very interesting tool

Post by **ccb056** » February 26th, 2004, 4:44 am

http://www.oxid.it/cain.html

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cr@cking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program comes in two versions because of the differences and limitations of some API.

Tebow2000 · Post by **Tebow2000** » February 26th, 2004, 5:40 am

Think of the evil I can do with this little tool!

Problem #1 its only for Windows 95/98

Will.Spencer · Post by **Will.Spencer** » May 24th, 2004, 7:01 pm

Neo-Tebow2000 wrote:Problem #1 its only for Windows 95/98

As an alternative, you can use OpenWall's John the Ripper with Olle Segerdahl's NTLM patch.

Check out How do I audit Windows NT/2000/XP passwords?

Tebow2000 · Post by **Tebow2000** » May 25th, 2004, 11:55 pm

Microsoft Windows NT/2000/XP passwords are encrypted as 32-bit one-way hashes using the MD4 messages digest algorithm. This is similar to the way that Unix stores passwords, although the hashing algorithm is a different one.

For compatability with legacy Microsoft LAN Manager software, Windows NT/2000/XP also stores the passwords redundantly as a 56-bit DES (Data Encryption Standard) hash. This 56-bit hash is created by splitting the password into two 7-character uppercase strings, and then converting each to a 56-bit DES key which both then encrypt the string "KGS!@#$%" and concatenating the results. This hash is usually referred to as the NTLM hash.

Windows NT/2000/XP passwords are vulnerable to a dictionary attack. This is much the same as attacking Unix passwords using a wordlist.

In addition, NTLM passwords are vulnerable to a brute force attack. This means that every password on the system can be retrieved.
Windows NT/2000/XP auditing programs

The best auditing programs for Windows NT/2000/XP passwords are currently:

OpenWall's John the Ripper with Olle Segerdahl's NTLM patch:

John the Ripper is a fast password auditer, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP LM hashes, plus several more with contributed patches.

Cain & Abel:

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, auditing encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

http://www.tech-faq.com/computers/audit ... ords.shtml