You are on page 1of 32

==================================== Version 4.9.40 (07-04-2011) ==================================== [+] Added progress bar indicator in the off-line capture file function. [!

] Bug fixed in ProxyHTTPS Man-in-the-Middle Sniffer parsing "Connection Establ ished" string. [!] Bug fixed in VoIP Sniffer creating MP3 Mono files. [!] Bug fixed in RTP Sniffer processing off-line capture files. [!] WinRTGen recompiled with OpenSSL library version 0.9.8q. ==================================== Version 4.9.39 (02-03-2011) ==================================== [+] Added Proxy support for Cain's Certificate Collector. [+] Added the ability to specify custom proxy authentication credentials for Cer tificate Collector. [+] Added ProxyHTTPS Man-in-the-Middle Sniffer (TCP port 8080). [!] HTTP, APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated. [!] OpenSSL library upgrade to version 0.9.8q. [!] Winpcap library upgrade to version 4.1.2. ==================================== Version 4.9.38 (01-02-2011) ==================================== [!] Fixed a Cain's runtime error when SIP/RTP sniffer filter is disabled. [!] SIP, MGCP and RTP sniffer filters are now separated. [!] Fixed RTP sniffer filter to avoid processing Link-local Multicast Name Resol ution (LLMNR) traffic on UDP port 5355. [!] Fixed RTP sniffer filter to avoid processing SSDP traffic on UDP port 1900. [!] Fixed RTP sniffer filter to avoid processing Multicast DNS (MDNS) traffic on UDP port 5353. [!] Improved RTP protocol validation function. ==================================== Version 4.9.37 (21-01-2011) ==================================== [+] Added TCP/UDP Large Send Offloading status detection on Windows Vista/Seven. [!] Better handling of APR-SSL MitM threads. [!] Fixed a problem with APR in Windows7 causing attacker's machine to be isolat ed from poisoned hosts. [!] Speed improvement in Credential Manager Password Decoder for x64 operating s ystems. ==================================== Version 4.9.36 (19-06-2010) ==================================== [+] Added MP3 audio file generation in VoIP sniffer. [!] Fixed Abel DLL crashes on 64-bit operating systems. [!] Modified Export function to Users, Groups, Services and Shares lists with TA B separators. [!] Fixed a bug in Wireless Password Decoder concerning Microsoft Virtual WiFi M iniport Adapter. [!] Fixed a bug in NTLMv2 Cracker within the "Test Password" function. [!] Removed "WindowsFirewallInitialize failed" startup error message if Windows Firewall service is stopped.

==================================== Version 4.9.35 (25-10-2009) ==================================== [!] Added Windows Firewall status detection on startup. [!] Added UAC compatibility in Windows Vista/Seven. [!] Winpcap library upgrade to version 4.1.1. ==================================== Version 4.9.34 (16-10-2009) ==================================== [!] Fixed a bug in Cain's configuration dialog. ==================================== Version 4.9.33 (16-10-2009) ==================================== [+] Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter. [!] Fixed a bug in all APR-SSL based sniffer filters to avoid 100% CPU utilizati on while forwarding data. ==================================== Version 4.9.32 (25-09-2009) ==================================== [+] Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operatin g systems. [+] Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes D umper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder. [+] Added Windows Live Mail (Windows 7) Password Decoder for POP3, IMAP, NNTP, S MTP and LDAP accounts. [!] Fixed a bug of RSA SecurID Calculator within XML import function. [!] Executables rebuilt with Visual Studio 2008. ==================================== Version 4.9.31 (27-05-2009) ==================================== [+] SIPS Man-in-the-Middle Sniffer (TCP port 5061; successfully tested with Micr osoft Office Communicator with chained certificates). [+] Added support for RTP G726-64WB codec (Wengo speex replacement ) in VoIP sni ffer. [!] X509 certificate's extensions are now preserved in chained fake certificates generated by Certificate Collector. [!] Extended ASCII characters support for SSID in Passive Wireless Scanner. [!] Some bugs in Cain's Traceroute fixed. ==================================== Version 4.9.30 (21-04-2009) ==================================== [+] Added support for the following codecs in VoIP sniffer: G722, Speex-16Khz, S peex-32Khz, AMR-NB, AMR-WB. [!] Transmission rate fixed to 6Mbps in enumeration function of airpcap TX chann els. ====================================

