Cain and Abel: Windows password recovery utility

cain

As far as password recovery utilities go, Cain & Abel is by far one of the best out there. It’s designed to run on Microsoft Windows 2000/XP/Vista but has methods to recover passwords for other systems. It is able to find passwords in the local cache, decode scrambled passwords, find wireless network keys or use brute-force and dictionary attacks. For recovering passwords on other systems Cain & Abel has the ability to sniff the local network for passwords transmitted via HTTP/HTTPS, POP3, IMAP, SMTP and much more. We think it is quite possibly one of the best utilities to have as a system administrator, and definitely a must have for your toolbox.

Comments

  1. Erik says:

    I think it’s a great application, however my virus scanner goes berserk every time I run it, which means I have to turn it off and that’s something I don’t like.

    • bunglesmith says:

      I know another two great ways!
      If you have a bootable CD/USB drive,some password tools can be burn to it and you can boot your computer from USB to run the software, so that you can recover Windows password such as Windows 8/7/vista/xp/2008/2003/2000 password from USB.
      Such as Windows Password Rescuer, Offline NT Password, here I just list the simple steps:
      Step 1: Download Windows Password Rescuer/Offline NT Password Editor
      Step 2: Run it to burn to bootable CD/DVD or USB flash drive
      Step 3: BIOS setting of your locked computer to boot form CD or USB
      Step 4: Recover Windows password after the software starts.

    • mark says:

      Here I just show you how to reset Windows 7/Vista password with CMD. Key steps:
      Step 1: Logon your Windows as administrator(You also can logon Safe Mode with Command Prompt, pressing F8 when restart your computer, hit up/down key to choose Safe Mode with Command Prompt and hit Enter).
      Step 2: Click on Start, type cmd in the Run box or Search box and press Enter.
      Step 3: Type net user, all user accounts of your computer will be listed.
      Step 4: Type net user “UserName” “NewPassword”(replace UerName and NewPassword with yours), press Enter, then the password will be reset as new one and you can logon Windows 7/Vista with it. You also can use a program base on CMD.

  2. Thedudefrommiamivice says:

    I feel like 1998 just punched me in the face.

  3. Caleb Kraft says:

    @Thedudefrommiamivice,
    I shouldn’t encourage you, but I almost shot coffee out of my nose when I read your comment.

  4. Franklyn says:

    @Thedudefrommiamivice

    I get that feeling every time i look at the site.I guess thats just what its all about.

  5. YAAAAYYYYYY

    That’s what i’m calling news ;)
    Erm no okay. I know there are people out there who dont know software like this even if it’s old.

    New serious people: Use this as a !password recovery tool!

    Other new people: If u are teh 1337 h4x0r then u5 d4 t001 4nd u w!11 b3 d4 k!n6 0f 411 1337 h4x0rx!!! !mpre55 411 ur m473s with d0!n6 n0th!n 8u7 4 c1!ck.

    Yeehaw ;)

  6. Tomasito says:

    Now at hackaday, discover the newest password cracking tool called “John The Ripper”.

  7. Bob says:

    Don’t forget, some of the easiest to use arp spoofing tools for sniffing traffic on switched networks…

    You might want to be careful leaving this lying around on your work laptop. It is most certainly a hacking tool. If anything exciting goes down and they find this on your laptop, fingers may be pointed.

  8. nebulous says:

    Since this story is pretty good to make a general statement… there are capital letters here. Awesome! When did that happen?

  9. Jim says:

    I’ve used this tools when Abel was still a RAT. Ahh the good old days. The comments on how old it is made me LOL.

  10. Akoi Meexx says:

    Stealthmonkey, the leet…. it buuuuurns us!
    But seriously, when did HaD-9000 start doing retro posts?

  11. Decius says:

    @Thedudefrommiamivice

    HA! That made my morning :)

    Nether the less it’s still a better program than the one I was currently using :P

  12. Tim says:

    Horray! Behold my correctly capitalised prose. Tremble in fear as ambiguous cases are crushed beneath my might shift key.

    :-)

  13. rbz says:

    i dont get it. its been available for years, why now?

