The Anatomy of a Hack – Hacking with Cain - By Ramius

Docs that have proven to be a staple in understanding computer/network security. This is not an inclusive forum and nothing ipublished will tell you how to 0wn someone, these docs will help you understand how you got 0wnd.
User avatar
Tenchuu
Reborn
Posts: 1160
Joined: Tue Mar 16, 2004 3:27 pm
Location: Society of Blazing Inferno
Contact:

Post by Tenchuu » Mon Oct 24, 2005 11:34 am

Which function of Cain is said to work over WAN? Basically Cain is used for Netbios accesses, sniffing and cracking. None of these functions will work in a routed network. That's why there are VPN's and FTP's
Theoretically Netbios works over TCP/IP, but I've never seen it so far
Keep your friends close, keep your keyboard closer

User avatar
Ramius
The Evil Clown
Posts: 1714
Joined: Fri Mar 26, 2004 8:47 pm
Contact:

Post by Ramius » Tue Oct 25, 2005 7:06 pm

Yes, it will work over the internet, so long as you are running it from a Public IP (Not Dial UP). the remote PC has to have the NetBios Ports open on the internet as well, however, there are not many of them that have not already been hacked. I test hosts with this all of the time. Make sure you are hitting an actual host and not a router as cain wont connect ot a router the same way as a workstation.

RK
RIF - Reading is Fundamental
Hacking is a process, not a product
Http://www.rainbowtables.net

rockymac1
n00b
Posts: 7
Joined: Fri Nov 18, 2005 12:37 am

Post by rockymac1 » Fri Nov 18, 2005 12:58 am

hi i m new to hacking.i m using cain.but when i right click on user it gives user inumeration error-access denied.what could be the mistake..all lan connected pc are having same dns settings.plz help me

User avatar
Ramius
The Evil Clown
Posts: 1714
Joined: Fri Mar 26, 2004 8:47 pm
Contact:

Post by Ramius » Sun Nov 20, 2005 2:07 pm

The reason that you get the access denied is because of a Group Policy setting that is preventing the enumeration of anon sids. You should go after the DC first, as many Admins are reluctant to set this setting on their domain controllers (or they dont know the difference between "Local", "Domain Local", and Domain Controller group policy settings. Additionally, if you will attempt this on every PC on the domain, you will surly find at least one pc that does not have this setting, if you do, then look to see if there is a user account on a workstation that has domain rights. From there you can log in as that user, then you will no longer be anon, and then you can enumerate the Sids and users.

From there it is up to you....

RK
RIF - Reading is Fundamental
Hacking is a process, not a product
Http://www.rainbowtables.net

rockymac1
n00b
Posts: 7
Joined: Fri Nov 18, 2005 12:37 am

Post by rockymac1 » Mon Nov 21, 2005 1:42 am

thanks for your suggestion
but i cant find the computer of that kind in the network.But i want to see it working.so plz tell me the detailed step to configure two computers in a lan(not activating the allow user to connect remotely option).
say my computer is in domain MSHOME.so whethere i have to make the other pc in same domain that is MSHOME for the cain to give no inumeration error.plz tell in details.bcoz i m beginner and want to acquire detailed knowledge on networking.i think you wiil help me to achieve my goal


thanks

User avatar
Ramius
The Evil Clown
Posts: 1714
Joined: Fri Mar 26, 2004 8:47 pm
Contact:

Post by Ramius » Mon Nov 21, 2005 1:50 am

the domain name is not important.

You need to research NetBios as well as SMB. The underlying requirement of open ports and services. If both machines are XP SP2 and have the Firewall enabled, you are likely to have problems.

There are too many vairables to consider for this scenario.

" m beginner and want to acquire detailed knowledge on networking.i think you wiil help me to achieve my goal "

Start off by buying a CompTia Network Plus study book, then read it, then read it again. Then you will have a basic understanding of networking in a client/server infrastructure, the process in question will make a great deal more sense once you understand some basic concepts.

Also, if they are both your computers, then right clisk on the computer name and click, "Connect As", then enter your credentials, then go from there.

RK
RIF - Reading is Fundamental
Hacking is a process, not a product
Http://www.rainbowtables.net

rockymac1
n00b
Posts: 7
Joined: Fri Nov 18, 2005 12:37 am

Post by rockymac1 » Mon Nov 21, 2005 12:24 pm

thanks 4 ur quick quick reply
i have tried it in two computers having no sp2 installed & firewall disabled .but inumeration error-access denied occurs.plz give me the detailed step of running it using two lan connected pcs
thanks

User avatar
UniX
Veteran
Posts: 600
Joined: Thu Jun 26, 2003 1:17 pm
Location: input("Why are you looking here?")

Post by UniX » Mon Nov 21, 2005 2:01 pm

Start off by buying a CompTia Network Plus study book, then read it, then read it again. Then you will have a basic understanding of networking in a client/server infrastructure, the process in question will make a great deal more sense once you understand some basic concepts.
It seems like he already answered your question for you right there.
"UNIX is an operating system, OS/2 is half an operating system, Windows is a shell, and DOS is a boot partition virus." — Peter H. Coffin .

http://cybergotham.net

rockymac1
n00b
Posts: 7
Joined: Fri Nov 18, 2005 12:37 am

Post by rockymac1 » Tue Nov 22, 2005 11:39 am

i havent understand ,what to set in group policy.where can i find group policy settings and what settings need to be done to have cain working on two lan connected pc.plz tell in such a way that a beginer like me can understand what u r trying to say. [ :roll:]

User avatar
Ramius
The Evil Clown
Posts: 1714
Joined: Fri Mar 26, 2004 8:47 pm
Contact:

Post by Ramius » Sat Nov 26, 2005 2:58 am

Either Admin Rights or, more understanding of computers and client server networkign than can be answered in a post or two.

