Cain & Abel

The Cain & Abel password recovery tool for Microsoft Operating Systems allows recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force, Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. There is a version for Windows 98 and a NT2000/XP version with more features that will be used in this lab. Where Cain is the main analysis tool, the Abel NT service provides a remote console on the target machine, which can dump user hashes from the remote SAM even if it was encrypted using the "Syskey" utility and other features like the LSA Secrets dumper, the route table manager and the TCP/UDP Table Viewer.
An interesting feature of Cain & Abel is APR (ARP Poison Routing) which enables sniffing on switched LANs by hijacking IP traffic of multiple hosts at the same time. The sniffer can also analyze encrypted protocols such as SSH-1 and HTTPS if used with APR and a Man-in-the-middle situation. Cain also comes with routing protocol authentication monitors, route extractors, crackers for all common hashing algorithms and for other various specific authentications, password calculators (Cisco PIX Hashes, RSA SecurID Tokens), decoders (Access Databases, Base64, Cisco Type-7, Enterprise Manager, Dialup, Remote Desktop)
Cisco Config Downloader/Uploader, SiD-Scanner, LSA Secrets Dumper, Protected Storage Passwords Viewer, NT Hash-Dumper, Abel Remote Console, MAC Scanner, Promiscuous-Mode Scanner, Wireless Scanner, and TCP/UDP/ICMP Traceroute + DNS Resolver + Netmask Discovery + WHOIS resolver.

Download
Download Manual