1) Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why?

For the assignment we utilized Cain & Abel password recovery tool for Microsoft Operating Systems. For this lab assignment we utilized Brute Force NT LAN Manager (NTUM) and LAN Manager (LM) and Dictionary NTLM and LM hashes. (Features overview, n.d.) Brute Force is a password cracking -technique that tries every combination of numeric, alphanumeric, and special characters until the password is broken or the user is locked out. Dictionary is a technique that runs a given password against each of the words in a dictionary (file of words) until a match is found or the end of the dictionary is reached. (p. 13) Cain and Abel couples Brute Force and Dictionary with LM and NTLM hash.

Based on my lab experience, my assessment is that the Dictionary NTLM Manager is the better of the processes. The table below reveals that Dictionary NTLM delivered more favorable results over LM because this process uncovered the passwords in the shortest amount of time and recovered the passwords in their entirety.

Table | Brute Force LM | Brute Force NTLM | Dictionary LM | Dictionary NTLM | User1 | No password, 6-8 hours | No password, estimated time 10 years | yes, 75 seconds | yes, 40 | User2 | No password, 6-8 hours | No password, estimated time 10 years | yes, 30 | yes, 25 | User3 | No password, 6-8 hours | No password, estimated time 10 years | no, 180 | no, 75 |

2) Compare and contrast the results from the two methods used to crack the accounts for the three passwords each encrypted by the two hash algorithms. What conclusions can you make after using these two methods?

Using the table above from my lab experience, Dictionary NTLM hash revealed the password in its entirety and in a shorter period of time than the LM method. Conversely, Brute Force NTLM took the most amount of time (based on site estimate) and didn’t reveal the password. In fact, both attack methods for Brute Force failed to uncover the passwords in a sufficient amount of time. As you see by the table, the time estimates are 10 years. Based on these findings my assessment is Brute Force NTLM and LM are cumbersome and Dictionary attacks are a more effective tool.

3) Research another algorithm used to store passwords that were not discussed here.

For the purposes of this lab, I focused on NTLM and LM secure hash algorithms used to store passwords. One algorithm to store passwords that we didn’t discuss is SHA-2. SHA-2 is a set of cryptographic hash functions designed by the U.S. National Security Agency (NSA) and published in 2001 by NIST as a U.S. Federal Information Processing Standard (FIPS). (Wikipedia) As of now there are no known attacks on SHA-2 and it’s considered the most secure of hashing algorithms to date. (Securtitysupervisor.com) Despite this success, SHA-2 is not widely adopted because of its lack of compatibility with most operating systems.

4) Research another password recovery software program and provide a thorough discussion of it. Compare and contrast it to Cain and Abel

Ophcrack is yet another Windows password recovery tool. Ophcrack, like Cain and Abel, can be downloaded for free and is based on a time-memory trade off (TMTO) using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds. (Sourceforge.net)

Ophcrack can also utilize a live CD that works if you don’t have a dual boot PC, or have forgotten the login or password for all installations. The live CD contains both the password cracker tool and a selection of additional rainbow tables. (Sharma, Maynak 2011)

Both Cain & Abel and Ophcrack utilize rainbow tables, however Cain & Abel utilizes additional tools as well. Ophcrack while it’s initial approach heavily uses TMTO, has other arrows in its quiver as well. The live CD and the versatility to expand the tables seem to be a strong combination making for a well-rounded product.

5) Anti-virus software detects Cain & Abel as malware. Do you feel that Cain & Abel is malware? Why or why not?

Malware and antivirus detectors recognize Cain & Abel software as a potential threat. I don’t’ believe that it is. Its intent is to be used for good purposes in network security in helping recover passwords or sensitive information. That, however, does not take intent into account. In the hands of those who would harm, this can be a tool that can be used against an organization or an individual. If the person in charge of an organizations security can detect weaknesses in security, so too can a person with nefarious intentions. It’s a double-edged sword; it can be beneficial in recovering information or devastating and reveal security lapses if used for evil. Software such as Cain & Abel is intended to seek out holes and weaknesses in security and infrastructure for an organization. It is not intended to expose those same gaps and bring down an organization.

References

Features overview [Cain and Abel Online User Manual]. (n.d.). Oxid.it . Retrieved fromhttp://www.oxid.it/ca_um/

Module Three: Information Systems Infrastructure, UMUC Cyberspace & Cybersecurity
CSEC 610. p13. CSEC 610 081 online classroom, archived at: http://webtycho.umuc.edu

SHA-2. (n.d. ). In Wikipedia. Retrieved October 9, 2013, from http://en.wikipedia.org/wiki/SHA-2

What is SHA 2. (n.d. ). http://www.securitysupervisor.com/security-q-a/encryption/243-what-is-sha-2

Oechslin, T. (2013). Ophcrack. Retrieved October/9, 2014, from http://sourceforge.net/projects/ophcrack/

Sharma, M. (2011). Recover lost passwords. Apc, 31(7), 86-87.