Cain & Abel is a two part program distributed at http://www.oxid.it as a Self-Installing executable package named "ca_setup.exe".

Cain (Cain.exe) is the main GUI application, Abel is a Windows service composed by two files: Abel.exe and Abel.dll.

Requirements

The actual version requires the following items:

- 10Mb Hard-Disk space

- Microsoft Windows 2000/XP/2003/Vista

- Winpcap Packet Driver (v2.3 or above; AirPcap adapter is supported from Winpcap version 4.0). Please check the documentation on their site.

- Airpcap Packet Driver (for passive wireless sniffer / WEP cracker).

Setup

Just run the Self-Installing executable package and follow the installation instructions.

The package will copy all the files needed by the program into the installation directory.

Installation Files

Cain's setup program will install and/or replace these files in your system:

 

- Cain.exe [the main executable program]

- Cain.exe.sig [author's PGP signature of the file Cain.exe]

- CA_UserManual.chm [this file]

- Abel.exe [the executable of the Windows service named Abel ]

- Abel.exe.sig [author's PGP signature of the file Abel.exe]

- Abel.dll [a DLL file needed by the program]

- Abel.dll.sig [author's PGP signature of the file Abel.dll]

- Uninstal.exe [the uninstallation program]

- Wordlist.txt [a little word list file]

- Install.log [the log file of the installation package, you can check everything modified on your system here]

- Whatsnew.txt [contains differences between versions]

- oui.txt [a list file that contains vendor's information about MAC addresses]

- <Installation Dir>\winrtgen\winrtgen.exe [Winrtgen - a windows utility to generate Rainbow Tables]

- <Installation Dir>\winrtgen\winrtgen.exe.sig [author's PGP signature of the file winrtgen.exe]

- <Installation Dir>\winrtgen\charset.txt [an example file containing charset definitions for winrtgen.exe and Cain's cryptanalysis attacks]

- <Installation Dir>\Driver\WinPcap_4_1_beta5.exe [the original distribution package of the Winpcap drivers]

 

All the above files will be installed in the Installation directory and subdirectories.

Abel Installation

Abel is a Windows NT service composed of two files: "Abel.exe" and "Abel.dll". These files are copied by the installation package into the program's directory but the service is NOT automatically installed on the system.

Abel can be installed locally or remotely (using Cain) and requires Administrator's privileges on the target machine.

 

LOCAL INSTALLATION:

1) Copy the files Abel.exe and Abel.dll into the %WINNT% directory (E.G.: C:\WINNT or C:\Windows)

2) Launch Abel.exe to install the service (it is not automatically started)

3) Start the service using the Windows Service Manager (services.msc)

 

REMOTE INSTALLATION:
1) Use the "Network TAB" in Cain and choose the target remote computer where you want to install Abel

2) Right click on the computer icon in the left tree and select "Connect As"

3) Provide Administrator's credentials for the remote system

4) Once connected right click on the "Services" icon and select the menu entry "Install Abel"

5) That's it! The two files ‘Abel.exe’ and ‘Abel.dll’ will automatically be copied to the remote machine’s root directory i.e. C:\winnt, C:\Windows); the service will automatically be installed and started.

Registry Modifications

Like any other setup program Cain involves making changes to your registry. Whenever registry changes are made, it is always advisable to backup your registry first.

Cain's settings are all located under the HKEY_CURRENT_USER\Software\Cain registry key.

Dependencies

Cain.exe depends on or requires the following libraries: Abel.dll, Crypt32.dll, Pstorec.dll, Kernel32.dll, Advapi32.dll, Comctl32.dll, Comdlg32.dll, Gdi32.dll, Iphlpapi.dll, Mpr.dll, NetApi32.dll, Odbc32.dll, Ole32.dll, Oleaut32.dll, Packet.dll (Winpcap), Rasapi32.dll, Rpcrt4.dll, Shell32.dll, User32.dll, Wpcap.dll (Winpcap), Airpcap.dll (AirPcap), Ws2_32.dll, Wsnmp32.dll.

 

Abel.exe depends on or requires the following libraries: Abel.dll, Kernel32.dll, Advapi32.dll, Iphlpapi.dll, User32.dll, Ws2_32.dll.

 

Abel.dll depends on or requires the following libraries: Lsasrv.dll, Kernel32.dll, Advapi32.dll, User32.dll, samsrv.dll.

Post installation generated files

Cain will create the following files (comma separated list files) in the program's installation directory:

 

Cracker

- APOP-MD5.LST [contains a list of credentials of type APOP-MD5]

- CRAM-MD5.LST [contains a list of credentials of type CRAM-MD5]

- PIX-MD5.LST [contains a list of credentials of type Cisco PIX]

- IOS-MD5.LST [contains a list of credentials of type Cisco IOS]

- PWLS.LST [contains a list of PWL files and relative credentials]

- NTLMv2.LST [contains a list of credentials of type NTLMv2]

- LMNT.LST [contains a list of credentials of type LM & NTLMv1]

- CACHE.LST [contains a list of credentials of type MS-CACHE]

- OSPF-MD5.LST [contains a list of credentials of type OSPF-MD5]

- RIP-MD5.LST [contains a list of credentials of type RIPv2-MD5]

- VRRP-HMAC.LST [contains a list of credentials of type VRRP-HMAC]

- VNC-3DES.LST [contains a list of credentials of type VNC Triple DES]

- MD2.LST  [contains a list of hashes of type MD2]

- MD4.LST [contains a list of hashes of type MD4]

- MD5.LST [contains a list of hashes of type MD5]

- SHA-1.LST [contains a list of hashes of type SHA-1]

- SHA-2.LST [contains a list of hashes of type SHA-2]

- RIPEMD-160.LST [contains a list of hashes of type RIPEMD-160]

