Project 9: Windows Password Cracking with Cain and Abel

What You Need
A Windows XP machine with administrator access (real or virtual)

Creating Passwords to Crack
1.             Click Start, right-click My Computer, and click Manage.  In Computer Management, in the left pane, expand the Local Users and Groups container.
2.             In the left pane of Computer Management, click the Users container.  You should see some accounts in the right pane, as shown below on this page.

Creating Test Accounts
3.             In the left pane of Computer Management, right-click Users and click New User.
4.             In the NewUser box, enter user name of P3 and a password of abc, and click Create.  The check boxes in the lower section of the New User box don’t matter, because no one will really be using these accounts.
            P1        abcde
            P2        123
            P4        password

5.             Repeat the process to create the three accounts above.

Installing Cain
6.             On the virtual machine's desktop, open a browser and go to oxid.it
7.             In the upper left, click Projects.
8.             Scroll down past the disclaimer and click "Cain & Abel".
9.             Scroll down and click "Download Cain & Abel v4.9.25 for Windows NT/1000/XP".  (The version number may be higher now.)  Save the installer on your desktop.
10.         Double-click the installer.  Install the software with the default options.  It will install WinPCap as well as Cain & Abel.

Installing Abel
11.         Cain is the password cracker, and Abel is the process that harvests the hashed passwords from the Windows machine.  You normally install Abel on the target machine, but we'll just install it locally.
12.         Click Start, Programs, Accessories, Command Prompt.
13.         Type in the following command and press the Enter key:
copy \"program files"\cain\abel.exe \Windows
This command copies the Abel installer to the C:\Windows folder.
14.         Type in the following command and press the Enter key:
copy \"program files"\cain\abel.dll \Windows
This command copies the Abel DLL file to the C:\Windows folder.  This file is the actual service.
15.         Type in the following command and press the Enter key:
cd \Windows
This command changes the working directory to C:\Windows.
16.         Type in the following command and press the Enter key:
abel
This command installs the Abel service.  A box pops up saying "Abel service has been installed successfully!"  Click OK.
17.         Type in the following command and press the Enter key:
services.msc
18.         The Services window appears.  At the top of the right pane, right-click Abel and click Start.  In the top line of the right pane, you should see the Abel service with a Status of Started, as shown below on this page.

Finding your Computer's IP Address
19.         Click Start, Run.  Type in CMD and press Enter.  In the Command Prompt window, type IPCONFIG and press Enter.  Find your IP address.

Collecting Password Hashes With Cain
20.         Double-click the Cain icon on the desktop.  Click the Cracker tab.
21.         In the center of the window, right-click and click "Add to list". 
22.         In the "Add NT Hashes from" box, click Next.
   
Cracking Passwords
24.         In the right pane, right-click P3, point to "Brute-Force Attack", and click "NTLM Hashes", as shown below on this page.  Note: we are cracking the NTLM hashes, not the old, weak LM hashes.  The NTLM hashes are much more difficult to crack, so it will only work for short passwords.
25.         In the "Brute-Force Attack" box, click the Start button.  It should find the three-letter password immediately.  Close the "Brute-Force Attack" box.
26.         In the right pane, right-click P5, point to "Brute-Force Attack", and click "NTLM Hashes".
27.         In the "Brute-Force Attack" box, click the Start button.  It should find the five-letter password within a few seconds.  Close the "Brute-Force Attack" box.
28.         In the right pane, right-click P7, point to "Brute-Force Attack", and click "NTLM Hashes".
29.         In the "Brute-Force Attack" box, click the Start button.  The seven-letter password is hard to crack, however– no answer appears immediately.  It might take a long time to crack, so we'll give up.  Click the Stop button.  Click the Exit button.
30.         You should see the two passwords you found, abc and abcde, in the NT Password column of the Cain window.

Saving the Screen Image
31.         Press the PrntScn key to copy whole screen to the clipboard.  Open Paint and paste in the image.  Save it as a JPEG, with the filename Your Name Proj 9.

Turning in your Project
32.         Email the JPEG image to me as an attachment. 
33.         This is due Tuesday, November 29.