodes passwords in Remote
Desktop Profiles (.RPD files).
PWL Cached Password Decoder: Allows you to view all cached
resources and relative passwords in clear text either from locked or
unlocked password list files.
Password Crackers: Enables the recovery of clear text passwords
scrambled using several hashing or encryption algorithms. All crackers
support Dictionary and Brute-Force attacks.
Cryptanalysis attacks: Enables password cracking using the “Faster
Cryptanalytic time – memory trade off” method introduced by Philippe
Oechslin. This cracking technique uses a set of large tables of precalculated
encrypted passwords, called Rainbow Tables, to improve
the trade-off methods known today and to speed up the recovery of
cleartext passwords.
NT Hash Dumper + Password History Hashes (works with Syskey
enabled): Retrieves the NT password hash from the SAM file regardless
of whether Syskey is enabled or not.
Microsoft SQL Server 2000 Password Extractor via ODBC: Connects to
an SQL server via ODBC and extracts all users and passwords from the
master database.
Box Revealer: Shows passwords hidden behind asterisks in password
dialog boxes.
RSA SecurID Token Calculator: Calculates the RSA key given the tokens
.ASC file.
Hash Calculator: Produces the hash values of a given text.
TCP/UDP Table Viewer: Shows the state of local ports (like netstat).
TCP/UDP/ICMP Traceroute with DNS resolver and WHOIS client: An
improved traceroute that can use TCP, UDP and ICMP protocols and
provides whois client capabilities.
Cisco Config Downloader/Uploader (SNMP/TFTP): Downloads or
uploads the configuration file from/to a specified Cisco device (IP or
hostname) given the SNMP read/write community string.
Abel provides the following features:
Remote Console: Provides a remote system shell on the remote machine.
Remote Route Table Manager: Manages the route table of the remote
system.
Remote TCP/UDP Table Viewer: Shows the state of local ports (like netstat)
on the remote system.
Remote NT Hash Dumper + Password History Hashes (works with
Syskey enabled): Retrieves the NT password hash from the SAM file
regardless of whether Syskey is enabled or not; works on the Abel-side.
Remote LSA Secrets Dumper: Dumps the contents of the Local Security
Authority Secrets present on the remote system.
No comments:
Post a Comment