The Cain Tool
Presented by: Sagar Chivate
CS 685F
Introduction
Features
 Tool for cracking various kinds of passwords on Windows
platforms using dictionary attack and brute force attacks
Version 2.0 for Windows 9x:
Some Important features:
 Screen saver password recover
 Local share password manager
 pwl password recover
 Access database password manager
…Introduction
Version 2.5 for Windows NT/ 2000/ XP
Some important features:
 Password cracker for NT hashes
 Trace Route with DNS resolver and WhoIs client
 Route table manager
 Users, group, shares and services enumeration
 Access (9x, 2000, XP) password decoder
 Processor information
Download and Installation
 Go to site http://www.oxid.it/
 Click on Projects and then click on Cain & Abel
 Download version 2.0 (for Windows 9x) or version 2.5 (for
Windows NT/2000/XP)
 You will also need to install WinPcap which installs packet.dll,
the driver used by the Cain tool. WinPcap installation starts after
Cain & Abel installation.
 Size on disk Cain & Abel (5.41 MB)
WinPcap 2.3 (100 KB)
 Abel service will automatically start when you reboot your PC
Version 2.0 (Windows 9x)
Local Shares
 Go to Menu Attack
 Click on Local Shares
 Double-click on displayed shares to view/alter sharing
information
Screen Saver Password
 To set Windows screen saver password:
• On windows desktop right click and select properties
• Click on Screen Saver tab
• Select the screen saver
• Check “Password Protected” check box
• Click the “Change” button and set the password
 In Cain Tool go to Menu Attack
 Click on Screen Saver to get screen saver password
Windows Password Manager
 To change Windows password
• Go to Menu Tools
• Select Change Windows Password
• Enter Old and New passwords
 To change Windows screen saver password
• Go to Menu Tools
• Select Change Screen Saver Password
• Enter New Password
Map Drive
 Go to Menu Tools
 Select Map Network Drive
 Choose the drive and the path to be mapped
 Checking Reconnect on logon check box Reconnects the
Mapped drive on logon
 Click Ok to map the drive
Local Password Recover
 Go to Menu Attack
 Click on PWL files
 Local PWL files will be displayed. There will be one file per
user
 Right click on the file to attack the password
 Start attack starts dictionary attack followed by brute-force
attack
Version 2.5
(Windows NT/ 2000/ XP)
Users, Groups, Shares and
Services
 Click on Network tab
 Double click on Microsoft Windows Network to view all
the subnets in your network
Processor Information
 Click on Menu “Tools”
 Select Processor Info to view processor information
NT Hash and LanMan Hash
SAM : System Account Manager: A password database stored
as a registry file in Window NT and Windows 2000.
 NT is only as secure as its SAM data
The Windows NT SAM database stores the hashed password for
each user account in two forms:
 "NT hash" form that is used to authenticate users on Windows
NT clients
 "LM hash" form that is used to authenticate users on Windows
95, Windows 98, and down-level clients such as DOS, Windows
3.1, Windows for Workgroups, OS/2 and Macintosh.
Password Cracker
Configuration Options
 Click on Menu “Configure”
 Select Dictionary options and Brute-Force options to
configure password cracker options
Password Cracker for NT hashes
 Select Cracker tab
 Double click on the cracker key in the left menu to see all
the supported crackers for different hashes
 Click on NT hashes
 Go to Menu File and select Add to list
 In dialog box select Dump NT hashes from local machine
and click Next
 All the current NT users will be added along with their LM
and NT hashes
 Right click on the user and choose to start Dictionary attack
or brute-force attack
Trace Route
 Click on the tab Traceroute
 Go to Menu File
 Click Add to list
 Enter the destination hostname/ IP address (Ex.
www.google.com)
 Set other parameters as desired and click Ok to view the
traced route
References
 Oxid.it
http://www.oxid.it/
 Password Crackers
http://www.apocalypseonline.com/security/tools/tools.asp?exp_
category=Password%20Crackers
 User Authentication with Windows NT
http://support.microsoft.com/default.aspx?scid=KB;enus;q102716
Thank you !