Skip navigation

To make Cain and Abel portable, you must copy the cain and abel folder from your program files and copy it to your flash drive/thumb drive. You must have winpcap installed on the computer you wish to run Cain on. As long as winpcap is installed, you should be able to just double click and run cain.exe from the folder on your flash drive.

Many great tools exist for this purpose such as network miner and wireshark. However in this tutorial we will talk about Cain and Abel. Cain is a password cracking utility, is great for catching packets going through a network, and has many other uses. You can get cain and abel at oxid.it/cain.html, you need to have winpcap installed to use it. One you get cain setup, start the program. Go to the sniffer tab and click the sniffer icon(which is a little network card icon) to start the sniffer. Now right click in the empty space and choose scan mac addresses, input the ip range required and click scan. Click the apr tab at the bottom of your screen and then right click any whitespace on the page and click then click the plus button at the top of the program, now on the left menu select your router ip and on the right select the computer(s) you want to sniff data from. Now to start your attack click the yellow shield button next to the sniffer button at the top. To view an easy readout, you can click the passwords tab and view captured passwords. This is just a basic demo of cain, it is capable of being a very useful hacking tool, besides just sniffing network traffic.

Have you ever been somewhere and needed access to a user account on a pc that you don’t have the password for. Well with a simple hack and a little knowledge about password hashes you can. A password hash file is a file that contains your password after it has been hashed. Password Hashing is the process of taking your cleartext password such as password and transforming it into something like E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C

This is done by taking your plaintext password and hashing it with a precomputed string. If you use a good algorithm for this such as SHA-512 or MD5, you wouldn’t have a problem with windows passwords. However, windows stores passwords as lm hashes for backwards compatibility with older operating systems such as windows 95 and windows 98. LM hashing breaks a 15  character or less password into two 7 character all uppercase letter strings which are hashed seperately and combined to form your lm hash. This makes it vulnerable to cracking attacks.  After the passwords are hashed they are stored in the SAM file in C:\windows\system32\config    The file cannot be accessed directly while windows is running by windows explorer, however you can run a program like pwdump inside of windows or boot the computer off of a live cd and grab or crack the password. Ophcrack is  a windows program that you can import hashes into or Ophcrack comes as a live cd that you can boot the computer off of and crack the hashes right then. For more info read at hackinthebox.org or see the first episode of thebroken with kevin rose You can turn lm hashes off and just use the new better ntlm hashes by starting the registry editor(click run type regedit and press enter) locate the following key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and add a key that says NoLMHASH, then restart your computer and change your password and lm hashes won’t be stored anymore.

I thought I would go over a couple of hacks for Keypad access doors and gated communities. I have not tested this hack yet, but it supposedly works. When you come up to a gated community and have to enter an access code to get in, you can type 0911 which is an emergency backdoor for EMS/Fire/Police. This other hack is for Sentex keypad access doors, the code you enter is ***00000099#*      The *** enters admin mode the 000000 is the default admin pass key, the 99# opens the door, and the * exits admin mode.

I thought it was about to go over some useful Windows command line commands.


cd <directory to change to>  Change Directory
ipconfig shows ip address information
netstat shows all computers currently connected to your computer
net user <your user> * prompts you to type a new password for the user

shutdown -l logoff
shutdown -s shutdown
shutdown -t <time in sec.> -s shutdown computer in x amount of seconds

shutdown -m \\computer-name -s shuts down the remote computer name or ip address specified

net user  <username> /add adds a new user of the name you specified

net group <groupname>  <username> /add adds the user specified to the group specified such as user1 to adminstrators group

ping 10.0.0.1 This will send an icmp or 4 ping packets to 10.0.0.1

ping -t 10.0.0.1 This will send continuous ping packets to10.0.0.1

tracert 10.0.0.1 This will send a packet and show you the path it takes and the servers it hops through going to 10.0.0.1



L337 Electricity

I'm an Idiot

Most if not all of the credit for this post goes to Silivrenion form the Hak5 wiki post about the usb switchblade. I took his original technique and just added a bat file with a couple extra features. If you haven’t seen his version before I’ll go over all features. The File is put on a usb drive and autorun, it gathers ip address information, website history, stored passwords, password hashes(for cracking later to get the password), creation of an new admin user, and installation of remote control software. Only the remote control software and the installation of a new user were added by me, the rest of the credit goes to Silvrenion. To get this working you download the file from the link provided. unzip on your flash drive. Plug in to your target machine launch a command prompt and then run microsoft word.bat thats on the flash drive from the command prompt, when the winvnc settings box pops up enter your settings, then after you enter a password and click ok you will be logged off ,(take out the flash drive) log in as your new user user1 and password user1. Reinsert the flash drive and click open folder to view files with the program provided on this drive. Now the password hashes, stored passwords, and other good info and stuff are dumped onto the drive in the folder \WIP\log files\ A good program to crack the password hashes would be ophcrack available at ophcrack.org The computer can be accessed on the local area network after you set your winvnc settings, In the \WIP\CMD\VNC\ folder, the file vncviewer.exe when executed will ask for an ip address(use the on that is in the log file) click connect and then you are prompted for the password you set for winvnc and then you have complete access. A zip file that is to be unzipped on the flash drive your using is available here.
This is not meant to be used as a tool of destruction or disruption of systems you don’t own, but to show the insecurity of computers when flash drives are present.

It’s actually not what it sound like, I stopped to make a pitstop at a gas station and noticed something interesting in the bathroom. All the stores network cables run through the bathroom. For a normal person, this would be nothing, but a hacker sees an opportunity here. What if you cut the cables in the bathroom and crimp each side to extra cables you have and be the man in the middle on all the transactions that go across the wire.The Network Cable Conduit

An Exposed Network Cable(possibly coming from the cash register)

Have you ever wanted to send a txt message to a cell phone, but didn’t have one, or needed to send a txt message and you didn’t have coverage or had a dead battery. It is possible to send text messages via your e-mail account for free from an email provider simply by sending the message to the cell number appended with a special e-mail address.
Such as 1234567890@vtext.com Below are the addresses that should be appended for each Cell Phone Service Provider.(provider-phonenumber@provideraddress.com)

QWEST-phonenumber@qwestmp.com
VERIZON-phonenumber@vtext.com
VIRGIN MOBILE-phonenumber@vmobl.com
NEXTEL-phonenumber@messaging.nextel.com
T-MOBILE-phonenumber@tmomail.net
SPRINT-phonenumber@messaging.sprintpcs.com
AT&T-phonenumber@txt.att.net

Follow

Get every new post delivered to your Inbox.