Q: What is Abel ? How can I install it ?

A: Abel is an NT service  composed by two files: "Abel.exe" and "Abel.dll" (Abel64.exe and Abel64.dll for x64 systems). These files are copied by the installation package into the program's directory but the service is NOT automatically installed. Abel can be installed locally or remotely (using Cain), anyway you need Administrator privileges to do that.



1) Copy the files Abel.exe and Abel.dll into the %WINNT% directory (ES: C:\WINNT)

2) Launch Abel.exe to install the service (not automatically started)

3) Start the service using the Cain's Service Manager



1) Use the "Network TAB" in Cain and choose the remote computer where Abel will be installed

2) Right click on the computer icon in the tree and select "Connect As"

3) Provide Administrator credentials for the remote machine

4) Once connected right click on the "Services" icon and select "Install Abel"

5) That's all, the two files "Abel.exe" and "Abel.dll" will be copied into the remote machine, the service will be installed and started automatically.


NOTE: Cain will automatically try to detect if the remote machine is running  a x64 operating system, than it will copy the 64-bit version of the above files (Abel64.exe and Abel64.dll) accordingly.

Q: Can Abel sniff traffic remotely ?

A: No. This feature has not been implemented yet.

Q: What is the Abel's main purpose ?

A:  Abel provides a remote console on the target machine, it can dump user hashes from the remote SAM database even if it was encrypted using the "Syskey" utility and ships other features like the LSA Secrets dumper, the Route Table Manager and the TCP/UDP Table Viewer.

Q: Is the communication between Cain and Abel encrypted ?

A: Yes, all data transmitted across the Abel's pipe is encrypted using the RC4 symmetric encryption algorithm and the fixed key "Cain & Abel". The console communication is not encrypted.