Introduction
Cain and Abel is a powerful tool that does a great job in password cracking. It can crack almost all kinds of passwords, and it’s usually just a matter of time before you get it. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. A new wireless standard known as WPA2 is. Otherwise it takes more time to crack password, which may be the mixture of all types of characters along with special symbols. The step-by-step explaination for this technique is given below- 1) Open the tool 'Cain and Abel'.
According to the official website, Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
The latest version is faster and contains a lot of new features like APR (ARP Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
Who Should Use This Tool?
Cain & Abel is a tool that will be quite useful for network administrators, teachers, professional penetration testers, security consultants/professionals, forensic staff and security software vendors.
Requirements
The system requirements needed to successfully setup Cain & Abel are:
- At least 10MB hard disk space
- Microsoft Windows 2000/XP/2003/Vista OS
- Winpcap Packet Driver (v2.3 or above)
- Airpcap Packet Driver (for passive wireless sniffer / WEP cracker)
Installation
First we need to download Cain & Abel, so go to the download page www.oxid.it/cain.html.
After downloading it, just run the Self-Installing executable package and follow the installation instructions.
Cain’s Features
Here’s a list of all of Cain’s features that make it a great tool for network penetration testing:
| Protected Storage Password Manager | Credential Manager Password Decoder |
| LSA Secrets Dumper | Dialup Password Decoder |
| Service Manager | APR (ARP Poison Routing) |
| Route Table Manager | Network Enumerator |
| SID Scanner | Remote Registry |
| Sniffer | Routing Protocol Monitors |
| Full RDP sessions sniffer for APR | Full SSH-1 sessions sniffer for APR |
| Full HTTPS sessions sniffer for APR | Full FTPS sessions sniffer for APR |
| Full POP3S sessions sniffer for APR | Full IMAPS sessions sniffer for APR |
| Full LDAPS sessions sniffer for APR | Certificates Collector |
| MAC Address Scanner with OUI fingerprint | Promiscuous-mode Scanner |
| Wireless Scanner | PWL Cached Password Decoder |
| 802.11 Capture Files Decoder | Password Crackers |
| Access (9x/2000/XP) Database Passwords Decoder | Cryptanalysis attacks |
| Base64 Password Decoder | WEP Cracker |
| Cisco Type-7 Password Decoder | Rainbowcrack-online client |
| Cisco VPN Client Password Decoder | Enterprise Manager Password Decoder |
| RSA SecurID Token Calculator | Hash Calculator |
| TCP/UDP Table Viewer | TCP/UDP/ICMP Traceroute |
| Cisco Config Downloader/Uploader (SNMP/TFTP) | Box Revealer |
| Wireless Zero Configuration Password Dumper | Remote Desktop Password Decoder |
| MSCACHE Hashes Dumper | MySQL Password Extractor |
| Microsoft SQL Server 2000 Password Extractor | Oracle Password Extractor |
| VNC Password Decoder | Syskey Decoder |
Related Definitions
MAC: (from Wikipedia) “A Media Access Control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet. Logically, MAC addresses are used in the Media Access Control protocol sub-layer of the OSI reference model.
MAC addresses are most often assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware, the card’s read-only memory, or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer’s registered identification number and may be referred to as the burned-in address. It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. A network node may have multiple NICs and will then have one unique MAC address per NIC.”
Sniffing: (fromWikipedia) “A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.”
ARP(from Wikipedia) “Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC 826 in 1982. It is Internet Standard STD 37. It is also the name of the program for manipulating these addresses in most operating systems.”
Usage
Now after launching the application, we have to configure it to use appropriate network card.If you have multiple network cards, it’s better to know the MAC address of the network card that you will use for the sniffer.To get the MAC address of your network interface card, do the following:
1- Open CMD prompt.
/p>
2- Write the following command “ipconfig /all”.
3- Determine the MAC address of the desired Ethernet adapters, write it on Notepad,and then use this information to help determine which NIC to select in the Cain application.
Now clickConfigure on the main menu. It will open the configuration dialog box where you can select the desired network interface card.
