Cain's features

Reveals locally stored passwords of Outlook, Outlook Express, Outlook Express Identities, Outlook 2002, Internet Explorer and MSN Explorer.

 

Reveals passwords stored in Enterprise and Local Credential Sets on Windows XP/2003.

 

Dumps the contents of the Local Security Authority Secrets.

 

Reveals passwords stored by Windows "Dial-Up Networking" component.

 

Enables sniffing on switched networks and Man-in-the-Middle attacks.

 

Provides the same functionality of the Windows tool "route.exe" with a GUI front-end.

 

Extracts user names associated to Security Identifiers (SIDs) on a remote system.

 

Retrieves, where possible, the user names, groups, shares, and services running on a machine.

 

Allows modification of registry parameters from the network.

 

Allows you to stop, start, pause/continue or remove a service.

 

Captures passwords, hashes and authentication information while they are transmitted on the network. Includes several filters  for application specific authentications and routing protocols. The VoIP filter enables the capture of voice conversations transmitted with the SIP/RTP protocol saved later as WAV files.

 

Monitors messages from various routing protocols (HSRP, VRRP, RIPv1, RIPv2, EIGRP, OSPF) to capture authentications and shared route tables.

 

Allows you to capture all data sent in a Remote Desktop Protocol (RDP) session on the network. Provides interception of keystrokes activity client-side.

 

Allows you to capture all data sent in SSH-1 sessions on the network.

 

Allows you to capture all data sent in HTTPS sessions on the network.

 

Allows you to capture all data sent in implicit FTPS sessions on the network.

 

Allows you to capture all data sent in implicit POP3S sessions on the network.

 

Allows you to capture all data sent in implicit IMAPS sessions on the network.

 

Allows you to capture all data sent in implicit LDAPS sessions on the network.

 

Grab certificates from HTTPS, IMAPS, POP3S, LDAPS, FTPS web sites and prepares them to be used by relative APR-* sniffer filters.

 

Using OUI fingerprint, this makes an informed guess about what type of device the MAC address from.

 

Identifies sniffers and network Intrusion Detection systems present on the LAN.

 

Can scan for wireless networks signal within range, giving details on its MAC address, when it was last seen, the guessed vendor, signal strength, the name of the network (SSID), whether it has WEP or not (note WPA encrypted networks will show up as WEPed), whether the network is an Ad-Hoc network or Infrastructure, what channel the network is operating at and at what speed the network is operating (e.g. 11Mbps). Passive scanning and WEP IVs sniffing are also supported using the AirpCap adapter from CACE Technologies.

 

Decode 802.11 capture files (wireshark, pcap) containing wireless frames encrypted with WEP or WPA-PSK.

 

Decodes the stored encrypted passwords for Microsoft Access Database files.

 

Decodes Base64 encoded strings.

 

Decodes Cisco Type-7 passwords used in router and switches configuration files.

 

Decodes Cisco VPN Client passwords stored in connection profiles (*.pcf).

 

Decodes encrypted VNC passwords from the registry.

 

Decodes passwords used by Microsoft SQL Server Enterprise Manager (SQL 7.0 and 2000 supported).

 

Decodes passwords in Remote Desktop Profiles (.RPD files).

 

Allows you to view all cached resources and relative passwords in clear text either from locked or unlocked password list files.

 

Enables the recovery of clear text passwords scrambled using several hashing or encryption algorithms. All crackers support Dictionary and Brute-Force attacks.

 

Enables password cracking using the Faster Cryptanalytic time memory trade off method introduced by Philippe Oechslin. This cracking technique uses a set of large tables of pre calculated encrypted passwords, called  Rainbow Tables, to improve the trade-off methods known today and to speed up the recovery of clear text passwords.

 

Performs Korek's and PTW  WEP attacks on 802.11 capture files containing enough WEP initialization vectors.

 

Enables password cracking by mean of the outstanding power of this on-line cracking service based on RainbowTable technology.

 

Will retrieve the NT password hash from the SAM file regardless of whether Syskey in enabled or not.

 

Will retrieve the Boot Key used by the SYSKEY utility from the local registry or "off-line" SYSTEM files.

 

Will retrieve the MSCACHE password hashes stored into the local registry.

 

Will retrieve the wireless keys stored by Windows Wireless Configuration Service.

 

Connects to an SQL server via ODBC and extracts all users and passwords from the master database.

 

Connects to an Oracle server via ODBC and extracts all users and passwords from the database.

 

Connects to an MySQL server via ODBC and extracts all users and passwords from the database.

 

Shows passwords hidden behind asterisks in password dialog boxes.

 

Can calculate the RSA key given the token's .XML activation file.

 

Produces the hash values of a given text.

 

Shows the state of local ports (like netstat).

 

A improved traceroute that can use TCP, UDP and ICMP protocols and provides whois client capabilities.

 

Downloads or uploads the configuration file from/to a specified Cisco device (IP or host name) given the SNMP read/write community string.

Abel features

Provides a remote system shell on the remote machine.

 

Enable to manage the route table of the remote system.

 

Shows the state of local ports (like netstat) on the remote system.

 

Will retrieve the NT password hash from the SAM file regardless of whether Syskey in enabled or not; works on the Abel-side.

 

Dumps the contents of the Local Security Authority Secrets present on the remote system.