  14. redbeard says:

    @Thedudefrommiamivice & @Decius

    For real. I mean, I remember fucking around with this nigh on a decade ago. I’m too lazy to click on the link. Please tell me there is at least a new release and not just providing fodder for script kiddies too lazy to google this.

  15. Eddie says:

    It does not say how i run this on my arduino?

  16. bb says:

    oooh, oooh, I’m soo cool. I’m soo cooler than everyone else. Like. So. Totally. Like. Awesome. Yah, haww! I mean. For real. Ya know?

  17. Alan says:

    Yes. Awesome.
    This is the same program I used in 10th grade to crack my teacher’s passwords on the NT box’s they logged into.
    I remember laughing when my English teacher’s password was ‘book’
    Great program.
    I’m happy to see its still being updated after all this time.

    I think a google search would have been more appropriate than an article on hackaday.com .

  18. zetsway says:

    What’s up with all the crappy comments. Yeah, it may not be the newest tool to use but for new ppl I think it’s good.

  19. Sharky says:

    I love this stuff. I have a couple of master keys and some bump keys. Being able to enter almost any room makes you feel so empowered. So does this program.

    Now remember: With great power comes great responsibility.

  20. monkeyslayer56 says:

    @stealthmonkey
    should i be worryed if i can read the lower part of your post….

    also ophcrack is a good windows password cracking utility….

  21. the_twiz says:

    Back Orifice 2000 FTW

  22. O Mattos says:

    If you want an easy-to-use version of this for login passwords, try this:

    http://www.loginrecovery.com/

    It’s basicly the same, but is all automated, and will work much faster than C&A on a single computer. As an added bonus, you don’t have to download large liveCD’s or fiddle with moving a hard disk to another computer to get the password from it.

    Downside is it costs $$$, but you get what you pay for.

  23. r3nrut says:

    It’s old but it works and is still maintained. Whatever became of their client for Windows Mobile?

  24. overslacked says:

    @zetsway – Until a certain level of brain development, children believe any knowledge they have, everyone else also has. The dissonance introduced to such an immature system, when exposed to information they’ve already received but is presented as news, causes all higher-level cerebral function to halt completely, resulting in the comments you observed.

  25. Symantec found Trojan

  26. Thedudefrommiamivice says:

    @overslacked:
    Main Entry: news
    Pronunciation: \ˈnüz, ˈnyüz\
    Function: noun plural but singular in construction
    Usage: often attributive
    Date: 15th century

    1 a : a report of recent events b : previously unknown information c : something having a specified influence or effect
    2 a : material reported in a newspaper or news periodical or on a newscast b : matter that is newsworthy

    C&A hardly meets the definition. Or should the users of this site stand by and allow the site to delve into mediocrity, maybe its already there. I was under the impression this site was for hackers. Not sure about you but wouldn’t a hacker be in possesion of even the most basic of skills such as using google. Now if cain and able had a feature added to it that allowed it to do something new and impressive then I would be all for the post but it doesn’t.

    Hey guys we added wep cracking…… what do you mean the simpsons have already done it?

  27. Thedudefrommiamivice says:

    Oh and if the site was continually cluttered with information that someone new to the “scene” didn’t know it would become pretty pointless. There is always going to be people who don’t know about , thats why search engines exist. Give me something new, something that hasn’t been seen before, I dunno maybe a hack. What an odd concept eh?

  28. John says:

    @Thedudefrommiamivice

    you sir made my evening

  29. cyberpunk64bit says:

    this is by far the greatest program! i have used it for years!!

  30. frolix says:

    i believe the reason antivirus apps flag c&a is because part of the installation provides a back door to other c&a users on the network. hence the name. a tool that also betrays you…
    i used to have a little batch script that would move the offending file out of the system folder and back again. i think it was a .dll, can’t remember cause its been years ha

  31. jake says:

    this is now on here epic fail this prog is OLLLLDDDD

  32. juicy jim says:

    i have known about this for a few years lol…but its still a decent program

  33. OrderZero says:

    SO I JUST FOUND THIS NEW INVENTION ITS CALLED THE NINTENDO ENTERTAINMENT SYSTEM I CANT WAIT TO PLAY PONG ON ITS EPIC GAME CARTRIDGES!