Now let’s go through the configuration dialog tabs and take a brief look at most of them:
Sniffer Tab:
This tab allows us to specify which Ethernet interface card we will use for sniffing.
ARP Tab:
This tab allows us to configure ARP poison routing to perform ARP poisoning attack, which tricks the victim’s computer by impersonating other devices to get all traffic that belongs to that device, which is usually the router or an important server.
Filters and Ports Tab:
This tab has the most standard services with their default port running on.You can change the port by right-clicking on the service whose port you want to change and then enabling or disabling it.
Cain’s sniffer filters and application protocol TCP/UDP port.
HTTP Fields Tab:
There are some features of Cain that parse information from web pages viewed by the victim such as LSA Secrets dumper, HTTP Sniffer and ARP-HTTPS,so the more fields you add to the username and passwords fields, the more you capture HTTP usernames and passwords from HTTP and HTTPS requests. Here is an example:
The following cookie uses the fields “logonusername=” and “userpassword=” for authentication purposes. If you don’t include these two fields in the list, the sniffer will not extract relative credentials.
GET /mail/Login?domain=xxxxxx.xx&style=default&plain=0 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://xxx.xxxxxxx.xx/xxxxx/xxxx
Accept-Language: it
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.3); .NET CLR 1.1.4322)
Host: xxx.xxxxxx.xx
Connection: Keep-Alive
Cookie: ss=1; logonusername=user@xxxxxx.xx; ss=1; srclng=it; srcdmn=it; srctrg=_blank; srcbld=y; srcauto=on; srcclp=on; srcsct=web; userpassword=password; video=c1; TEMPLATE=default;
Traceroute Tab:
Traceroute is a technique to determine the path between two points by simply counting how many hops the packet will take from the source machine to reach the destination machine. Cain also adds more functionality that allows hostname resolution, Net mask resolution, and Whois information gathering.
Certificate Spoofing Tab:
This tab will allow Certificate spoofing.From Wikipedia:
“In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document that uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users (“endorsements”). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.”
We can simply think of it as some sort of data (cipher suites & Public key and some other information about the owner of the certificate) that has information about the destination server and is encrypted by trusted companies (CA) that are authorized for creating these types of data.The server sends its own certificate to the client application to make sure it’s talking to the right server.
Certificate Collector Tab:
This tab will collect all certificates back and forth between servers and clients by setting proxy IPs and ports that listen to it.
Challenge Spoofing Tab:
Here you can set the custom challenge value to rewrite into NTLM authentications packets. This feature can be enabled quickly from Cain’s toolbar and must be used with APR. A fixed challenge enables cracking of NTLM hashes captured on the network by means of Rainbow Tables.
Password Cracking
Now it’s time to speak about the cracker tab,the most important feature of Cain.When Cain captures some LM and NTLM hashes or any kind of passwords for any supported protocols, Cain sends them automatically to the Cracker tab.We will import a local SAM file just for demonstration purposes to illustrate this point.Here is how to import the SAM file:
Here are the 4 NTLM and LM hashes which will appear like the following image:
And here you will find all possible password techniques in the following image:
Cain And Abel Crack Wpa2 Encryption Decryption
As you can see from the previous image, there are various types of techniques that are very effective in password cracking.We will look at each of their definitions.
Dictionary attack:
From Wikipedia: “A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack). Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit. However these are easy to defeat. Adding a single random character in the middle can make dictionary attacks untenable.”
Brute forcing attack:
From Wikipedia: “In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.
The key length used in the cipher determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. A cipher with a key length of N bits can be broken in a worst-case time proportional to 2N and an average time of half that. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognize when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.”
Cryptanalysis attack (Using Rainbow Table):
From Wikipedia: “A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plain text password, up to a certain length consisting of a limited set of characters. It is a practical example of a space-time tradeoff, using more computer processing time at the cost of less storage when calculating a hash on every attempt, or less processing time and more storage when compared to a simple lookup table with one entry per hash. Use of a key derivation function that employ a salt makes this attack infeasible. Rainbow tables are a refinement of an earlier, simpler algorithm by Martin Hellman.”
How To Make A Rainbow Table?