Version 4.9.29 (04-03-2009) ==================================== [+] Added Certificate Collector ability to generate self-signed or chained fake certificates. [+] Added certificate format conversion function (from PKCS#12 to PEM). [+] Added "_history_X" trailer to usernames extracted by History Hashes Dumper. [!] Removed "Ctrl-S" and "Ctrl-N" hotkeys causing strange application behavior. ==================================== Version 4.9.28 (25-02-2009) ==================================== [!] Fixed a bug in all APR-SSL based sniffer filters to avoid 100% CPU utilizati on while forwarding data. [!] Fixed a bug in Certificate Collector and automatic fake certificate generati on (issuers with CN field instead of OU are now handled). [!] Fixed a bug in PPPoE sniffer about CHAP-MD5 hashes incorrectly recognized as MS-CHAP hashes. [!] OpenSSL library upgrade to version 0.9.8j. [!] OUI List updated. ==================================== Version 4.9.27 (20-02-2009) ==================================== [+] Added channel hopping capability on A, BG and ABG channels in Passive Wirele ss Sniffer. [+] Added support for A channels in Passive Wireless Sniffer. [+] Added automatic detection of RX/TX ABG channels for AirPcap NX adapters. [!] WEP ARP Injection thread now avoid sending packets to disassociated stations . [!] Fixed a bug in visualization list of wireless clients (thanks: spino). [!] Fixed a bug (program's crash) when starting the sniffer on wireless adapters (es Intel PRO/Wireless 3945ABG) using with Winpcap 4.x. [!] Fixed a bug in WinRTgen about tables size visualization. [!] AirPcap library upgrade to version 4.0.0 (to support the new AirPcap NX adap ters from CACE Technologies). [!] Winpcap library upgrade to version 4.1 beta 5. ==================================== Version 4.9.26 (05-01-2009) ==================================== [+] Added support for Licensing Mode Terminal Server connections in APR-RDP snif fer filter. [!] Fixed RTP sniffer filter to avoid processing XBOX Live traffic on UDP port 3 074. [!] Fixed a possible buffer overflow condition in Cisco IOS-MD5 Cracker import f unction. [!] Corrected some charsets in charset.txt file. ==================================== Version 4.9.25 (01-12-2008) ==================================== [!] Fixed a buffer overflow condition in Remote Desktop Password Decoder. Advisory: - http://secunia.com/advisories/32794/ - http://www.frsirt.com/english/advisories/2008/3286/products PoC:

http://www. ==================================== Version 4.23 (03-10-2008) ==================================== [+] Added LRWB-16Khz codec support in VoIP sniffer. [!] Modified the BPF filter to support processing of PPPoE packets. [!] Modified the dictionary attack to support dictionary words with <space> char acter. ==================================== Version 4.22 (15-08-2008) ==================================== [!] All Dumper's DLL Injection functions have been rewritten to directly use und ocumented ZwCreateThread API instead of CreateRemoteThread. [+] Added dictionary attack variant "Numbers substitution permutations" with the following substitution rules: o or O -> 0. MS-CHAPv1 and MS-CHAPv2 authentica tions.9. [+] Added GRE/PPP sniffer filter for MS-CHAPv2 authentications.24 (28-11-2008) ==================================== [+] Oracle 11g (case sensitive) Password Extractor via ODBC.21 (25-08-2008) ==================================== [+] Added dictionary attack variant "Double" to check for repeated passwords (Pa ss -> PassPass). [+] Added MGCP/RTP sniffer filter. CHAP. Cain can now extract SDP-RTP parameters from MGCP protocol.. ==================================== Version 4. [!] Fixed some bugs in SIP/RTP sniffer filter causing crashes while sniffing.com/exploits/7297 ==================================== Version 4. ==================================== Version 4. s or S -> 5. [+] Added support for Oracle TNS 11g (AES-192) in Oracle TNS sniffer filter.20 (20-08-2008) ==================================== [+] Added PPPoE sniffer filter for PAP.9. [!] Fixed some uppercase-only bugs in Dictionary Password Crackers. . z or Z -> 2. [!] Increased the max password length for words in dictionary file to 64 charact ers.9. [+] Added automatic translation of MS-CHAPv2 to NT-challanges in "Send to Cracke r" function. [!] Fixed error lookup function to avoid "Failed to retrive error description !" message. [!] Fixed a bug in dictionary attack "Double" option.milw0rm. i or I -> 1. Cain now supports passwords/hashe s/secrets extraction even if executed in Terminal Server sessions. [+] Experimental SQL Query tool via ODBC. [+] Added support for Oracle TNS 11g (AES-192) in Oracle TNS Hashes Password Cra cker. [+] Added Oracle 11g Password Cracker (Dictionary and Brute-Force Attacks).9. e or E -> 3.9. On XP/2003. a or A -> 4.

