ack Your Lan Get all passwords and chat conversations
In this post i will show you how to sniff the passwords & chat conversations in your lan this is only the basic tut my next post will be covering arp poisoning with this u can make filter & fine-tune all the date of the victimhii guys in this post i will show u how to use cain & abel its the best & fastest tool both for sniffing & cracking the passwords Download Link :- http://oxid.netsons.org/download/ca_setup.exe (sometimes the link doesn’t work) what’s Cain & Able ? This tutorial is meant for sniffing only there’s a lot other things you can do with cain as mentioned above Softpedia link :- > here < How to sniff with CAIN Step 2:- Click on Sniffer tab Step 5:- Click OK on the next window that comes -> CAIN is told to scan all the host in our subnet Step 3:- Activate the sniffer by clicking 2nd icon (seems like micro chip — tooltip says Start/Stop Sniffer) from the left on top bar Step 6:- Click on APR tab at the bottom Step 7: Now Click on the & sign again at the top to add Computers to sniff on . A windows will pop up . In that windows . Select the router/gateway of your lan on the left side & the computer you need to sniff on the right side. Mostly the gateway is the two with ending octet 1 eg. 10.10.10.1 or 10.129.71.1 as in my case. Ususally last no. is 1 Step 8:- Now you’ll see the computers are added to the list. Click on 3rd icon from the left on the top which is like has a biohazard sign . You’ll see something like this Step 9:- Step back & relax & let cain do its work you’ll see passwords rolling in passwords tab.(click it to enter password) Suggestions & Feedbacks are appreciated related post :Arp poisoning to redirect the victom to other site in your lan This tutorial will cover (version 4.9.8) check complete tut that cain & abel can do Cain is an easy application to install & configure. However, there’s several powerful tools that should only be configured after you fully understand both the capabilities & consequences to the application & the target network. After all, you can’t well hack a network if you take it down. Proceed with caution. INTRODUCTION 1. Enumerate the computers on the network they need to accomplish the following steps to get the admin account: 3. Harvest user account information 2. connect to a computer & install the Abel remote app 5. Login to the target machine with the admin account 4. Crack user account information passwords to get the admin account 7. Harvest all of the hashes from a server & sent to the cracker 6. Install the Abel service on the target server First things first, after you launch the application you will need configure the Sniffer to use the appropriate network card. If you’ve multiple network cards, it might be useful to know what your MAC address is for your primary connection or the two that you will be using for Cain network access. You can determine your MAC address by performing the following steps: two times they’ve the admin account on the server, the rest is up to you. 1. Go to “Start” 2. Run 3. enter the “CMD” 4. A black window will appear 5. Enter the following information in to the window without the quotes “Ipconfig /all” & then Enter 6. Determine which two of the Ethernet adapters you are using & copy the MAC address to notepad. You use this to help determine which NIC to select in the Cain application With the Cain application open, select the Configure menu option on the main menu bar at the top of the application. The Configuration Dialog box will appear. From the list select the tool with the MAC Address of Ethernet or Wireless network card that you will be using for hacking. While they are here, let’s review a number of the other tabs & information in the Configuration Dialog Box. Here is a brief description of each tab & its configuration: Sniffer Tab: allows the user to specify the Ethernet interface & the start up options for the sniffer & ARP features of the application. ARP Tab: Allows the user to in effect to lie to the network & tell all of the other hosts that your IP is actually that of a more important host on the network like a server or router. This feature is useful in that you can impersonate the other tool & have all traffic for that tool “routed” to you workstation. Keep in mind that servers & routers & designed for multiple high capacity connections. If the tool that you are operating from can not keep up with traffic generated by this configuration, the target network will slow down & even come to a halt. This will surly lead to your detection & eventual demise as a hacker as the event is easily detected & tracked with the right equipment. Filters & Ports: Most standard services on a network operate on predefined ports. These ports are defined under this tab. If you right click on two of the services you will be able to change both the TCP & UDP ports. But this won’t be necessary for this tutorial, but will be useful future tutorials. HTTP Fields: Several features of the application such as the LSA Secrets dumper, HTTP Sniffer & ARP-HTTPS will parse the sniffed or stored information from web pages viewed. basically put, the more fields that you add to the HTTP & passwords field, the more likely you are to capture a relevant string from an HTTP or HTTPS transaction. Traceroute: trace route or the ability to determine the path that your data will take from point A to point B. Cain adds some functionality to the GUI by allowing for hostname resolution, Net mask resolution, & Whois information gathering. This feature is key in determining the proper or available devices to spoof or siphon on your LAN or internetwork. Console: This is the command prompt on the remote machine. Anything that you can do on your computer from the CMD prompt can be done from here. Examples include mapping a drive back to your computer & copying all the files from the target or adding local users to the local security groups or anything . With windows, everything is possible from the command prompt. Hashes: Allows for the enumeration of user accounts & their associated hashes with further ability to send all harvested information to the cracker. LSA Secrets: Windows NT & Windows 2000 support cached logon accounts. The operating process default is to cache (store locally), the last 10 passwords. there’s registry settings to turn this feature off or restrict the number of accounts cached. RAS DUN account names & passwords are stored in the registry. Service account passwords are stored in the registry. The password for the computers secret account used to communicate in domain access is stored in the registry. FTP passwords are stored in the registry. All these secrets are stored in the following registry key: HKEY_LOCAL_MACHINE SECURITYPolicySecrets TCP