Cain and Abel: Windows password recovery utility

cain

As far as password recovery utilities go, Cain & Abel is by far one of the best out there. It’s designed to run on Microsoft Windows 2000/XP/Vista but has methods to recover passwords for other systems. It is able to find passwords in the local cache, decode scrambled passwords, find wireless network keys or use brute-force and dictionary attacks. For recovering passwords on other systems Cain & Abel has the ability to sniff the local network for passwords transmitted via HTTP/HTTPS, POP3, IMAP, SMTP and much more. We think it is quite possibly one of the best utilities to have as a system administrator, and definitely a must have for your toolbox.

71 thoughts on “Cain and Abel: Windows password recovery utility

  1. I think it’s a great application, however my virus scanner goes berserk every time I run it, which means I have to turn it off and that’s something I don’t like.

    1. I know another two great ways!
      If you have a bootable CD/USB drive,some password tools can be burn to it and you can boot your computer from USB to run the software, so that you can recover Windows password such as Windows 8/7/vista/xp/2008/2003/2000 password from USB.
      Such as Windows Password Rescuer, Offline NT Password, here I just list the simple steps:
      Step 1: Download Windows Password Rescuer/Offline NT Password Editor
      Step 2: Run it to burn to bootable CD/DVD or USB flash drive
      Step 3: BIOS setting of your locked computer to boot form CD or USB
      Step 4: Recover Windows password after the software starts.

    2. Here I just show you how to reset Windows 7/Vista password with CMD. Key steps:
      Step 1: Logon your Windows as administrator(You also can logon Safe Mode with Command Prompt, pressing F8 when restart your computer, hit up/down key to choose Safe Mode with Command Prompt and hit Enter).
      Step 2: Click on Start, type cmd in the Run box or Search box and press Enter.
      Step 3: Type net user, all user accounts of your computer will be listed.
      Step 4: Type net user “UserName” “NewPassword”(replace UerName and NewPassword with yours), press Enter, then the password will be reset as new one and you can logon Windows 7/Vista with it. You also can use a program base on CMD.

  2. YAAAAYYYYYY

    That’s what i’m calling news ;)
    Erm no okay. I know there are people out there who dont know software like this even if it’s old.

    New serious people: Use this as a !password recovery tool!

    Other new people: If u are teh 1337 h4x0r then u5 d4 t001 4nd u w!11 b3 d4 k!n6 0f 411 1337 h4x0rx!!! !mpre55 411 ur m473s with d0!n6 n0th!n 8u7 4 c1!ck.

    Yeehaw ;)

  3. Don’t forget, some of the easiest to use arp spoofing tools for sniffing traffic on switched networks…

    You might want to be careful leaving this lying around on your work laptop. It is most certainly a hacking tool. If anything exciting goes down and they find this on your laptop, fingers may be pointed.

  4. @Thedudefrommiamivice & @Decius

    For real. I mean, I remember fucking around with this nigh on a decade ago. I’m too lazy to click on the link. Please tell me there is at least a new release and not just providing fodder for script kiddies too lazy to google this.

  5. Yes. Awesome.
    This is the same program I used in 10th grade to crack my teacher’s passwords on the NT box’s they logged into.
    I remember laughing when my English teacher’s password was ‘book’
    Great program.
    I’m happy to see its still being updated after all this time.

    I think a google search would have been more appropriate than an article on hackaday.com .

  6. I love this stuff. I have a couple of master keys and some bump keys. Being able to enter almost any room makes you feel so empowered. So does this program.

    Now remember: With great power comes great responsibility.

  7. @stealthmonkey
    should i be worryed if i can read the lower part of your post….

    also ophcrack is a good windows password cracking utility….

  8. If you want an easy-to-use version of this for login passwords, try this:

    http://www.loginrecovery.com/

    It’s basicly the same, but is all automated, and will work much faster than C&A on a single computer. As an added bonus, you don’t have to download large liveCD’s or fiddle with moving a hard disk to another computer to get the password from it.

    Downside is it costs $$$, but you get what you pay for.

  9. @zetsway – Until a certain level of brain development, children believe any knowledge they have, everyone else also has. The dissonance introduced to such an immature system, when exposed to information they’ve already received but is presented as news, causes all higher-level cerebral function to halt completely, resulting in the comments you observed.

