Lab Assignment: Password Cracking Using Cain and Abel
Introduction

The objective of this lab assignment is to introduce you to various techniques used in password cracking. You will experience how it is done first hand by using a software application called “Cain and Abel.”
Background Information 1. About “Cain and Abel”

Cain and Abel is a powerful tool for system administrators, network administrators, and security professionals. Its web site states that it is password recovery tool for Microsoft Operating Systems. In order to release the full functionality of the Cain and Abel package, “Win Pcap” must be installed in order to provide network packet captures. Through this, Cain and Abel has the ability to crack encrypted passwords using Brute Force, Dictionary, or Cryptanalysis (via “rainbow tables”). The sniffer (captures and analyzes network traffic) in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms, including Kerberos. In addition to this, Cain and Abel can used to recover wireless passwords, uncover cached passwords, and analyze routing protocols. 2. Algorithms

There are two authentication protocols used to store passwords depending on which version of Windows is being run. The two are LM and NTLM. * LM

The LM, sometimes referred to as LanMan or the LAN Manager hash, is the primary authentication protocol that Microsoft employed in Windows versions prior to Windows NT; it is used to store user passwords in an encrypted format on the disk. In order to transform a user's password to the LM hash, the password is first converted to all uppercase letters. If the password is greater than 14 bytes (14 characters) any character after the 14th is truncated; likewise, if the password is less than 14 bytes, it is null-padded to be 14 bytes exactly. The password is then split into two, 7-byte halves. A null bit is inserted at the beginning of each half. The halves are then used as keys to DES encrypt the constant ASCII string “KGS!@#$%”. The concatenation of the two output values forms a 16-byte value, which is the LM Hash.

This algorithm is weak via its implementation. The maximum possible combination of values (key space) is restricted since it only uses uppercase character values in the ASCII character set. Additionally, since the algorithm breaks down the password into two separate pieces, each component can be attacked individually, allowing for a maximum possible password combination of 69 possible values to the power of 7 (69^7). * NT LAN Manager

NTLM, also known as NT LAN Manager, was first introduced in Microsoft Windows NT 3.1 to address the security weaknesses inherent in LM encryption. The NTLM algorithm is much stronger than the LM authentication protocol for several reasons: 1) NTLM passwords are based on Unicode, increasing the amount of possible characters that can be used 2) NTLM passwords are case sensitive and 3) NTLM passwords can be up to 128 characters long. All of these reasons imply that there is a much bigger keyspace, which would require for more time to analyze.
Goal

The goal of this lab is to use Cain and Abel to recover the passwords for user accounts on the machine. It is also to demonstrate the limitations to cracking passwords, i.e. not being able to recover a password in a reasonable amount of time if it is a "strong password".
Access the Virtual Lab
Detailed directions can be found at Content --> Virtual Lab Access.
Helps and supports information can be found at Content --> Class Tutoring.
Please seek support as soon as possible if you have any problems with this lab. In previous semesters, some students have had extreme difficulty getting connected so the sooner we can start troubleshooting, the better.
Experiments
A. CREATING USER ACCOUNTS

You will create 3 user accounts on the machine and make each password incrementally more complex. Password cracking takes time, so expect that when you begin cracking the password that there may be a long wait before it finishes. If it takes a long a time, feel free to exit the process.
Creating the necessary user accounts for this will be done through the Command Prompt window.

