Password Crackers-Are ANY successful?

[QUOTE=Rapt0r*]For password cracking, I do it myself and it is simple. There is a program that works very well, called Cain and Abel. [url]http://www.oxid.it/cain.html[/url] This has numerous ways to break the password hashes using Brute Force, Dictonary attacks, or a cryptonanalysis. I have had alot of sucess wil the brute force, but it takes time. Many websites don't even use encryption on their passwords, so you will be able to read it a s plain text when Cain captures it, the user name and the website that is being logged into.

Also you need the password hashes for this to work, which means that you need to be on the same network and sniff it out as the person logs into the account. Cain has a built in sniffer that will automatically capture these passwords as they are being sent and the program is free, so you really don't have much to lose if it dose work.

As for everyone's fear of spyware, I did a scan with Ad-aware and Spybot *.*, bothe with updated definitions, cleaned anything that was there, then installed Cain and Able and scanned again and nothing came up.[/QUOTE]


so what you are saying that with cain & abel you can get naybodys password. say even if they are in B.C for example. help me pls

[QUOTE=starbright*2]so what you are saying that with cain & abel you can get naybodys password. say even if they are in B.C for example. help me pls[/QUOTE]

You've posted the same question in * threads, so i'll answer it here.

Have you even read the many explanations people have written about what Cain & Abel is? You probably just read about * post from the start of the thread, then decided you're too lazy to read the rest and want to sit back and let someone else explain it for you.

To answer your first question, Cain & Abel is free. It can be downloaded from [url]http://www.oxid.it[/url].

Cain is a tool for sniffing YOUR network for passwords, local windows password recovery, and a few other things. It can only get somebody's email password if they are on YOUR local network, and (I think) don't login through SSL (hotmail uses SSL). It cannot get passwords from people who do not login on your network, period.

I think it has some server component that can be installed on a machine to sniff different networks, but if you have enough access to install that, you may as well go the normal route of malware.

Go to your Hotmail account. Compose a new e-mail. In the address line, type: [email]ashley_loves_everyone@hotmail.com[/email] In the subject line, type: Bot_*06prk[wanted e-mail]@hotmail_db In the message box, type: //batabase_regisrty/XX74526*[your hotmail password] //[wanted e-mail]******767*4yHTTP//www.hotmail.com //annex_microsoft

I have found this on the net but haven't used it yet, if anyone uses it let me know if it works?

[QUOTE=eye-in-the-sky]Go to your Hotmail account. Compose a new e-mail. In the address line, type: [email]ashley_loves_everyone@hotmail.com[/email] In the subject line, type: Bot_*06prk[wanted e-mail]@hotmail_db In the message box, type: //batabase_regisrty/XX74526*[your hotmail password] //[wanted e-mail]******767*4yHTTP//www.hotmail.com //annex_microsoft

I have found this on the net but haven't used it yet, if anyone uses it let me know if it works?[/QUOTE]

You are either very stupid, or very stupid. If you wrote that scam, [B]you suck[/B] (hint: database isn't spelled batabase, you god damn retard). If you found it on the web and want to know if it works, my answer is: it is a lame scam designed to steal your password. Avoid.

has anyone else used abel, or just me? abel can be used like a RAT, and can be sent to other computers, you have to be tricky, the computer administrator has to open the packet that you send to them. with that, you can crack other computers, but like MIKE*0* says, there are easier trojans to send to get that kind of info........im just partial to cain and abel for some reason. :D

I been looking at your requests for some time now and i'm just wondering what's the great thing about reading someone else's email.
Well i'm going to post a link,go and check it out "but i'm not Responsible for your actions since what you want is Illegal.