  10. @overslacked:
    Main Entry: news
    Pronunciation: \ˈnüz, ˈnyüz\
    Function: noun plural but singular in construction
    Usage: often attributive
    Date: 15th century

    1 a : a report of recent events b : previously unknown information c : something having a specified influence or effect
    2 a : material reported in a newspaper or news periodical or on a newscast b : matter that is newsworthy

    C&A hardly meets the definition. Or should the users of this site stand by and allow the site to delve into mediocrity, maybe its already there. I was under the impression this site was for hackers. Not sure about you but wouldn’t a hacker be in possesion of even the most basic of skills such as using google. Now if cain and able had a feature added to it that allowed it to do something new and impressive then I would be all for the post but it doesn’t.

    Hey guys we added wep cracking…… what do you mean the simpsons have already done it?

  11. Oh and if the site was continually cluttered with information that someone new to the “scene” didn’t know it would become pretty pointless. There is always going to be people who don’t know about , thats why search engines exist. Give me something new, something that hasn’t been seen before, I dunno maybe a hack. What an odd concept eh?

  12. i believe the reason antivirus apps flag c&a is because part of the installation provides a back door to other c&a users on the network. hence the name. a tool that also betrays you…
    i used to have a little batch script that would move the offending file out of the system folder and back again. i think it was a .dll, can’t remember cause its been years ha

  13. SO I JUST FOUND THIS NEW INVENTION ITS CALLED THE NINTENDO ENTERTAINMENT SYSTEM I CANT WAIT TO PLAY PONG ON ITS EPIC GAME CARTRIDGES!

  14. @Thedudefrommiamivice

    I agree with what you saying but there is no need to dis the site. Maybe HAD just found out about C&A. Who knows??

    Maybe if ppl stop complaining about articles on arduino we wouldn’t have articles like this.

    Just saying…..

  15. Yeah, this is very retro. It’s probably worth noting that l0phtcrack 6 is also available for password cracking^W “recover.” And that actually IS new and updated software. Though it doesn’t have the handy dandy MITM features Cain does, it’s better.
    LC6. Better. Srsly.

  16. Jebas hackaday… The site is called “Hackaday” not, “it was a slow news day so here’s a write up on a program that even me, without hardly a clue in the world about password cracking, heard about YEARS ago.”

    I used to defend this site from the nay-sayers who would claim this site is going down the tubes, but my god I was wrong… RIP Hackaday I knew and loved. Welcome shitty engadet clone…

    Sad sad stuff, and just after eliot left too

  17. I wouldn’t touch this. Virus scanner seems to go crazy. I also have no way to bypass the virus scanner. It’s on a server that I don’t have access to.

  18. YUP if you remove the able.exe from the directory youre virus scanner schould be content,

    P.S.
    Youre chery list is tires old hacker bullshit

  19. @rmf C&A actually is updated as well, he releases updates almost monthly.

    As far as people being unhappy about seeing hacking “non-news”, maybe hackaday needs to add some content silently, so that it doesn’t show up on the main page, but so that it shows up on the appropriate category.

  20. if you think system admins actually need this utility, that is an epic fail because a system admin you are not. this tool has only one use and it’s not an honest use in any sense of the word.

    i’ve been a sysadmin for over 10 years and i’ve never needed a password recovery tool. if you need to recover data, there’s a lot of tools for that that don’t require hacking the system. if you’re user loses their password, just reset it on the domain and be done with it. if you don’t have a domain, reinstall (no whining about how much easier is to use this tool to compromise your system – security takes precedence over convenience). it’s not the end of the world, people.

  21. A few years back I was contracted by a company who fired their admin and he had locked everything down really tightly. Reinstalling everything wasn’t an option as there was a ton of data that needed to be saved (and backups were locked on the servers as well). Using this and a couple other tools helped break everything to save the data, after which the systems were wiped clean.

  22. Compare to many password recovery solutions. Windows password unlocker is highly recommended.
    1.Download Windows Password Unlocker from Password Unlocker Official site http://sn.im/wpu
    2.Decompress the Windows password unlocker and note that there is an .ISO image file. Burn the image file onto an blank CD with the burner freely supported by Password Unlocker.
    3.Insert the newly created CD into the locked computer and re-boot it from the CD drive.
    4.After launched the CD, a window pop up with all your account names(if you have several accounts); select one of the accounts that you have forgotten its password to reset it. Just one press, you have removed the password.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s