Cain and Abel (software) explained

Cain and Abel
Caption:A screenshot of Cain's interface.
Developer:Massimiliano Montoro
Operating System:Microsoft Windows
Latest Release Version:4.9.56
Genre:Password cracking/Packet analysis
License:Freeware

Cain and Abel (often abbreviated to Cain) was a password recovery tool for Microsoft Windows. It could recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.[1] Cryptanalysis attacks were done via rainbow tables which could be generated with the winrtgen.exe program provided with Cain and Abel.[2] Cain and Abel was maintained by Massimiliano Montoro[3] and Sean Babcock.

Features

Status with virus scanners

Some virus scanners (and browsers, e.g. Google Chrome 20.0.1132.47) detect Cain and Abel as malware.

Avast! detects it as "Win32:Cain-B [Tool]" and classifies it as "Other potentially dangerous program",[4] while Microsoft Security Essentials detects it as "Win32/Cain!4_9_14" and classifies it as "Tool: This program has potentially unwanted behavior."Even if Cain's install directory, as well as the word "Cain", are added to Avast's exclude list, the real-time scanner has been known to stop Cain from functioning. However, the latest version of Avast no longer blocks Cain.

Symantec (the developer of the Norton family of computer security software) identified a buffer overflow vulnerability in version 4.9.24 that allowed for remote code execution in the event the application was used to open a large RDP file, as might occur when using the program to analyze network traffic.[5] The vulnerability had been present in the previous version (4.9.23) as well[6] and was patched in a subsequent release.

See also

Notes and References

  1. Web site: How to use Cain and Abel. Cybrary. en. 2019-08-24. 2024-05-24. https://web.archive.org/web/20240524052138/https://www.cybrary.it/catalog. live.
  2. Web site: ECE 9609/9069: Introduction to Hacking. Whisper Lab. en. 2019-08-24. https://web.archive.org/web/20190824061800/https://whisperlab.org/introduction-to-hacking/talks/cain-and-abel. 2019-08-24. dead.
  3. Web site: Q&A: Cain & Abel, the password recovery tool. Zorz. Mirko. 2009-07-07. Help Net Security. en-US. 2019-08-24. 2024-05-24. https://web.archive.org/web/20240524052138/https://www.helpnetsecurity.com/2009/07/07/qa-cain-abel-the-password-recovery-tool/. live.
  4. Web site: What Is Brute-Force And How to Stay Safe?. Metev. Denis. 2019-07-29. Tech Jury. en-US. 2019-08-24. 2019-08-24. https://web.archive.org/web/20190824061801/https://techjury.net/blog/what-is-brute-force/. dead.
  5. Web site: Attack: Massimiliano Montoro Cain & Abel .rdp File BO: Attack Signature – Symantec Corp.. https://web.archive.org/web/20140313115146/http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26629. dead. March 13, 2014. Symantec. 2019-08-24.
  6. Web site: Massimiliano Montoro Cain & Abel Malformed '.rdp' File Buffer Overflow Vulnerability. www.securityfocus.com. 2019-08-24. 2020-02-28. https://web.archive.org/web/20200228192838/https://www.securityfocus.com/bid/32543. dead.