There are many tools that create a rainbow table and there are many rainbow tables already available on the internet.Fortunately, Cain comes with a tool called winrtgen, which is located in its own folder in the installation.
You will need to choose ahash algorithm, minimum andmaximum length of password, and finally the charset that the password will use.Then press OK.
Conclusion
Cain and Abel is a powerful tool that does a great job in password cracking. It can crack almost all kinds of passwords, and it’s usually just a matter of time before you get it.
References
1- www.wikipedia.org
2- www.oxid.it
3- www.thehackerslibrary.com
What are the best Wifi pentesting tools in 2019?
The internet has become an integral part of our lives today.
Ranging from social media, online shopping, mobile banking, online research among other things… all require an internet connection.
It is why you see Wi-Fi hotspots wherever you go because people always need to connect to the internet.
Most of these Wi-Fi are usually secured with a password, so you need to know this security key in order to gain access.
Wi-Fi security analysis and penetration testing is an integral part of creating a secure network.
And this is what brings us to the best Wifi penetration testing tools that you can use to ethically test a wireless network and fix it.
By trying to hack into your own wireless networking using this wifi hacking tools, you’ll be able to better understand wifi security vulnerabilities and how to protect yourself from them.
In this article we are going to look at the wifi penetration testing tools used by hackers in 2019.
If you are completely new to pentesting or need to upgrade your skills, check out my other article learning pentesting through online tutorials.
Using these wireless pentesting tools, you’ll be able to uncover rogue access points, weak Wifi passwords and spot security holes before a hacker does.
You can also use these wifi hacking tools to see who is doing what in your network by analysing their network packets.
Aircrack
Aircrack is one of the most popular wifi pentesting tools for cracking both WEP and WPA wifi passwords.
It uses one of the smartest algorithms for capturing passwords by first capturing the network packets.
Once it has gathered enough packets, it uses them to try and recover the wifi password by implementing an optimized FMS attack.
Apart from supporting most of the available wireless adapters, it has very high success rate and is almost always guaranteed to work.
In order to effectively be able to use this wifi pentest tool to crack wifi passwords, you’ll need deep knowledge and understanding of Linux as it comes as a Linux distribution.
Reaver
Reaver is also one of the most popular open source wireless network pentesting tools, but it has taken a long time without continuous development.
This wifi hacking tool uses brute force attack to crack wifi passwords for WPA/WPA2 wireless networks.
Even though the source code for this amazing wireless pentesting tools was hosted on Google, here is a great Reaver usage documentation that shows how to use it.
I still find it a great wifi hacking tool even though it has taken many years without updates.
You can use it as a great alternative to other wireless penetration testing tools that use brute force attack to crack wifi security keys.
Airsnort
Airsnort is a free wifi pentesting tool that is used to crack wifi passwords for WEP networks.
It works by gathering network packets, examining them and then using them to compose the encryption key once enough packets have been gathered.
Related:
7 Common Network Security Threats And How To Fix Them
10 Best Ethical Hacking Courses on Udemy in 2020
This tool is very easy to use and comes with both the Windows and Linux operating systems.
Even though, it’s a great password cracking tool for a WEP network, it has the same problem as the Reaver tool that I mentioned above.
The Airsnort source code is still available on Sourceforge.net but it has not been updated in years…
It’s a great wifi security tool to try, though, for hacking wifi passwords.
Cain & Abel
Cain and Abel is one of the top wireless penetration testing tools for cracking WEP wifi passwords, particularly for the Windows platform.
It’s popular because if its ability to crack wifi passwords using various techniques like network packet sniffing, dictionary attacks, brute force attacks and cryptanalysis.
This tool can also recover network security keys by analyzing network protocols.
Apart from cracking passwords, you can also use this wifi hacking tools to record VoIP conversations, get cache data as well as to get hold of routing protocols for the purpose of ethical hacking.
It is an updated tool and is available for all the different versions of the Windows operating system.
Infernal Twin
Infernal Twin is an automated wireless penetration testing tool created to aid pentesters assess the security of a wifi network.
Using this tool you can create an Evil Twin attack, by creating a fake wireless access point to sniff network communications.
After creating a fake wifi access point you can eavesdrop users using phishing techniques and launch a man-in-the-middle attack targeting a particular user.
