Back
password cracking attacks

Cain and abel – Swiss Knife for Hacking

If you want to know how to hack passwords on a Windows machine, then you have come to the right place — introducing Cain and Abel the password tool which changed password cracking for hackers. This tool made it so easy and so effective that it made password cracking via command line almost obsolete.

The sad part is, however, the project is now discontinued and is no longer available. It was made by a company called oxid.it and was the most popular choice among password tools. You can still find this tool on many websites. But it is no longer being updated.

You can download the latest version: download it from here.

Password is 123

I will still recommend opening this tool only on a VM (virtual machine). Do not use this on your main system for security reasons.

Table of contents

What are Cain and Abel?

Cain and Abel ( aka Cain ) is a password recovery tool made to recover passwords from Microsoft Windows-based systems. It has numerous functionalities, and it can recover many kinds of passwords using hacking methods such as network packet sniffing, cracking password hashes, dictionary attacks, brute force, and cryptanalysis attacks.

Those who do not know about Cryptanalysis attacks are done via rainbow tables, which can be generated with tools such as the winrtgen.exe program provided with Cain and Abel. Rainbow tables are pre-computed hashes that can help reduce the password cracking time for software such and Cain and Abel. You can also use the hash suite for password cracking.

Hows does this password cracking tool work?

Cain & Abel uses dictionary wordlists as the basis for cracking passwords. These wordlists contain a list of the most commonly used passwords. Another way is brute-force attacks in which different passwords with different combinations are tried every second and based on that tries to break the password.

It can also extract hashes stored on the system and can hack windows operating system passwords.  This tool can also remove hidden passwords by showing passwords in certain software applications. That is not all there are many more features, so let’s try them.

Hacking passwords with cain and Abel.

Note: Disable firewall before using this tool. It doesn’t work that effectively with firewalls.

So let’s see which passwords can be hacked by cain and Abel and what else we can do:

As we can see, password cracking is divided into seven types. Depending on the requirements of the hacker. Frankly speaking, only sections 1 to 4 are important and useful. Rest is not that interesting, at least to me. You are free to check them out.

Section 1: Decoders

This section extracts and hacks all the passwords on the current system. Basically, it searches where the passwords are stored and shows you that data. Do note depending on which version of windows you are using some features might not work.

Sometimes it will cause the system to restart. Has happened to me so fair warning. Save your work or run it on a virtual machine. You can try all others; however, many of them are no longer used and are outdated.

This is an example where I extracted some email passwords saved on my system. These are the saved passwords on the system FYI.

Section 2: Network

This tool maps the network and captures packets. Do note you need to configure your network card otherwise this network mapper does not work. Frankly, it is poorly implemented. I recommend using Wireshark instead to capture the traffic. Then use this tool for analysis.

  • Step 1: Click on configure.
  • Step 2: Select your wireless adapter.
  • Step 3: Scan wireless macs. Right click and you will see this option.
  • Step 4: Click on start sniffing.

All the captured data is showed and sorted in the sniffer tab.

Section 3: Sniffer

Just like the network section, the sniffer section too requires a wireless adapter. All the passwords can be sniffed and stored once you set up everything. It’s pretty simple to use but really effective. You can also add captures from Wireshark for sorting and processing.

Click on the open folder icon to add the dump files or click on this icon to start arp poison.

It can show you a lot of juicy and sensitive information.

Section 4: Cracker

This is the password cracking section. If you have used hash suite or tried password cracking before you will find it very easy to use. You can open and import hash files into Cain and Abel by using the open button(open folder icon).

Once the hashes are loaded. Right-click and select how you want to hack the password. As you can see, there are numerous options, so feel free to try them out. Dictionary, Bruteforce wordlists, etc.

Cain and Abel supports many different types of hashes as well as WPA-PSK dumps which are used to capture wifi passwords.

As you can see above, here are our password cracking options.

Section 5: Traceroute

If you have not heard about traceroute, you need to clear your networking basics. This is a tool that can show you the entire network topology and how packets are being sent. You can use it for network mapping and other stuff. Not that useful, however. Nmap (zenmap) is way better and easy to use. So skip this. Use Nmap. I will be making a separate in-depth tutorial for Nmap soon.

Section 6: CCDU

CCDU tab stands for Cisco Configuration Download/Upload. Unless you are messing with cisco routers, you do not have much use of this option. This attack downloads the router’s running-config file to your local system. This is only used in big companies. So I cannot teach you about this at this point in time. Maybe I will do a separate hacking cisco routers series.

Section 7: Wireless

As you can guess, this section is dedicated to hacking wifi networks and breaking wifi passwords and encryption. This is old and compared to this. There are better tools for hacking wifi. This tool seems to target web-based encryption which no one uses. So check out the wifi hacking series instead of this.

Hidden features :

So was this all. Well, not quite. There are many hidden options in cain and Abel which go unnoticed. So I’m going to show them to you.

These are located on the top bar as shown:

Following are the 8 hidden functions of cain and Abel:

1st) Base 64 password decoder:

As you can guess, it decodes base64 passwords. They are not really used anymore, unfortunately. The passwords are no longer stored in base64 format. Feel free to test.

2nd)  Access database password decoder

Access database decoder. Very useful for breaking access database passwords.  Till then you can hack Microsoft access passwords up to version 2010 as far as I know. I haven’t checked on the latest versions. I will update this when I do.

3rd) Cisco Type 7 password

Breaking the Cisco type 7 security password. Do I really need to explain?

You can crack cisco type 7 passwords. This is no longer used and is considered obsolete.

4th) Cisco VPN password decoder

This tool can hack and decode cisco VPN passwords. Unfortunately, I did not get a chance to test this. Once I do I will update it. It probably works on the older versions, not the new ones.

5th)  VNC password decoder

If you have gotten access to the vnc password file, you can now break it and guess the password. Hopefully, it is fixed now in the newer versions. Otherwise, vnc users are in serious trouble. Do test and let me know in the comment section.

6th) Hash calculator

A simple hash calculator for fun.

7th) Rsa secure token calculator

Calculating RSA secure tokens and hacking them. It shows it’s available. I have not yet tested this and will update when I do. I Haven’t gotten a chance to test it yet, legally. If you what I mean.

8th)  Remote desktop password decoder

An easy way to hack remote desktop users. Haven’t tested in windows 10. But it works in windows 7 as far as I know. Not sure if the bug is patched. If anyone tests this do comment in the comment section below.

Commonly asked questions about cain and abel

Q1. Is this tool safe?

Yes as far as I know. But always run it in a virtual machine. Do not run on your main machine.

Q2. Is it legal to use on anyone?

Nope. Like many of my tutorials, this is only for educational purposes. Please do not use it for any illegal reasons.

Q3. My system restarted when I used this tool. What do I do?

Firstly you should never run it directly. Use it in VM for testing. There is nothing wrong with the tool or your system. When sensitive files are accessed by any software windows shuts down to protect themselves.

Q4. My wifi adapter is not working with cain and Abel. What do I do?

Not all adapters work. This tool is poorly implemented that is what I felt. You can use Wireshark for capturing traffic and then use Cain and Abel for cracking passwords.

Hope you liked the article do share and donate to support the site. Happy hacking.

Tag:, , , ,

author avatar
shubham

You may also like

Installation Guide
The Black Tiger – Installation Guide
4 November, 2023
Unmasking WordPress Vulnerabilities
WPScan: Unmasking WordPress Vulnerabilities
12 October, 2023
Add a heading
Hash-Identifier Guide: Features, Uses, and Commands
12 October, 2023

Leave A Reply

Your email address will not be published. Required fields are marked *