[+] Added Oracle TNS sniffer filter for DES and 3DES authentications.9.9. [!] Fixed a bug in RSA SecurID Calculator for tokens with serial numbers of more than 8 digits. [!] Fixed a bug in offline NTLM hashes dumper when BootKey parameter is not spec ified.[+] Added ability to change the initial position of dictionary files. [!] Modified the dictionary attack dialog to show the current password tested du ring case permutations.15 (20-06-2008) ==================================== [+] Oracle TNS Hashes Password Cracker (Dictionary and Brute-Force Attacks).16 (02-07-2008) ==================================== [+] Added support for Oracle TNS 10g (AES-128) in Oracle TNS Hashes Password Cra cker.9.txt file.17 (07-07-2008) ==================================== [!] Fixed a bug in Oracle TNS sniffer filter for Oracle 8i authentications. [!] Fixed a bug in challenge spoofing and NTLM downgrading when one of the victi m hosts is a gateway. ==================================== Version 4. [!] Fixed few lines in charset. [!] Fixed a bug in RTP sniffer: incorrect handling of multiple SSRC parameters w ithin the same RTP session.18 (10-07-2008) ==================================== [!] Fixed a bug in offline NTLM hashes dumper when LM hash is not present.9. .8h. [!] OpenSSL library upgrade to version 0. ==================================== Version 4. [+] Added support for Oracle TNS 10g (AES-128) in Oracle TNS sniffer filter. [!] Fixed a bug in VNC sniffer filter for new RFB protocol versions. ==================================== Version 4. [!] Added support for Remote Desktop client v6 in APR-RDP sniffer. ==================================== Version 4.19 (17-07-2008) ==================================== [!] Added UserField and PassField columns in HTTP sniffer list. [!] Fixed a bug in Oracle TNS sniffer filter for Oracle 10g authentications. [!] Fixed a bug with TCP/UDP/ICMP traceroute and Windows raw socket error code 1 0022. ==================================== Version 4. [!] OUI List updated. [+] Added a "Note" column in all Cracker's lists.9. [!] Fixed a bug in Dictionary Attack crackers regarding Mixed Hybrid and Case Pe rmutations variants for each word. [!] Fixed a bug parsing RainbowTables filenames in subdirectories with "_" chara cter.9. [!] Charset file updated to support German an Danish special characters in rainb owtables (for Cain and Winrtgen).

[!] Winpcap library upgrade to version 4.10 (11-12-2007) ==================================== [+] Added Remote Registry Editor. ==================================== .8 (26-10-2007) ==================================== [+] Added support for new AES-128bit Keyfobs in RSA SecurID Token Calculator.9.12 (28-02-2008) ==================================== [+] Added Windows Vista compatibility in all APR-SSL sniffers. ==================================== Version 4. ==================================== Version 4. [+] Added ability to hash bytes in Hashes Calculator. ==================================== Version 4.2. [-] Removed support for old 64bit Keyfobs in RSA SecurID Token Calculator.==================================== Version 4.2. [!] Fixed a bug reading packets from from external capture files: Ethernet FCS n umbers strip-off.13 (04-03-2008) ==================================== [+] Added GRE/PPP sniffer filter for PAP. ==================================== Version 4. ==================================== Version 4." t o "TAB".9.9.9. MPPC compression not supported yet.0. CHAP and MS-CHAPv1 (LM & NTLM) authent ications. [!] Modified separator character in cracker's and sniffer's LST files from ".9. [!] Fixed Cain logo half-visualization in Windows Vista with Desktop Composition enabled.9. [!] Fixed a bug in RSA SecurID XML single token add function.9 (28-11-2007) ==================================== [+] Added SIREN codec support in VoIP sniffer. ==================================== Version 4.11 (26-02-2008) ==================================== [+] Added support for new Aircrack-ng's IVs file format in WEP IVs sniffer and c racker.9. [!] AirPcap library upgrade to version 3. [+] CHAP-MD5 (Dictionary and Brute-Force Attacks).14 (06-03-2008) ==================================== [+] Added sniffer analysis on GRE/PPP incapsulated traffic. [!] Fixed a bug in RSA SecurID XML import function.

