Passwords are the most widely used authentication system. To log in to a website, or to any computer, it is necessary to enter this password, together with the user, to have access. For security, and to prevent anyone from being able to get hold of the passwords, they are stored encrypted with a hash. However, no matter how careful we are when it comes to taking care of passwords, there are always weak points that can be used to steal them. And the Cain & Abel tool is one of the best in this regard.
Cain & Abel was originally born as a password recovery software for Windows. Although, as with everything, it depends on how we use it. This program is an expert in searching passwords on any system and, if they are encrypted, being able to decrypt them to obtain the real key that is hidden behind the hash.
This program is capable of scanning an entire computer to find all the passwords stored on it. But it is not the only thing this software can do. This program can also be used to crack passwords using rainbow tables or brute force techniques . In addition, it is compatible with key dictionaries that will allow us to reverse engineer any password if it is one of the most used or probable.
In addition to searching for passwords on any computer, this program also has network functions. With it we will be able to spy on any network and capture all the passwords that are sent through it, both encrypted and unencrypted. It can even be used to carry out brute force attacks on web pages and servers through a large number of protocols, such as VoIP.
Finally, it is also important to indicate that this program takes advantage of vulnerabilities and weaknesses to be able to reveal password boxes, see all those that have been stored in a cache (for example, in the browser) and analyze all kinds of protocols.
Other of the most relevant characteristics that we can highlight of this software are:
- It allows to find out the WEB passwords of the Wi-Fi routers.
- Use packet injection techniques to speed up packet capture on a network.
- Allows you to record VoIP conversations.
- Crack all kinds of strong passwords.
- It can calculate hashes very fast to improve password cracking speed.
- It uses ARP Spoofing techniques to capture network traffic.
- Get the MAC address of any IP.
- Calculate a precise route from our PC to any destination.
- Read the content of Windows PWL password files without problems.
In addition, it is capable of hacking the passwords of the following protocols:
- LM and NTLM
- Cisco IOS – MD5
- Cisco PIX – MD5
- APOP – MD5
- CRAM-MD5 MD5
- OSPF – MD5
- RIPv2 MD5
- VRRP – HMAC
- VNC Triple DES
- Kerberos 5
- RADIUS shared key hashes
- IKE PSK
- Oracle and SIP Database Hashes
Cain & Abel is a virus?
Cain & Abel is a program that has been among users for a long time. However, given its purpose, it is normal for security programs to detect it as suspicious or dangerous software . Avast, for example, recognizes this software as a potentially dangerous program called “Win32: Cain-B”, just as Windows Defender identifies it as “Win32 / Cain! 4_9: 14” and classifies it as potentially dangerous behavior software.
But this is because, being a tool used by hackers, security programs consider it to be dangerous. However, its developer has stated on more than one occasion that it neither has malware nor hides back doors. Unfortunately, we cannot claim that this software is 100% secure, as its source code has not been published or made available to auditing companies to let us know that it really is safe. Therefore, it is like any other proprietary software, a very useful program that works, but with which we must be very careful.
How to hack passwords with Cain & Abel
Although Cain and Abel has always been considered as a single program, it is actually made up of two parts. The first one is Cain, the application responsible for cracking passwords. And the second is Abel, the Windows NT service that protects the sending of passwords within local networks.
This software occupies only 10 MB and, unless we have problems with the antivirus, as we have just explained, initially its installation and start-up has no mystery. Also, it does not hide unwanted software or advertisements.
Once the program is installed on the computer, we can start using it. To do this, we will start Cain and what we will see will be a very simple interface, like the following one, where we will have all our tools.
The program’s interface is divided into tabs, within each of which we will find the different modules for hacking passwords: Decoders, Network, Sniffer, Cracker, Traceroute, CCDU, Wireless and Query.
Within each tab we can find everything necessary both to find the passwords and to decipher them. Some of the available techniques are very simple, and any user can carry them out, but others are much more complicated and, if we are not advanced users, we will have problems.
Depending on the type of password we are trying to break, it may take more or less time.
Download the latest version of Cain and Abel
The developer of this tool is an Italian programmer named « Massimiliano Montoro «. Although the program was proprietary, it was distributed through its website completely free of charge for any user who wanted to download it. However, its main website has been down for a long time, so to download it, we recommend using other reliable websites.
In this link we will find the latest official version of Cain & Abel, 4.9.56 published in 2014. Since then, the program has been discontinued . We must be careful when downloading this program, since many pages hide malware in this program. We must always look for alternative download websites like the one we have linked to, and avoid being deceived.
Alternatives to Cain & Abel
It is true that Cain and Abel is one of the best known tools in this area. But, of course, it is not the only one. We can find a wide variety of alternatives to hack passwords like the ones we are going to see below.
John the ripper
This is another favorite tool for recovering (or hacking) passwords. John the Ripper is free and open source software, available for all types of operating systems that will allow us to capture and decrypt all types of passwords and hashes on any operating system. A more complete software than Caín and Abel, with support and, in addition, 100% trustworthy since the source code is available to everyone.
We can download this program from here .
This tool is specialized in reversing password hashes to obtain the key they hide. This software is compatible with more than 200 different protocols, being able to obtain, through all kinds of techniques, any type of password that we want to guess. Typically, hashcat is used to complement other similar password retrieval programs.
We can download this tool from its website .
Wireshark is not a password cracking program as such. Rather, it is a network sniffer (one of the functions that Cain and Abel have) that allows, among many other things, to locate all kinds of passwords and other information that may travel through the network. This software will only allow us to capture the hashes of the passwords that we send through our local network, but then we will have to resort to other specialized software, such as any of the two previous ones, to revert the password.
We can download it from this link .
Ettercap is a program similar to Wireshark, that is, a tool designed to function as an interceptor / sniffer / recorder for LAN networks of all kinds. This tool is compatible with SSH1 and HTTPS, as well as being able to inject characters into packets in real time and carry out “Man in the Middle” attacks against PPTP tunnels. A must-have tool for anyone interested in conducting security audits.
We can download it from here .