Hack This Site!

[Advertise With HackThisSite.org :: Hide These Ads]

Every decent man is ashamed of the government he lives under.

How To: Cain & Abel
Published by: Arrexel, on 2009-02-13 23:06:03
How To: Cain & Abel HackThisSite.org Staff or I can, in no way, be held responsible for the outcome of your actions caused by using this guide or program. This guide is for educational purposes only, and should not be used for illegal purposes. Intro: Cain & Abel is a unique piece of software that is just top-notch when it comes to recovering (or stealing) passwords. It even has the ability to detect a wireless password key, if enough packets are captured while sniffing. If this is the case, you could be granted with free wireless internet, and even possibly a fine and jail time for theft of bandwidth. Cain & Abel also has the ability to list nearly every stored password on the computer. If the auto-password is set on Internet Explorer, it will give a list of the usernames and passwords if selected. You can view passwords from the following locations, as long as they are stored in some way on your computer: In this guide, I will mainly focus on how to steal passwords over a network, unless another section is requested. Note, that you are only able to use Cain if you are in the area of wireless range. If it is not wireless, you would have to directly be in the building, and plugged into their to use it. Download To download Cain & Abel, hop on over to http://www.oxid.it/ and click on the \'Projects\' tab. A selection between the discontined 98/ME/Etc.. versions and the occasionally updated XP/Vista/Etc.. versions. Select the correct one to run on your machine. Install it, MAKING SURE TO INSTALL THE WINPCAP DRIVER WITH IT! Sniffer & APR Poisoning Using the sniffer, you are able to find out any available networks in your location. First off, navigate your way over to the \'Sniffer\' tab. Here, it will display any machines that are connected to the scanned network. Before you can scan for connected machines, the sniffer must be turned on. To do so, press the button to the right of the \'Open File\' folder icon. To show the list of who is connected, press the blue \'+\' button near the top of the window. This box should appear after you click the blue \'+\' button: Normally, just clicking \'All Hosts in My Subnet\' should have you set. Should you be in a larger network, however (e.g., school, office, etc), you should find out the first 3 parts of your IP address. Fill those in the same in both the minimum and maximum boxes. However, on the minimum section\'s 4th box, put in a 0. On the maximum\'s 4th box, put in 255. Click scan... and... BAM! A list of all the machines connected to your network. If there is more than a single result, I suggest resolving the host name to find out the computer\'s name. Just right click on the machine and click \'Resolve Host\'. I highly recommend only doing one at a time, or it could crash your computer, as well as the network (only temporarily). Head on over to the \'APR Poisoning\' tab, which can be selected inside the sniffer tab along the bottom of the window. Again, click on the blue \'+\' button to add a connection to poison. This will open a window to select your target and router. Here, it is important to know the IP address of your router, otherwise this won\'t work. If you resolved all of your host names, just look for a brand that isn\'t likely an IPod/computer/printer/etc. I think the most common router would be the D-Link, as well as Sysco. After you have determined your router, select your target in the left box, and select the router in the right box, and click \'OK\'. Congrats, you are now ready to steal a password, while being fairly unnoticed. To begin monitoring the information that is passed on from your target computer to the network, click on the \'APR Poisoning\' button, which looks like a biohazard symbol. You will now begin to intercept any data that is transferred from your target to the network, although it will continue on its path after passing through your computer. To view any of the passwords that you have possibly logged, click on the \'Passwords\' tab, at the bottom of the \'Sniffer\' tab. The only downside to having APR Poisoning active is the speed. It slows down your connection speed by a huge amount, depending on the computer. On my laptop, I am able to intercept normal web browsing tasks with ease, at a barely noticeably decreased speed. What you really want to stay away from is APR Poisoning a machine that is participating in network gaming. This is because there is barely a point to have it running during this time, and it likely wouldn\'t have much of a connection left over because of all the data being processed at once. It\'s not that your computer\'s connection slows down, but your target\'s. If their connection is still active at a good level, but it is unable to go more than the speed of a snail, you may start raising suspicion. No worries if the person isn\'t very computer-oriented. They\'ll just call in to their internet provider and complain. Well, I hope you liked my guide. Please post relevant comments and suggestions. -Arrexelrnrn
Cast your vote on this article 10 - Highest, 1 - Lowest

Comments:
Published: 23 comments.

godofcereal - 01:50 am Saturday February 14th, 2009

It was ok, nothing a 2 minute video wouldnt show. The pictures didnt load for me, not sure if it is me or something. Eh like I said, nothing a video couldnt show.
7/10.

