Cain & Able has a Users enumerator to see the names of all the user accounts, thus he knows the user account he only needs the password hash so that he can crack the hash. The hash will be NTLM, to boot up from a cd he will need to be in physical contact with the target computer thus not making it a remote attack. He has to do it remotely as I understood. Enumerate the users using Cain & Abel, then get the hash, crack it using Cain & Abel and there you go. You can even Export the hash and take it home to crack it on your own time. To sniff the hash you will need to read the Help file on Cain & Abel, the manual is in there describing all the program features and uses.