Get the book....

RK
RIF - Reading is Fundamental
Hacking is a process, not a product
Http://www.rainbowtables.net

User avatar
ConfidentiaL
n00b
Posts: 11
Joined: Tue Nov 29, 2005 11:36 am

Post by ConfidentiaL » Fri Dec 02, 2005 2:50 am

If I am behind a router, and my PC has a local IP adress, how can I then sniff at other computer on WAN?

User avatar
Ramius
The Evil Clown
Posts: 1714
Joined: Fri Mar 26, 2004 8:47 pm
Contact:

Post by Ramius » Fri Dec 02, 2005 8:16 am

Sniffing with Cain requires ARP
ARP is an OSI Layer 2 Protocol
To get from a Lan to a Wan requires passage through a Layer 3 device
Therefore, Sniffing of the WAN from a LAN is not possible "With Cain".

Move your Workstation to the WAN and you will be able to sniff all the traffic on the segment that you are plugged into.

RK
Sorry to dissapoint.
RIF - Reading is Fundamental
Hacking is a process, not a product
Http://www.rainbowtables.net

hackobacko
n00b
Posts: 27
Joined: Sat Sep 17, 2005 1:17 pm

Post by hackobacko » Sat Dec 03, 2005 7:40 pm

kronik85 wrote: whenever i logon to a computer, i can check the status under the sniffer tab under passwords (far right) and it always says my status is a "guest" even if i login with an administrative user/pw. it's like i'm logging in with a bogus name/pw (which i can also do and get guest access) and doens't even recognize that it's administrative.

the same here

any suggestions ?

another questions :

(1)

i can sniffing on my lan and see what sites another computer visits
but it seems am not able to crack the password for them ..it doesn't accept to be sent to cracker so how can i crack them .

(2)

i already done asniffing on voip calls , cain recorded averysmall part of call and it was the only one it succeeded to do it , other calls have problems to be recorded , cain saya " codec error " , so how to overcome this .

(3)

i tried to crack guest password and i sent it to cracker and craked it
but it says that it was successful and the password is :
then space .

what does it mean ?

DVS3651
Strike 1
Posts: 4
Joined: Sun Dec 04, 2005 8:07 pm
Contact:

Post by DVS3651 » Sun Dec 04, 2005 8:21 pm

sweet thanks
~*~*ANDyetTHEYstillTRYtoGETmeDOWN~*~*~

mtjl79
n00b
Posts: 1
Joined: Sat Dec 10, 2005 10:39 pm

Post by mtjl79 » Sun Dec 11, 2005 10:36 pm

Good tut. Very helpful. Thanks!

User avatar
Ramius
The Evil Clown
Posts: 1714
Joined: Fri Mar 26, 2004 8:47 pm
Contact:

Post by Ramius » Mon Dec 12, 2005 8:18 am

The password is blank,
Cain has only limited Codec support as indicated on the web site,
The filters for extracting passwords are predefined, you can add options for the filter in the application if you look for it.

RK
RIF - Reading is Fundamental
Hacking is a process, not a product
Http://www.rainbowtables.net

User avatar
ConfidentiaL
n00b
Posts: 11
Joined: Tue Nov 29, 2005 11:36 am

Post by ConfidentiaL » Sat Dec 17, 2005 8:44 pm

When I try to install Abel.exe on a comp on my network, I get this error message: Couldn't copy Abel.exe: Failed to retrieve error description :?

Also, if I click on any of the buttons to that comp for example services i get this error message: Couldn't open the service control manager: Failed to retrieve error description

How do I get "Abel control" on the comps then?

User avatar
Ramius
The Evil Clown
Posts: 1714
Joined: Fri Mar 26, 2004 8:47 pm
Contact:

Post by Ramius » Sun Dec 18, 2005 11:09 am

"Failed to retrieve error description" sounds like a problem on your computer.

To use Abel, you will need to have administrative access to the workstation or server that you are trying to connect to. Cain does have the ability to help you get access to the admin credentials, but you will need to play with the application a bit to figure out all of its features.

Keep playing, it will become clear as you learn both networking as well as the application.

As stated before, an understanding of the information contained in the CompTia Network+ certification track will prove invaluable in your quest.

RK
RIF - Reading is Fundamental
Hacking is a process, not a product
Http://www.rainbowtables.net

User avatar
ConfidentiaL
n00b
Posts: 11
Joined: Tue Nov 29, 2005 11:36 am

Post by ConfidentiaL » Sun Dec 18, 2005 11:59 am

When I try to sniff for password, i get different password hashes every time.
Also, I cant crack any of them, when i start the cracker it just say 0 of 0 hashes cracked just after i started.

Could this be because it has SP2 nstalled?

Edit: ok, i managed to crack the hashes, but still i get that same error message when I try to connect as admin.....
Last edited by ConfidentiaL on Sun Dec 18, 2005 2:57 pm, edited 2 times in total.
no thats confidential.....

User avatar
execc
htd0rg lieutenant
Posts: 362
Joined: Sat Jul 12, 2003 5:56 pm

Post by execc » Sun Dec 18, 2005 12:53 pm

please rezise your signature.

Post Reply