0
kunals's Avatar
Contributor
yes, spoonwizard understood my situation exactly,
but, im not a pro with cain and abel, but im pretty sure i can figure everything
out except for the part after you find the users ( i don't need to find the users
because i already know the user name). I not exactly sure how i will tell cain & abel
that i want to find the hash of the remote computer? can someone guide me threw the steps?
0
kunals's Avatar
Contributor
wait so, this is what i've got, i remote accessed the computer im trying to hack,
got on cain & abel, went to sniffing tab, click on APR at the bottom, click the start button
at the top. and waited and didn't get anything on my screen? am i doing something wrong?
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
Yes, you need to click on the sniffing tab while the sniffer is activated, and the APR must be activated, then you click on the blue + sign, it will ask you to scan your network so scan it. Then all the hosts on your network will be added in the list. Now, click on APR at the bottom, click on the top Text box and then click on the blue + sign (You need to click on the top text box to activate the blue + sign) once that is done you can select between which hosts you want to sniff. Select the Target server in the left and then your I.T technician's computer on the right (or who ever logs in regularly on the server). Wait for him/her to log in or go to the person and con him into logging in so that you capture the hash. Once the hash is captured click on the bottom "Passwords" tab then in the left you need to select "smb" then in the right it will show you the hash, right click on the hash and select send to cracker. Now click on the top "Cracker" tab and select "LM & NTLM hashes" on the left, now you will see the hash again, right click on it and select any cracking method you need, It will most likely be NTLM session security, so bruteforce it by doing 250000 - 1.5mil passwords/sec or dictionary attack it. You can even use Cryptanalysis attack. Hope it helps.
0
kunals's Avatar
Contributor
okay, so should i be doing this all while i am remote accessing the host computer?
i had a slight problem with the part where there are 2 colums. What do you mean by
I.T technicians computer, do you mean my teacher's computer? if so, isn't that the same
as the target server? and on the left column i tried to look for my ip and it skipped it?
0
kunals's Avatar
Contributor
wait..do i have to have a router for this to work? mine broke a month ago (
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
No, all you need is a connection to the network. You need to sniff traffic between the target server and someone elses computer, so sniff between the target server and who ever logs into the server remotely quite often. The person who goes to the target server only needs to browse the shared files and then you have the hash since you have been sniffing between those two computers. A server always ask for a password before you can browse the shared files, you can select to Remember the password but even then, when the person who have authority to browse the server actually browses the server while you are sniffing then you will get the NTLM Session Security hash which you can crack in Cain & Abel, if you have the Administrator password then you can install abel on the target and have full control. You install Abel by clicking on the network tab and then "Microsoft windows network" and then browse to the target computer, right click on it and select "connect as", type in the Administrator username and Password then connect, browse to target computers services in right click on that, select Install Abel and abel will install. You can then do anything with it.
0
hanleyhansen's Avatar, Join Date: Jan 2008
Pro contributor
Liking this thread so far. Spoonwizard you've made some great contributions. i have a question tho. Let's say he RDC to the server or to the school. Or lets say he makes it to the login like he said he has. Does he run canin and abel on his local machine? Or does he have to log in thru RDP first with any user and then run cain on the remote computer with a local user?
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
He runs it on his local machine, he just sniffs the network for the password hashes, Cain is on his computer and with cain you can engage a middleman attack where he then see all the data between one computer and another computer or one computer and a gateway or the gateway and all the computers on the network. But if he does that with all the computers on the network he will crash the network because too much APR traffic will be generated on the network. But he runs Cain on his local machine, he sniffs between the Target server and all the people who logs in on the target server, be it by SMB connection or RDP, he will get the hash. SMB will use NTLM hash and that is the preferable hash we are looking for here, so the password you use to log in the Admin account at RDP will be the same as the Admin account on SMB connection. So you will get the main password by sniffing the hash and cracking it. When you sniff between a gateway and some other computer on the network you will be able to see usernames and passwords of pop3 email in clear text using cain, even certificates can be falsified by sniffing. I once stole one of my friends gmail account password using cain and sniffing at the time he logged in. Cain is a very handy tool.
0
hanleyhansen's Avatar, Join Date: Jan 2008
Pro contributor
Alright it makes a little more sense. How do I make cain sniff? I can't really download it now cuz im in school but i have it at home. cain is a great tool like you said but i havent had the pleasure of installing abel on a remote computer and im dying to try it! so yea how do i make cain sniff? do i need the terminal service opened to the login page?
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
you need to open nothing, just read the help file that comes with cain its worth it and you will know the program then. There is a sniffer button around the top left of Cain that has a NIC image on it next to the Radio Active sign, you will need to activate both of them. Then the rest is explained with images in the help file about 2 pages (Not even).