SYSTEM PASSWORD CRACKING (CAIN and ABEL)

SYSTEM PASSWORD CRACKING (CAIN and ABEL)   

System hacking is the way to get access to the victim system and tries to gather information about the computer. The main motive of system hacking are as follow:

• Steal secrets.
• Obtain passwords.
• Get credit card information.
• Create so much traffic that a website has to shut down.

One of the software that is used for password recovery for Microsoft Windows platform is Cain and Abel. We can recover many kinds of passwords involved with the system using ARP Poisoning, network packet sniffing and cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. This tool has an ability to sniff the networks, record VoIP conversations, recover network keys, decode scrambled passwords, and analyze routing protocols. Arp Poisoning is used to strike into a LAN networks

 Cain and Abel consist of two components:

1.      The front-end application called Cain is used to recover your passwords and perform sniffing.

2.      Windows NT service that performs the role of traffic scrambling is known as Abel.

 Requirements:

Ø  Have a windows platform for installing .exe file of Cain and Abel.

Ø  Download Cain & Abel, go to the download page www.oxid.it/cain.html and download latest version compatible with your system.

Cain and Abel Features:

• Certification Manager Password Decoder
• LSA Secrets Dumper
• Dialup Password Decoder
• APR (ARP Poison Routing)
• Administration Manager
• 802.11 Capture Files Decoder
• Course Table Manager  
• Storage Password Manager
• Sniffing System
• Enumerator
• Remote Scanner
• Secret key Crackers
• Cryptanalysis assaults
• WEP Cracker
• Syskey Decoder

Cain and Abel are also used for sniff out different packets in FTP, HTTPS, POP3 and etc so as to get web based passwords also.

CONCEPT

How to perform Cain and Abel to get system Credentials and crack hash passwords.

              1. Install Cain and Abel in windows OS. 

          2.Open Cain and go to cracker option on it choose add to list option to add the file in it.

3.  Import hashes that contain system credentials from text that you generated after using OPHCRACK.

4.  Import the .txt file as displayed in the option displayed.

        5.  After importing you get the system name with their LM hash and NT hash value.

        6. Choose the system you wanted to crack and attempt any set of attack you want like Dictionary attack or Brute-force or cryptanalysis attack to retrieve the password.

7.  Here we attempted an Brute-force attack on it and set all the perimeters as per the needs.

8.Finally at the end I got the password of the system and u can access it whenever you like. (The password is underlined with blue color).

HOW TO OVERCOME SUCH ATTACKS

Ø  Install IDS/IPS which mostly detects/blocks attacks like this.

Ø  To prevent "MITM" on your system you can use "static ARP" in the operating system.

Ø  Use software which can detect and block ARP poisoning like “arpON”.

Ø  Try to use complex Password so that it would take many days/months to get break.