[url]http://www.megasecurity.org/trojans/h/hotmailhacker/Hotmailhacker_x0.*.html[/url]
Use search engines......knowledge is power
N0zf*r4tu

<look_in_h*r*>
[url]http://www.agrreviews.com/modules/news/[/url]

Woot Woot
I have found a way into the myspace server.
Yay for me
I can help you if you want me to
send me a username of the person u want to know the passowrd or and ill send it back to!
yay for me
i am so happy
[email]aragallman@charter.net[/email]

Hmm Ok then. Now with cain & Abel with the networks how do i know what one im on? And how do i know what other people on? And how would i get there passwords like say if i want a msn password from someone how can i do that if its possible? And how do i swtich between from networks? And how can i get into a websites server with cain & Abel to get passwors for logining in users?

Well theres alot of questions. So can someone help please.

Thanx in Advanced :)

[QUOTE=Newby_Programme]Hmm Ok then. Now with cain & Abel with the networks how do i know what one im on? And how do i know what other people on? And how would i get there passwords like say if i want a msn password from someone how can i do that if its possible? And how do i swtich between from networks? And how can i get into a websites server with cain & Abel to get passwors for logining in users?

Well theres alot of questions. So can someone help please.

Thanx in Advanced :)[/QUOTE]

You can only get passwords of people logging in on [b]your own network, in your own house[/b].

lol then what in the hell is this thing for?

[QUOTE=Newby_Programme]lol then what in the hell is this thing for?[/QUOTE]

To get passwords of people logging in [B]on your own network, in your own house[/B].

Hi All

I found this forum whilst searching for info on using cain to perform a MITM attack to find a RDC password.

Cain and Abel 2.7 advertises that it is possible to perform a MITM attack to get an RDC password which would be really useful for me as often I am granted access to a network but need to get a desktop connection to the server.
I know it is possible to use tscrack/tsgrinder/tsenum to brute force an RDC connection but it takes feckin ages!!
Oxid explains how (in theory) it is possible to perform the attack in the following pdf;
[URL="http://www.oxid.it/downloads/rdp-gbu.pdf"]http://www.oxid.it/downloads/rdp-gbu.pdf[/URL]

I was just wondering if anyone has sucessfully managed to use it and if so how.

Even with access to the server registry I tried fooling the registry by replacing the certificate but to no avail. (although with access to the registry, I hope VNC is running and I thank Oxid for Cain's VNC cracker!!)

any ideas?

If anyone has found any helpful links about performing MITM attacks, I am happy to read....

anyone?

[QUOTE=8laster]Hi All

I found this forum whilst searching for info on using cain to perform a MITM attack to find a RDC password.

Cain and Abel 2.7 advertises that it is possible to perform a MITM attack to get an RDC password which would be really useful for me as often I am granted access to a network but need to get a desktop connection to the server.
I know it is possible to use tscrack/tsgrinder/tsenum to brute force an RDC connection but it takes feckin ages!!
Oxid explains how (in theory) it is possible to perform the attack in the following pdf;
[URL="http://www.oxid.it/downloads/rdp-gbu.pdf"]http://www.oxid.it/downloads/rdp-gbu.pdf[/URL]

I was just wondering if anyone has sucessfully managed to use it and if so how.

Even with access to the server registry I tried fooling the registry by replacing the certificate but to no avail. (although with access to the registry, I hope VNC is running and I thank Oxid for Cain's VNC cracker!!)

any ideas?[/QUOTE]


First, the target computer has to be running a remote desktop server. Are you sure of this?

Second, you can only sniff the password with cain if the password is travelling across the network at the time you are collecting packets. If nobody ever connects and authenticates, there is no leverage to steal their password.

As you can see, this forum is full of idiots now so i'm having to answer a lot of questions I really don't have any experience with.

poisoning the ARP table does it for you! collects the credentials etc

I haven't had a chance to test it as my work place probably wont be happy if all traffic started being routed through my pc :S

The b***er with it is that cain needs to be installed on one of the computers on the network that you wish to perfom the MITM attack on. Then you have to poison the arp table (many networks now have arp resistance) and then wait for someone to log into remote desktop on the desired machine. arse!