Because this tool is written in Python, you can install in various Linux distros and use it for wireless network auditing and pentesting.
It enables you to hack wifi passwords for WEP/WPA/WPA2 wireless networks.
Wireshark
Wireshark is a free and open source wireless penetration testing tool for analyzing network packets.
It enables you to know what is happening in your wireless network by capturing the packets and analyzing them at a micro-level.
Because it’s multi-platform it can run on all the popular operating systems including Windows, Linux, Mac, Solaris & FreeBSD.
Even though you it might not help you recover plaintext passphrases, you can use it to sniff and capture live data on wifi networks, bluetooth, ethernet, USB among others.
However, to use this tool adequately, you need a deep understanding of network protocols in order to be able to analyze the data obtained.
So you first need to study network protocols and here are the best network security courses online to get you started.
Wifiphisher
Wifiphisher is another great wifi pentesting tool for cracking the password of a wireless network.
It functions by creating a fake wireless access point which you can use for red team engagements or wifi security testing.
Using this tool you can easily achieve a man-in-the-middle position again wifi access clients by launching a targeted wifi association attack.
You can the use it to mount victim customized web phishing attacks against the connected clients in order to capture credentials or infect their stations with malware.
So you can use it to launch fast automated phishing attacks on a wifi network to steal passwords.
Even this tool is free and comes pre-installed in the Kali Linux distro, it is also available for Windows and Mac OS’es.
CowPatty
CowPatty is an automated command-line wireless penetration testing tool for launching dictionary attacks on WPA/WPA2 wifi networks using PSK-based authentication.
It can launch an accelerated network attack if a precomputed PMK file is available for the SSID being assessed.
Because this wireless hacking tool runs on a word-list containing the passwords to be used in the attack, you are out of luck if the password is not within the passwords’ word list.
Another drawback is the sluggishness of this tool because the hash uses SHA1 with the SSID speed which depends on the password strength.
Related:
Is Ethical Hacking Legal? 3 Surprising Situations When It’s Not
10 Best Cyber Security Courses to Take on Udemy [2020]
Cain And Abel Crack Wpa2 Encryption Download
So it uses the password dictionary to generate the hash for each word contained in the dictionary using the SSID.
Thus even though this tool is easy to use, it’s really slow.
OmniPeek
OmniPeek is a very popular wireless pentesting tool that is used for packet sniffing as well as network packet analyzing.
Even though this is a paid tool and only runs on the Windows OS, it has a 30 day trial to test run the platform before you commit to a paid plan.
It works just as great as, and is a similar way, as Wireshark that I already mentioned above.
However, while you can use this tool to capture and analyze wireless network traffic, you’ll need a deep knowledge of network protocols and packets to be able to understand the collected data.
One reason it’s very popular as a wireless network hacking tool is that it supports almost all of the available network interface cards in the market…
So you are less likely to face network card compatibility issues.
Besides, you can also extend the functionality of this wifi pentest tool by using many of the readily available plugins to achieve greater troubleshooting capabilities.
You’ll also get expert GUI-based views for faster diagnostics because it has a built in expert system that suggests root cause analysis for hundreds of common network problems.
Conclusion
So there goes the list of the top wireless hacking tools for pentesting your wifi.
While you can use some of these wifi pentesting tools to crack wifi passwords, you can also use some of them to monitor your network traffic.
However, these are not the only wifi security tools out there. There are many more wireless hacking tools.
But these are the most common one among ethical hackers, and you can learn how to use them through these online penetration testing courses.
Also, note that even though you can use these wifi penetration testing tools to gain unauthorized access to a network, hacking into a network might be a criminal offence in your country.
So tread with caution if you are going to use these wifi security tools on another network.
These wifi pentesting tools are basically used by system admins or programmers working on a wifi based software for monitoring and troubleshooting wifi networks.
I hope you found this list of the top wifi security penetration testing tools useful.
Have you used any of the wifi hacking tools in this list before?
Are there other great wifi password cracking tools that are great but I didn’t mention in this top 10 list?
Please share your experience with wifi penetration testing in the comments below.