  34. zetsway says:

    @Thedudefrommiamivice

    I agree with what you saying but there is no need to dis the site. Maybe HAD just found out about C&A. Who knows??

    Maybe if ppl stop complaining about articles on arduino we wouldn’t have articles like this.

    Just saying…..

  35. Jordan says:

    HaHaHa Back in high school I had this on a floppy disk……

  36. rmf says:

    Yeah, this is very retro. It’s probably worth noting that l0phtcrack 6 is also available for password cracking^W “recover.” And that actually IS new and updated software. Though it doesn’t have the handy dandy MITM features Cain does, it’s better.
    LC6. Better. Srsly.

  37. therealnewbe says:

    Jebas hackaday… The site is called “Hackaday” not, “it was a slow news day so here’s a write up on a program that even me, without hardly a clue in the world about password cracking, heard about YEARS ago.”

    I used to defend this site from the nay-sayers who would claim this site is going down the tubes, but my god I was wrong… RIP Hackaday I knew and loved. Welcome shitty engadet clone…

    Sad sad stuff, and just after eliot left too

  38. yuppicide says:

    I wouldn’t touch this. Virus scanner seems to go crazy. I also have no way to bypass the virus scanner. It’s on a server that I don’t have access to.

  39. drewg says:

    Well, since the “Abel” component is essentially a backdoor service, I wouldn’t be surprised that antivirus programs flag it.

  40. Damn says:

    I have installed it on my arduino, great program.

  41. fuckyou says:

    YUP if you remove the able.exe from the directory youre virus scanner schould be content,

    P.S.
    Youre chery list is tires old hacker bullshit

  42. James says:

    @rmf C&A actually is updated as well, he releases updates almost monthly.

    As far as people being unhappy about seeing hacking “non-news”, maybe hackaday needs to add some content silently, so that it doesn’t show up on the main page, but so that it shows up on the appropriate category.

  43. Muu haa haaaaa my wonderful toys :) i love them so because the data tells me so

  44. draeath says:

    I never was able to get ARP poisoning to work. It just did… nothing. Every time I tried.

  45. signal7 says:

    if you think system admins actually need this utility, that is an epic fail because a system admin you are not. this tool has only one use and it’s not an honest use in any sense of the word.

    i’ve been a sysadmin for over 10 years and i’ve never needed a password recovery tool. if you need to recover data, there’s a lot of tools for that that don’t require hacking the system. if you’re user loses their password, just reset it on the domain and be done with it. if you don’t have a domain, reinstall (no whining about how much easier is to use this tool to compromise your system – security takes precedence over convenience). it’s not the end of the world, people.

  46. Brett Haddock says:

    A few years back I was contracted by a company who fired their admin and he had locked everything down really tightly. Reinstalling everything wasn’t an option as there was a ton of data that needed to be saved (and backups were locked on the servers as well). Using this and a couple other tools helped break everything to save the data, after which the systems were wiped clean.

  47. yknalb says:

    So does this mean I can finally recover the passwords to my old porn archives?

  48. Linky Wu says:

    Long time ago , I was confronted with the password problem. Finally , my friend Jane introduce the Windows password Reset.It helps me access windows. http://www.resetwindowspassword.com

  49. happykaka says:

    Compare to many password recovery solutions. Windows password unlocker is highly recommended.
    1.Download Windows Password Unlocker from Password Unlocker Official site http://sn.im/wpu
    2.Decompress the Windows password unlocker and note that there is an .ISO image file. Burn the image file onto an blank CD with the burner freely supported by Password Unlocker.
    3.Insert the newly created CD into the locked computer and re-boot it from the CD drive.
    4.After launched the CD, a window pop up with all your account names(if you have several accounts); select one of the accounts that you have forgotten its password to reset it. Just one press, you have removed the password.

  50. xtremegamer says:

    what about kon-boot ?

    http://www.piotrbania.com/all/kon-boot/

    you can load it up on to USB stick.

    login as adminstrator , sniff around.

    admin has the blame ^_^

    also usefull if you forgot your password :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,434 other followers