- K5.LST [contains a list of credentials of type Ms-Kerberos PreAuth]

- RADIUS_SHARED_HASHES.LST [contains a list of credentials of type RADIUS PreShared Key]

- IKEPSKHashes.LST [contains a list of credentials of type IKE-PSK]

- MSSQLHashes.LST [contains a list of credentials of type Microsoft SQL]

- MySQL.LST [contains a list of credentials of type MySQL]

- ORACLE.LST [contains a list of credentials of type ORACLE]

- TNS-HASHES.LST [contains a list of credentials of type ORACLE-TNS]

- 80211.LST [contains a list of 802.11 capture files]

- SIPHASHES.LST  [contains a list of hashes used in SIP protocol]

- TOKENS.LST [contains a list of RSA token serial numbers and seeds]

- WPAPSK.LST [contains a list of hashes of type WPA-PSK]

- CHAP.LST [contains a list of hashes of type CHAP-MD5]

 

Sniffer

- HOSTS.LST [contains a list of host's information such as MAC address, IP address, Hostnames]

- APR.LST [contains a list of hosts to be used in APR]

- DRR.LST [contains a list of host names and IP addresses to be used by APR-DNS]

- SSH-1.LST [contains references to files generated by SSH-1 sniffer filter]

- CERT.LST [contains references to certificate files to be used by APR-HTTPS]

- HTTPS.LST [contains references to files generated by APR-HTTPS sniffer filter]

- FTPS.LST [contains references to files generated by APR-FTPS sniffer filter]

- IMAPS.LST [contains references to files generated by APR-IMAPS sniffer filter]

- LDAPS.LST [contains references to files generated by APR-LDAPS sniffer filter]

- POP3S.LST [contains references to files generated by APR-POP3S sniffer filter]

- RDP.LST [contains references to files generated by APR-RDP sniffer filter]

- FTP.LST [contains a list of credentials captured by FTP sniffer filter]

- HTTP.LST [contains a list of credentials captured by HTTP sniffer filter]

- IMAP.LST [contains a list of credentials captured by IMAP sniffer filter]

- POP3.LST [contains a list of credentials captured by POP3 sniffer filter]

- SMB.LST [contains a list of credentials captured by Server Message Block sniffer filter]

- TELNET.LST [contains references to files generated by Telnet sniffer filter]

- VNC.LST [contains a list of credentials captured by VNC sniffer filter]

- TDS.LST [contains a list of credentials captured by TDS (Tabular Data Stream) sniffer filter]

- SMTP.LST [contains a list of credentials captured by SMTP sniffer filter]

- NNTP.LST [contains a list of credentials captured by NNTP sniffer filter]

- KRB5.LST [contains a list of credentials captured by MS-Kerberos5 sniffer filter]

- DCERPC.LST [contains a list of credentials captured by DCE/RPC sniffer filter]

- RADIUS.LST [contains a list of pre shared keys captured by RADIUS sniffer filter]

- RADIUS_USERS.LST [contains a list of user's credentials captured by RADIUS sniffer filter]

- ICQ.LST [contains a list of credentials captured by ICQ sniffer filter]

- IKE-PSK.LST [contains a list of pre shared keys captured by IKE sniffer filter]

- MySQL.LST [contains a list of credentials captured by MySQL sniffer filter]

- SNMP.LST [contains a list of community strings captured by SNMP sniffer filter]

- VoIP.LST [contains a list of VoIP conversations captured by SIP/RTP sniffer filter]

- WPAPSKAUTH.LST [contains a list of credentials captured by WPAPSK sniffer filter]

- TNS.LST [contains a list of user's credentials captured by ORACLE-TNS sniffer filter]

- GRE_PPP.LST [contains a list of user's credentials captured by GRE/PPP sniffer filter]

- PPPoE.LST [contains a list of user's credentials captured by PPPoE sniffer filter]

 

Other files

- RT.LST [contains the list of Rainbow Tables to use during Cryptanalysis attacks]

- QLIST.LST [contains hosts of the quick list in the Network Tab]

- CCDU.LST [contains information about Cisco Config Downloader/Uploader View]

- HTTP_USER_FIELDS.LST [contains a list of user name fields to be used by the HTTP-FORM and HTTP-COOKIE sniffer filter]

- HTTP_PASS_FIELDS.LST [contains a list of password fields to be used by the HTTP-FORM and HTTP-COOKIE sniffer filter]

- DUMP.IVS [contains a list of WEP IVs in aircrack-ng's compatible format]

 

Subdirectories

- <Installation Dir>\Certs\ [contains fake certificate files (*.crt) to be used by APR SSL spoofing sniffers]

- <Installation Dir>\HTTPS\ [contains session files captured by APR-HTTPS]

- <Installation Dir>\FTPS\ [contains session files captured by APR-FTPS]

- <Installation Dir>\POP3S\ [contains session files captured by APR-POP3S]

- <Installation Dir>\IMAPS\ [contains session files captured by APR-IMAPS]

- <Installation Dir>\LDAPS\ [contains session files captured by APR-LDAPS]

- <Installation Dir>\SSH-1\ [contains session files captured by APR-SSH-1]

- <Installation Dir>\Telnet\ [contains session files captured by Telnet sniffer filter]

- <Installation Dir>\VoIP\ [contains VoIP conversations captured by the sniffer and saved as WAV files]

- <Installation Dir>\CCDU\ [contains configurations files from Cisco devices]

Uninstallation

You can uninstall Cain from the Add/Remove Programs tool in the Control Panel or by directly executing the unistallation program. The uninstall program will not remove the Abel service.

Abel Uninstallation

You can remove the Abel Service using Cain's Service Manager; first stop the service and then remove it.