CAIN AND ABEL (way to get System credentials)

CAIN AND ABEL

System Hacking is the way to get access to the victim system and tries to gather information about the computer. It is the most fundamental course of CEH Training.

Software that is used for password recovery for Microsoft Windows platform is Cain and Abel.

We can recover many kinds of passwords involved with the system using ARP Poisoning, network packet sniffing and cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.

Cain and Abel consist of two components:

  1. The front-end application called Cain is used to recover your passwords and perform sniffing.
  2. Windows NT service that performs the role of traffic scrambling is known as Abel.

Cain and Abel Features:

• Certification Manager Password Decoder
• LSA Secrets Dumper
• Dial-up Password Decoder
• APR (ARP Poison Routing)
• Administration Manager
• 802.11 Capture Files Decoder
• Course Table Manager
• Storage Password Manager
• Sniffing System
• Enumerator
• Remote Scanner
• Secret key Crackers
• Cryptanalysis assaults
• WEP Cracker
• Syskey Decoder
CONCEPT

How to perform Cain and Abel to get system Credentials and crack hash passwords.

  1. Install Cain and Abel in windows OS.

 Cain & Abel Install

  1. Open Cain and go to cracker option on it choose to add to list option to add the file in it.

cracker option on it choose add the file

  1. Import hashes that contain system credentials from the text that you generated after using OPHCRACK.

using OPHCRACK

  1. Import the .txt file in the option displayed.

Import the .txt file

  1. After importing you get the system name with their LM hash and NT hash value.

  1. Choose the system you wanted to crack and attempt any set of attacks you want like Dictionary attack or Brute-force or cryptanalysis attack to retrieve

wanted to crack and attempt any set of attack you want cryptanalysis attack

  1. Here we attempted a Brute-force attack on it and set all the perimeters as per the needs

Brute force attack

  1. Finally, at the end, I got the password of the system and u can access it whenever you like.

got the password of the system

 

HOW TO OVERCOME SUCH ATTACKS

  • Install IDS/IPS which mostly detects/blocks attacks like this.
  • To prevent “MITM” on your system you can use “static ARP” in the operating system.
  • Use software which can detect and block ARP poisoning like “arpON”.
  • Try to use complex Password so that it would take many days/months to get the break

We are Best Institute for CEH Training in Delhi NCR. Codec Networks provides EC Council Training Certification in Delhi Centre with live Project Environment & Lab Facility. We prepare for latest CEH V9 Training in EC Council, candidates need to work on a live project.

About

Codec Networks provides IT Trainings from EC Council CEH ECSA, LPT, CHFI, Network Security, Penetration Testing, ISACA, ISC2, PECB ISO 27001LA LI, Cisco Networking CCNA CCNP, Linux Administration RHCE, Prog Languages JAVA, Advanced Java, android development. We also offer B2B Industry Solutions and Services in IT | Information|Cyber Security in Delhi NCR India.

View all posts by