Tuesday, September 1, 2009

Cain and Abel - Cracker Tutorial (Dictionary Attack)

Courtesy Go4the101.

In this tutorial we'll focus on how to use Cain's cracker to crack and recover passwords.

1>>Open Cain and click on the 'Cracker' tab.

2>>Now to your left is the list of all the various types of hashes that Cain and Abel is capable of dealing with.

3>>Across the top are buttons to crack less secure hashes that simply go through the same algorithm everytime.

4>>Also on the top is a button that looks like a calculator. This is a hash generator that you can use for test purposes.

5>>Clicking on the hash calculator will bring up a pop up with two text boxes with labels 'Text to Hash' and 'Bytes to Hash'. Typing something in the 'Text to hash' text box and clicking 'Calculate' will create many different types of hashes.

6>>The hashes it created are actually encrypted versions of whatever you typed.

7>>Imagine you have typed the word 'anything' in the box and it is a password or something. Going in the reverse direction, I will crack one of the hashes it has created to reveal the password behind it. I will be using the MD5 hash and then will be converting it back to the word 'anything'.

8>>At this point, it is necessary to know that Cain and Abel is capable of a few different decryption methods namely Bruteforce, Dictionary and Rainbow Table.

9>>As we know what is actually behind the hash, let us use the quickest method of cracking i.e Dictionary Attack.

10>>Copy the MD5 hash from the window where you calculated the hashes for the word 'anything' and then close the window.

11>>Now again you have Cain infront of you with the 'Cracker' tab open. Click on MD5 Hashes in the sidepane on your left.

12>>Now right click in the empty space on its right and click 'Add to list'.

13>>A small dialog box will open with a text box where you are going to paste the MD5 hash you copied.

14>>After this click ok. Now you should be able to see the hash you entered at the top.

15>>Right click the hash and select 'Dictionary Attack'.

16>>You will be seeing a screen with the available wordlists on the top and the buttons 'start' and 'exit' at the bottom. If you still haven't added the wordlists, right click in the empty space at the top and choose 'Add to list' and browse for the wordlist you have. (Aragon worldist is a good wordlist)

17>>Now press the 'Start' button at the bottom and Cain will crack the password for you in a matter of minutes depending on the speed of your computer.

In the next tutorial, we'll see how to crack complex passwords using the Rainbow Table and the Bruteforce attack. :):)

Till then, have fun.

Related Posts

Still haven't configured Cain? Learn how to configure it!

Learn to use Rainbow Tables to crack passwords!

Use your PocketPC to crack passwords on the go!  


Unknown said...

someone who know where to get the wordlists?

John said...

Regarding this tutorial:

Someone has decrypted a Facebook hash for me from Facebook database. All I have to do now is run it in Cain and Abel by doing a Dictionary Attack.

Do I need to enter the hash they provided me into the hash calculator in Cain? And how am I even running this hash? The hash is below.


Post a Comment