‘Cain and Abel’ is a renowned tool for cracking the windows login passwords. In order to use this, the attacker need to get access to the target machine and run the tool in the machine. There are mainly three categories of attacks:
1. Dictionary attack: In this method an explicit wordlist or dictionary is provided to the tool. The tool performs hash of the keywords in the dictionary and compares with the hash values of the windows passwords.
2. Brute-force attack: This method is more time consuming, where the attacker has the flexibility of choosing the password combinations to be tried – alphabetic only, alphabetics and numbers, alpha numerals and special characters. In addition, the attacker can choose the minimum and maximum lengths of the passwords, which can optimize the attack.
3. Cryptanalysis attack: This method is by using an explicit rainbow table. This method is the fastest method. The rainbow table is a combination of a list of keywords and equivalent hash values and the check is done between the hash values of the windows password to the rainbow table and retrieves the respective keyword value for the matching hash.
In this scenario, the approach taken is Brute-force with the predefined character-set of alphabets and numerals.
Cain was able to crack the password for the user “adminuser” and the password is “admin”.
As the next step another user account was created a complex password with a combination of alphabets, numerals and special characters. Cain was unable to crack the password in the provided short duration, but a longer time and a healthier method like rainbow table could ease up this process.
Comentarios