Arrexel - 03:21 am Saturday February 14th, 2009

Thanks for the feedback. The pictures were showing when I previewed before submitting... but I guess they were removed. I know this can be found on YouTube and such sites, but for those who have dial-up(like myself) that an be a challenge :P

Muskelmann098 - 07:19 pm Sunday February 15th, 2009

Does anyone know if there is a possibility that the victim can trace you, or notice that they are being watched. I saw what you said about the speed, but is there any other signs? And by the way, how illegal is this?

Arrexel - 09:40 pm Sunday February 15th, 2009

There are ways to detect whether or not your connection to their computer is being spoofed. And that would be illegal if you use your findings in a negative way. Also, slowing down internet access would be some form of crime, I believe.

Master Hamster - 01:29 am Tuesday February 17th, 2009

I have a feeling that I'm doing something illegal and I'm going to get caught lol.

ninobrt - 06:25 pm Wednesday February 18th, 2009

yea i like it is a nice lecture but it will need more of the practical video...hey you if you feel you are doing something illegal and will soon be caught!pls people get him out of here we need real men with real heart here o.k

godofcereal - 05:39 pm Thursday February 19th, 2009

To the guy above me. Whats the logo of this site? Training the underground hacker. Hacking is illegal so should we stop this site from teaching people. If your scared that your going to get caught then dont do it. If your discouraging another member not to learn any means then you may want to leave.

Ohshytletsburnit - 09:22 pm Saturday February 28th, 2009

I try to start up cain....and it just says "couldn't start the service!"

any suggestions? or advice?

godofcereal - 06:28 am Monday March 02nd, 2009

Turn off your anti-virus, but try reinstalling it first.

sjlove3 - 11:44 am Tuesday March 03rd, 2009

thanks for this post man...

more power

more hacking. :P

pillow3971 - 04:28 am Thursday March 05th, 2009

Great post, honesty i don't like videos text is easier to follow for me step by step, also i don't like it when people at my school look over my shoulder to see "How to hack with Cain" on my screen. With the news today i try to keep a low profile even when messing with script kitty stuff.

apullz - 10:43 am Friday March 06th, 2009

Awesome Sauce.

Charlieace - 10:33 pm Friday March 13th, 2009

This will be great when I not at my house. I got dial-up (like you) and there are no networks nearby. I live in the middle of nowhere.

anand85 - 12:57 pm Saturday March 14th, 2009

Hi Arrexel ,Thanks for this information.I just wanted to ask ,It is illegal to scan a network and if i do it with the software u mentioned above without spoiling anything then would i be punished for this.Because without trying the software knowlege can not gained.I want to be ethical hacker not a cracker

maikle - 09:22 pm Saturday March 14th, 2009

but it's only in your own network so you cant get passes out of your own house / network...

animeisboringk - 05:50 pm Monday March 23rd, 2009

Live CD's are your friends....

godofcereal - 12:23 am Tuesday March 24th, 2009

It is not illegal if you dont find anything. If you find something then the choice of using it or leaving it. Depends what you want to use it for really.

vnEEs - 02:32 pm Thursday April 23rd, 2009

can u guys please help me how to break into windows-xp Administrator ... please .

DtO Walshy - 09:37 pm Sunday May 17th, 2009

I used to use this back in the day. As a side note, Cain seems to be useful as just an IP sniffer as well. With other programs and security devices such as Zone-Alarm, you are able to control which IP addresses you want on your network. Using Cain to sniff and Zone-Alarm to kick IPs off a network. This works well for security, but also if you are playing a game or some other type of action, where your modem is being used a server for others. (E.G. Xbox live, not exactly easy to lose when you boot 2 people off the opposing team XD )

Tim3L355 - 06:43 pm Wednesday June 03rd, 2009

I'm pretty new to this. I have heard of C&A thought a few times. I have a laptop, it's not wireless, its connected directly to the router. With that being said, it didn't seem to work, could this be the reason why?

redlol - 07:33 pm Tuesday June 09th, 2009

i cant put the last part of the min. as 0, it always goes to 1 if i put 0. same for the max. 4th part, it always goes back to 254 if i enter 255. some help would be appreciated

MPS - 08:38 am Thursday June 11th, 2009

Nice Guide, truly magnificent. But i'm reluctant to like trial the software. Maybe later...maybe...i just don't wanna screw my machine up, there's too many warnings

chauntetherocker - 07:19 am Monday August 10th, 2009

are you just trying to hack past the start up window??? the password? there is a back door login where you can reset the password.

This site is the collective work of the HackThisSite staff. Please don't reproduce in part or whole without permission.
Page Generated: Sat, 21 Nov 2009 16:35:15 +0000 Exec: 9
_{Page loaded in 0.26248 seconds!}
Current Code Revision: 79-Stable

Donate

Challenges

Get Informed

Get Involved

Communicate

About HTS

Translate

Partners