Audit Your Passwords

Put password-cracking tool Cain & Abel to good use

Tony Howlett

March 19, 2006

4 Min Read
ITPro Today logo in a gray background | ITPro Today

Increased processor speeds and powerful new cracking tools, such as one named Cain & Abel, have decreased password-cracking time dramatically. Although these new password-cracking technologies are useful only against stolen hashes or challenge/responses captured from a network, if attackers can gain access to your internal network either physically or by exploiting a machine on the network, they can use these tools to attempt to break your passwords. Even if you think you have a strong password policy in place, you might want to audit your user passwords to make sure users are strictly adhering to it. Beat attackers to the punch by using Cain & Abel on your own systems.

Cain Plus Abel Equals One Strong Tool
Cain & Abel is billed as a "password recovery tool for Windows." It's a freeware tool available on an Italian security Web site (http://www.oxid.it) and is offered with no usage limitations, as long as you don't sell it or attempt to decompile it. The authors are quite clear that they're offering the program to everyone, whether "good guys" or "bad guys." You can legitimately use it to recover lost passwords for systems and applications. It's also useful for auditing your Windows passwords to ferret out the weak ones, as well as for testing other aspects of your system security.

Cain & Abel isn't revolutionary. But it does nicely consolidate and automate functions that formerly required multiple programs or manual steps.

The latest version, Cain & Abel 2.8.6, includes online support for rainbow tables, allowing for greatly decreased cracking time by providing precalculated tables of hashes.

The tool consists of two elements—hence the name, Cain & Abel. The Cain aspect of the tool offers the capability to gather password files and hashes from networks in various ways. You can also use Cain to attempt various cryptanalytic attacks on the password files you gather. If you're able to gain access to a system by using a cracked password, you then use the Abel part of the tool to transfer the Cain capabilities to the remote system and gather additional information. Cain & Abel contains a veritable smorgasbord of cracker tools. Here are a few:

Network sniffer. The built-in sniffer is plenty powerful for most applications and has built-in filters for most network protocols and password formats. It makes combined network sniffing and password cracking easy, and it even allows for sniffing off the airwaves. You can sniff passwords on switched network segments by performing attacks on the Address Resolution Protocol (ARP) tables of switches and routers. A VoIP sniffer lets you reassemble VoIP sessions and save them as .wav files.

Promiscuous mode scanner. This neat tool finds other sniffers or their cousins, Intrusion Detection Systems (IDSs), based on ARP data. You can use this tool to find possible rogue sniffers on your network.

Protected password revealer. This function reveals stored passwords for most Windows applications, including Microsoft Office Outlook and any saved passwords from Web sites visited in Microsoft Internet Explorer (IE).

Routing protocol manager. Network administrators trying to troubleshoot routing problems will find this useful. It filters and captures messages from most network routing protocols, such as Routing Information Protocol (RIP) and Border Gateway Protocol (BGP).

Cisco config downloader/uploader and Cisco Type 7 decoder. The downloader/uploader tool grabs the configuration file off of Cisco devices that use SNMP strings. Hackers lucky enough to find a device with both read and write community strings set to defaults can upload a new configuration file. Although the notion of a malicious user obtaining only the configuration file might not seem too bad, remember that the encrypted "secret" enable password is stored in this file. And that's where Cisco Type 7 decoder comes in, cracking the password recovered from the configuration file.

RDP capture tool. This feature lets you capture all data sent during RDP sessions, including keystrokes if you're running Cain on the client side.

Application Password Recovery with Cain & Abel
Cain & Abel also offers program-specific password crackers or extractors for applications such as Microsoft Access, Microsoft SQL Server Enterprise Manager, Virtual Network Computing (VNC), MySQL, Cisco VPN Client, and Windows Wireless Configuration Tool. It includes an improved Traceroute function, Whois tool, and TCP/UDP table viewer (the same as the command-line Netstat tool).

This is only a partial list of features. As any systems administrator can tell you, when the "ankle biters" acquire tools like these, they can go from being simply annoying to very dangerous. I suggest that you put some of Cain & Abel's tools to work for you before the "bad guys" do.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like