1. To get to the command prompt, select: Start > Command Prompt.
2. We will first practice creating and deleting user accounts. The syntax for adding a user is as follows: "net user [username] [password] /add".
Enter: net user test test123 /add
3. Verify that the user was added by running the command: net user
The new user account should show up on a list.
4. Once you are done creating the test account, you can delete them by using a similar syntax: "net user [username] /delete".
So enter: net user test /delete
5. Once again, verify that the accounts were deleted by running: net user
6. Create three user accounts with the following attributes:
TO create Password net user test *
There will request for password to be entered and reentered (Password will not show as it is been entered)
For the first account for user1, use a weak, single-case password as “security”. * For the second account for user2, use a slightly more complex password using alpha-numeric characters and a number as “hackin9”. * For the third account for user3, increase the complexity more by using a special character as “Pa$$w0rd" (note: 0 = zero)
Once you have created these three accounts, minimize the Command Prompt window (you will later delete these accounts). You are now ready to crack these passwords.
B. USING CAIN AND ABEL

Double click on the Cain icon on the desktop. (Note: a barebones user’s manual of the program is found at: http://www.oxid.it/ca_um/ ). You ought to maximum the window.
You might want to review the lab questions listed in Part G before you start using Cain and Abel.
1. Click the “Cracker” tab.
2. In the left window, click on “LM & NTLM Hashes.” Recall that these are the two authentication protocols described earlier that are used to store passwords in Windows.
3. Click on the plus sign which “add to the list” and the Next button. All of the user accounts on the machine should populate the right window.
4. Right click on the first account you created for user1. Attempt to discover the password via Brute Force. For this, attempt to apply Brute Force using the NTLM Hash. Click the Start button. Note the Time Left. Stop after a few minutes. Click Exit.
5. Next, perform a dictionary attack against the user accounts. Right click on the first account again and select Dictionary Attack using the NTLM Hash.
Before you click Start, note that a dictionary file has been specified for you:
C:\Program Files\Cain\Wordlists\Wordlist.txt
Click the Start button. Again note the results.
6. Repeat this procedure for the other two accounts. Note: When performing a subsequent dictionary attack, you may need to right click the wordlist and reset the file position to the initial position.
7. Repeat Steps 1 through 6 substituting LM for NTLM. After completing this step you will have results for Brute Force and Dictionary attacks on three passwords each encrypted using the NTLM and LM hash algorithms.
When done, close the Cain and Abel application.
C. DELETE THE USER ACCOUNTS

1. Open the Command Prompt window.
2. Using the syntax "net user [username] /delete", remove the three accounts you created. net user user1 /delete net user user2 /delete net user user3 /delete
3. Close the Command Prompt window.
D. EXITING THE APPLICATIONS

Log off the cloud application and disconnect the VPN.
Experiment Report

-Include experiment data and results (snapshots and tables) in the report.
-Your report should contain data generated from the exact usernames and passwords you created.
-Answer the following questions in a Word document and submit the file in the Lab1 Assignments folder.

Questions (Provide a minimum 100-word, fact-based response for each question. Be quantitative, show lab results, and show in-line citations, where appropriate. Include overall reference list at the end.) 1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? 2. Compare and contrast the results from the two methods used to crack the accounts for the three passwords each encrypted by the two hash algorithms. What conclusions can you make after using these two methods? 3. Research another algorithm used to store passwords that were not discussed here. (Include references in APA format.) 4. Research another password recovery software program and provide a thorough discussion of it. Compare and contrast it to Cain and Abel. (Include references in APA format.) 5. Anti-virus software detects Cain and Able as malware. Do you feel that Cain and Able is malware? Why or why not?
Grading
See corresponding rubric for details.
Notes
For this lab assignment, each student completes the lab exercise using the Cain and Abel software and prepares a report including lab results and addressing the questions.
The student must check the file(s) right after submission to make sure the right file(s) are submitted. No resubmission after the due date is allowed without prior approval from the instructor. Only valid submission in the correct assignments dropbox can be graded.
You are not required to turn this assignment to Turnitin.com.
Warning
Do NOT download this program and install on your local computer. For this assignment, it is strongly recommended to use a virtual private network (VPN) connection to the cloud environment to run the program.
If you download Cain and Abel, it will be detected and flagged as malware when using certain anti-virus programs and it runs on Windows only. Therefore, it is not recommended that you install the program on your computer.
Last Updated 7/22/2015