.gif)
Cain (software)
Encyclopedia
Cain and Abel is a password recovery tool for Microsoft Windows. It can recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.
Cryptanalysis attacks are done via rainbow tables which can be generated with the winrtgen.exe program provided with Cain and Abel.
Cain and Abel is maintained by Massimiliano Montoro.
.
Avast!
detects it as "Win32:Cain-B [Tool]" and classifies it as "Other potentially dangerous program", while Microsoft Security Essentials detects it as "Win32/Cain!4_9_14" and classifies it as "Tool: This program has potentially unwanted behavior."
Even if Cain's install directory, as well as the word "Cain", are added to Avast's exclude list, the real-time scanner has been known to stop Cain from functioning. However, the latest version of Avast no longer blocks Cain.
Montoro, the owner of oxid.it and maintainer of Cain and Abel, has stated that his programs do not contain malware or backdoors. However, as the source code
for Cain and Abel is not available for independent security review
, a measure of caution is advised as with any software acquired from the Internet.
Cryptanalysis attacks are done via rainbow tables which can be generated with the winrtgen.exe program provided with Cain and Abel.
Cain and Abel is maintained by Massimiliano Montoro.
Status with virus scanners
Some virus scanners detect Cain and Abel as malwareMalware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
.
Avast!
Avast!
Avast! is an antivirus computer program developed by AVAST Software a.s. , a company based in Prague, Czech Republic. It was first released in 1988 although back then it was just a tool to remove the Vienna malware...
detects it as "Win32:Cain-B [Tool]" and classifies it as "Other potentially dangerous program", while Microsoft Security Essentials detects it as "Win32/Cain!4_9_14" and classifies it as "Tool: This program has potentially unwanted behavior."
Even if Cain's install directory, as well as the word "Cain", are added to Avast's exclude list, the real-time scanner has been known to stop Cain from functioning. However, the latest version of Avast no longer blocks Cain.
Montoro, the owner of oxid.it and maintainer of Cain and Abel, has stated that his programs do not contain malware or backdoors. However, as the source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
for Cain and Abel is not available for independent security review
Security Testing
Security testing is a process to determine that an information system protects data and maintains functionality as intended.The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation...
, a measure of caution is advised as with any software acquired from the Internet.
Features
- WEPWired Equivalent PrivacyWired Equivalent Privacy is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network...
cracking - Speeding up packet capture speed by wireless packet injection
- Ability to record VoIP conversations
- Decoding scrambled passwords
- Calculating hashes
- TracerouteTraceroutetraceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems....
- Revealing password boxes
- Uncovering cached passwords
- Dumping protected storage passwords
- ARP spoofingARP spoofingARP spoofing, also known as ARP cache poisoning or ARP poison routing , is a technique used to attack a local-area network . ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether...
- IPIP addressAn Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
to MAC AddressMAC addressA Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...
resolver - Network PasswordPasswordA password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
SnifferSnifferSniffer may refer to:* Packet analyzer , computer software or hardware that can intercept and log traffic passing over a digital network... - LSALocal Security Authority Subsystem ServiceLocal Security Authority Subsystem Service , is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens...
secret dumper - Ability to crack:
- LMLM hashLM hash, LanMan, or LAN Manager hash was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords...
& NTLMNTLMIn a Windows network, NTLM is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users....
hashes - NTLMv2NTLMIn a Windows network, NTLM is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users....
hashes - Microsoft Cache hashes
- Microsoft WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
PWL files - Cisco IOSCisco IOSCisco IOS is the software used on the vast majority of Cisco Systems routers and current Cisco network switches...
- MD5 hashes - Cisco PIXCisco PIXCisco PIX is a popular IP firewall and network address translation appliance. It was one of the first products in this market segment....
- MD5 hashes - APOPApopAPop may refer to:*Apoptygma Berzerk a Norwegian electronica band*APOP *Apop Records is an independent record label based in Houston, Texas*APOP Kinyras Peyias FC a Cypriot football club...
- MD5 hashes - CRAM-MD5CRAM-MD5In cryptography, CRAM-MD5 is achallenge-response authentication mechanism defined in RFC 2195 based on theHMAC-MD5 MACalgorithm...
MD5 hashes - OSPF - MD5 hashes
- RIPv2Routing Information ProtocolThe Routing Information Protocol is a distance-vector routing protocol, which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum number of hops allowed for RIP is 15....
MD5 hashes - VRRP - HMACHMACIn cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...
hashes - Virtual Network ComputingVirtual Network ComputingIn computing, Virtual Network Computing is a graphical desktop sharing system that uses the RFB protocol to remotely control another computer...
(VNC) Triple DESTriple DESIn cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block.... - MD2 hashes
- MD4MD4The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms....
hashes - MD5MD5The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
hashes - SHA-1 hashes
- SHA-2SHA-2In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...
hashes - RIPEMD-160RIPEMDRIPEMD-160 is a 160-bit message digest algorithm developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996...
hashes - Kerberos 5Kerberos protocolKerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual...
hashes - RADIUSRADIUSRemote Authentication Dial In User Service is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service...
shared key hashes - IKEIKEIKE may refer to:* The IKE Group, a research group at the Department of Business Studies, Aalborg University, Denmark* Ikerasak Heliport , a heliport in Ikerasak, Qaasuitsup, Greenland...
PSKPre-shared keyIn cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key...
hashes - MSSQL hashes
- MySQLMySQLMySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
hashes - OracleOracle databaseThe Oracle Database is an object-relational database management system produced and marketed by Oracle Corporation....
and SIPSession Initiation ProtocolThe Session Initiation Protocol is an IETF-defined signaling protocol widely used for controlling communication sessions such as voice and video calls over Internet Protocol . The protocol can be used for creating, modifying and terminating two-party or multiparty sessions...
hashes
- LM
See also
- Black-hat hacker
- White-hat hacker
- Hacker (computer security)Hacker (computer security)In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
- Password crackingPassword crackingPassword cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...