CAIN AND ABEL (way to get System credentials)

CAIN AND ABEL (way to get System credentials)



CAIN AND ABEL



System Hacking is the way to get access to the victim system and tries to gather information about the computer. It is the most fundamental course of CEH Training.



Software that is used for password recovery for Microsoft Windows platform is Cain and Abel.

We can recover many kinds of passwords involved with the system using ARP Poisoning, network packet sniffing and cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.

Cain and Abel consist of two components:

  1. The front-end application called Cain is used to recover your passwords and perform sniffing.
  2. Windows NT service that performs the role of traffic scrambling is known as Abel.
Cain and Abel Features:

• Certification Manager Password Decoder
• LSA Secrets Dumper
• Dial-up Password Decoder
• APR (ARP Poison Routing)
• Administration Manager
• 802.11 Capture Files Decoder
• Course Table Manager
• Storage Password Manager
• Sniffing System
• Enumerator
• Remote Scanner
• Secret key Crackers
• Cryptanalysis assaults
• WEP Cracker
• Syskey Decoder




CONCEPT

How to perform Cain and Abel to get system Credentials and crack hash passwords.

  1. Install Cain and Abel in windows OS.
 Cain & Abel Install



  1. Open Cain and go to cracker option on it choose to add to list option to add the file in it.
cracker option on it choose add the file



  1. Import hashes that contain system credentials from the text that you generated after using OPHCRACK.
using OPHCRACK



  1. Import the .txt file in the option displayed.
Import the .txt file



  1. After importing you get the system name with their LM hash and NT hash value.




  1. Choose the system you wanted to crack and attempt any set of attacks you want like Dictionary attack or Brute-force or cryptanalysis attack to retrieve
wanted to crack and attempt any set of attack you want cryptanalysis attack



  1. Here we attempted a Brute-force attack on it and set all the perimeters as per the needs
Brute force attack



  1. Finally, at the end, I got the password of the system and u can access it whenever you like.
got the password of the system





HOW TO OVERCOME SUCH ATTACKS

  • Install IDS/IPS which mostly detects/blocks attacks like this.
  • To prevent "MITM" on your system you can use "static ARP" in the operating system.
  • Use software which can detect and block ARP poisoning like “arpON”.
  • Try to use complex Password so that it would take many days/months to get the break
We are Best Institute for CEH Training in Delhi NCR. Codec Networks provides EC Council Training Certification in Delhi Centre with live Project Environment & Lab Facility. We prepare for latest CEH V9 Training in EC Council, candidates need to work on a live project.



Visit our website:- Codec Networks

Mobile No:- +91 9971676124 | +91 8800331124

Email:- mktg@codecnetworks.com

Address:- New Delhi House, Barakhamba, New Delhi

Comments