Table: A simple listing of all of the processes & ports that are jogging & their TCP session status. Routes: From this object, you can determine all of the networks that this tool is aware of. This can be powerful if the tool is multihommed on two different networks. UDP Table: A simple listing of all of the processes & ports that are jogging & their UDP session status. Dictionary Cracking – Select all of the hashes & select Dictionary Attack (LM). You could select the NTLM but the method is slower & with few exceptions the NTLM & NT passwords are the same & NT cracks (Guesses) faster. In the Dictionary window, you will need to populate the File window with each of you dictionary files.you have to download the tables.and copy them to cain installation directory, Check the following boxes: As is Password, Reverse, Lowercase, uppercase, & two numbers.) Dictionary Cracking process Click start & watch Cain work. The more lists & words that you’ve, the longer it will take. When Cain is completed, click exit & then look at the NT password column. All of the passwords cracked will show up next to the now Alright then… Resort your hashes so single out the accounts that you’ve left to crack. Now select all of the un-cracked or guessed accounts & right click on the accounts again & select Cryptanalysis (LM). Add the tables that you downloaded from the net to the Cain LM hashes Cryptanalysis Sorted rainbow tables window. Click start. This should go speedy. Take a second to review your progress & look for additional patterns. Cryptanalysis attacking At this point, use program like sam grab that has the ability to determine which accounts are members of the domain administrators group to see if you’ve gotten any admin level accounts. two times you move to the next step, which is bruting, most of what you’ve left are long passwords that are going to be difficult & time consuming. Any time saver applications that you can find will be helpful. Bruting Repeat the same method for selecting the accounts. Here is the first time that you will actually have to use your brain Bruting can be very time consuming. Look closely at all of the passwords that you’ve cracked & look for patterns. First do you see any special characters in any of the passwords cracked. How about numbers? A lot of all upper case of all lower case? Use what you see to help you determine what parameters to include when you are bruting. As you will see, the addition of a single character or symbol can take you from hours to days or even years to crack a password. The objective is to use the least amount of characters & symbols to get the account that you need. So lets finish it off. Select all of the un cracked accounts & follow the previous steps & select Brute Force (LM). The default for LM is A-Z & 0-9. This is because that is due nature of LM hashes & the way that they are stored. Another note is that sometimes you will see a “?” or several “????” & then some numbers or letters. This is also due to the nature of NT versus NTLM & the method that NT used to store passwords. If not see if you can find a repeating structure that is based on the number 7. Anyway, based on the other passwords & those accounts with an “*” in the <8> Some definition MAC: Media Access Control – In computer networking a media access control address (MAC address) is a code on most forms of networking equipment that allows for that tool to be uniquely identified. Each manufacturer for Network Cards has been assigned a predefined range or block of numbers. Sniffing: Sniffing is the act or method of “Listening” to some or all of the information that is being transmitted on the same network segment that a tool is on. On an OSI Model Layer 1 network, even the most basic Sniffers are capable of “hearing” all of the traffic that is sent across a LAN. Moving to a Layer 2 network complicates the method , however tools like Cain allow for the spanning of all ports to allow the exploitation of layer 2 switched networks. ARP: Address Resolution Protocol – Address Resolution Protocol; a TCP/IP function for associating an IP address with a link-level address. Understanding ARP & its functions & capabilities are key skills for hackers & security professionals alike. A basic understanding of ARP is necessary to properly utilize all of the functions that Cain is capable of.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force & Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords & analyzing routing protocols. (taken from their website)
Step 1:- Install Cain & Launch it
Step 4:- Click on blue coloured & icon to scan for MAC address on LAN or basically right click ->scan MAC address
well its 3 in the morning & i don’t think somebody else is online besides me so this picture does’t show you any passwords
Take a second to look carefully at the accounts & passwords in the list. Look for patterns like the use of letters & characters in sequence. plenty of administrators use reoccurring patterns to help users remember their passwords. Example: Ramius password reset in November would have a user account of RAMNOV. If you can identify patterns like this you can use word generators to generate all possible combinations & shorten the window.
| Short Description: | Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. | ||
| Interface: | All this feature are integrated with a easy-to-use and pleasureful ncurses/gtk interfaces. | ||
| Platform: | Linux 2.0.x Linux 2.2.x Linux 2.4.x Linux 2.6.x | FreeBSD 4.x 5.x OpenBSD 2.[789] 3.x NetBSD 1.5 | Mac OS X (darwin 6.x 7.x) Windows 2000/XP/2003 Solaris 2.x |
| Required Libraries: | libpcap >= 0.8.1 libnet >= 1.1.2.1 libpthread zlib | ||
| Optional Libraries: | To enable plugins: libltdl (part of libtool) To have perl regexp in the filters: libpcre To support SSH and SSL decryption: openssl 0.9.7 For the cursed GUI: ncurses >= 5.3 For the GTK+ GUI: pkgconfig >= 0.15.0 and: - Glib >= 2.4.x - Gtk+ >= 2.4.x - Atk >= 1.6.x - Pango >= 1.4.x If you want SSH1 and/or HTTPS support. | ||
| Installation (Please Read): |
| ||
| Running Ettercap: |
| ||
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.
The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
Download Cain & Abel v2.0 for Windows 9x (discontinued and not supported anymore)
MD5 - A14185FAFC1A0A433752A75C0B8CE15D
SHA1 - 8F310D3BECC4D18803AF31575E8035B44FE37418
Download Cain & Abel v4.9.31 for Windows NT/2000/XP
MD5 - 35FFD3322AC2D37B42AB0BC499E6B39E
SHA1 - D65170B55BB98868FCCE0EC63C0E9E31EF9FF9F3
Cain & Abel User Manual is included in the installation package and also available on-line so you can view all the program's features without the need to install the program. The on-line version of the manual requires a JavaScript enabled browser.
No comments:
Post a Comment