Cain and Abel 4.2 is out

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols

New features:

  • Cain’s MitM NTLM Challenge Spoofing. (Requires APR to be active and a MitM condition between victim hosts).
    You can now spoof server challenges in NTLM authentications; this feature enables the use of RainbowTables for cracking network hashes.
    WARNING !!! Enabling Challenge Spoofing cause users to fail authentications so use it carefully.
  • NTLM Session Security authentications downgrade to LM&NTLMv1. The following protocols are supported: SMB, DCE/RPC, TDS, HTTP, POP3, IMAP, SMTP.
  • LM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
  • HALFLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
  • NTLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
  • New types of RainbowTables have been added to Winrtgen v2.3.
    "lmchall" and "ntlmchall" tables can be used against LM and NTLM response hashes for spoofed challenges (default: 0x1122334455667788).
    "halflmchall" tables can be used against the first 8 bytes LM response hashes for spoofed challenges to recover the first 7 characters of the original password.

Download release 4.2

Compliance Mandates

  • Network Discovery :

    PCI DSS 11.2, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5


Comments

Related Articles

Cain and Abel
Data Sniffer
Information Gathering
Network Discovery
Password Cracking