Cain & Abel
|Cain & Abel|
( 2014 )
According to the development team headed by Massimiliano Montoro, Cain & Abel is a password rescue tool for Windows , but is more of a multifunctional tool.
It allows easy reading of all passwords saved in the browser, cracking of encrypted passwords ( hash values ) with the help of dictionaries, brute force and rainbow tables as well as the recording of passwords and VoIP conversations in the network via ARP spoofing . This also enables it to carry out man-in-the-middle attacks against a number of SSL- based services and RDP .
Reading out various information from Windows systems and analyzing routing processes is also possible.
Abel, the supplied client program, can be installed remotely via the Windows network and reads the TCP / UDP tables, the LSA secrets and the hash values of the user accounts. It also gives the Cain user remote console access . Abel does not hide from users of the system.
Cain & Abel uses the WinPcap drivers, the AirPcap adapter is supported from version 4.0. With the latter, passive reading of data traffic in WLANs as well as attacks on WEP is possible. From version 4.9.1 it is also possible to carry out attacks against WLANs secured with WPA handshake and WPA-PSK .
The password hashes recorded by Cain can also be passed on to other programs such as John the Ripper or Distributed Password Recovery. Cain himself can read recordings of network traffic in the data format of libPcap / WinPcap and then automatically extracts passwords or their hash values .
The specialty of Cain is the combination of numerous functions under a single interface; there is no other tool of this kind.
The program has not been further developed since 2014. This also means that current browsers sound an alarm due to outdated SSL protocols when the data traffic is decrypted and re-encrypted with the help of Cain. For example, Cain supports B. no TLS version 1.3; the standard was adopted in 2018.
Since Cain & Abel bypasses security measures, it must be understood as a computer program for spying on data after the so-called hacker paragraph (§ 202c StGB) comes into force in Germany. Thus, illegal use of the software can be made a criminal offense.
- Holger Reibold: Cain & Abel compact . Brain-Media.de, ISBN 978-3-95444-226-3 , p. 100 ( Cain & Abel compact - the introduction to the practice ).