Dabbling in Cain and Abel & more

4 replies [Last post]
afib's picture
Joined: 2011/12/06

Ah, Cain and Abel... it has been years since I used it.

I was messing around with this today, poisoning APR on my LAN at home when I came across something interesting. After sniffing packets, I found that one of the website I logged into on another computer actually gave me logged in status. In other words, I made a 'shell account' on the target computer, then sniffed those packets on the Cain machine. Funnily enough, when I clicked over to the page on the Cain computer, it had me as being logged in (as if I were the target).

Now I know about MITM attacks, but I didn't think this would work with C&A and furthermore, after I closed out of the browser, I was not able to reproduce the results. What happened? I was thinking, if it wasn't C&A, was it perhaps due to my switch or router (which is running Tomato) confusing things?

Beyond that, I've been scouring the interwebs looking for good GPU based hash crackers when I came across hashat, lhc and ighashgpu. They're all very good.

Also recovered my copy of openwall dictionary and loaded 2TB of rainbow tables just to mess around with. I've never used them, but my the results... Additionally, I was thinking there should be a client and standard protocol for what I call DHCs (distributed hash cracks). I know there are the tables and websites which have presolved hashes in them, but wouldn't it be nice to just download a client and be able to leverage that kind of power, provided you could get past the limited speed of the data connections?

Anyway, if anyone else knows of more GPU based crackers, let me know! I'm currently using dual GTX 460s, which beat the hell out of my paultry AMD 7750s.