9. ==================================== Version 4.7 (09-10-2007) ==================================== [+] Microsoft SQL Server 2005 Password Extractor via ODBC. [+] Added Windows Vista support in Wireless Password Decoder. ==================================== Version 4. [+] POP3S Man-in-the-Middle Sniffer and password collector (TCP port 995). ==================================== Version 4. [!] Wireless Password Decoder incorrectly sends decoded WPAPSK passwords to the cracker. [!] Winpcap library upgrade to version 4. [+] LDAPS Man-in-the-Middle Sniffer and password collector (TCP port 636). [!] Automatic recognition of AirPcap TX capability based on channels.2 (23-05-2007) ==================================== [+] Added PTW WEP cracking attack. [+] FTPS Man-in-the-Middle Sniffer and password collector (Implicit FTPS on TCP port 990). [!] Fixed a bug in LSA Secrets Dumper causing application crashes. [!] Fixed a bug in NT Hashes dumper for hive files when only NT hashes are prese nt.9. ==================================== Version 4.5 (17-07-2007) ==================================== [+] Added Windows Vista support for Active Wireless Scanner.1. [+] Automatic Certificate Collector for LDAPS protocol.9.1Q Vlan encapsulati on.4 (19-06-2007) ==================================== [+] Automatic Certificate Collector for FTPS (implicit). [+] Off-line capture file processing now compatible with 802. IMAPS and POP3S protoco ls.9. NNTP.9. ==================================== Version 4.6 (29-07-2007) ==================================== [+] Added Windows Vista support in LSA Secrets Dumper for external registry file s (Policy revision > 9. [!] Default HTTP users and passwords fields updated.9.3 (30-05-2007) ==================================== [+] Added Windows Mail (Vista) Password Decoder for POP3.0. AES-SHA256). ==================================== Version 4. [+] Sniffer filter for LDAP passwords. [+] IMAPS Man-in-the-Middle Sniffer and password collector (TCP port 993). IMAP. SMTP and L DAP accounts. [!] Fixed a bug in Internet Explorer 7 AutoComplete password decoder.Version 4. [!] Wireless Password Decoder now uses DLL injection under XP.9.1 (03-05-2007) .

[!] Fixed high CPU usage into wireless ARP Injection thread when no ARP request packets are available. [+] WPA-PSK RainbowTables have been added to Winrtgen v2.6 (16-03-2007) ==================================== [+] WPA-PSK (Dictionary and Brute-Force Attacks).8e. [!] Fixed a bug in NTLM Hashes Dumper for hive files. [!] Fixed a bug sending WPA-PSK hashes to the cracker.5 (25-02-2007) ==================================== [+] Added Windows Vista compatibility in NTLM Hashes Dumper.9. [+] Added Windows Vista support in Credential Manager Password Decoder.9 (13-04-2007) ==================================== [!] Added Vista compatibility in the enumeration of network adapter's IP paramet ers. ==================================== Version 4. [+] WPA-PSK Auth (Dictionary and Brute-Force Attacks).7 (26-03-2007) ==================================== [+] WPA-PSK Authentications sniffer.==================================== [+] Added Windows Vista support in NT Hashes Dumper. ==================================== Version 4. [+] Added support for Outlook Express Deleted Accounts in Protected Storage Pass word Manager. [!] OpenSSL library upgrade to version 0.8 (03-04-2007) ==================================== [+] WPA-PSK Hashes Cryptanalysis via Sorted Rainbow Tables. ==================================== Version 4. ==================================== Version 4. ==================================== Version 4.5. [+] Added Windows Vista support in LSA Secrets Dumper. [+] Added Windows Vista support in DialUp Password Decoder. ==================================== Version 4. . [+] Added support for Internet Explorer 7 AutoComplete passwords.4 (21-02-2007) ==================================== [+] WEP cracking speed up via wireless ARP requests injection (AirPcap USB adapt er is needed). LSA Hashes Dumper a nd Syskey Dumper for hive files. [!] Added capability to find a remote writable share installing Abel service. [+] Added Windows Vista support in all DLL Injection functions. [+] Added IE7 passwords support in Credential Manager Password Decoder. [!] Added a control function to avoid IP/MAC spoofing when promiscuous mode is d isabled. [!] Fixed a bug in Wireless AP and Stations lists.

1.1 Release (23-11-2006) ==================================== [+] HALFLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.2. ==================================== Version 4. ==================================== Version 4. HTTP. (Requires APR to be active and a MitM c ondition between victim hosts) You can now spoof server challenges in NTLM authentications. SMTP . The following protocols are supported: SMB. [!] Added a function to Auto-Clear the WAN list every 30 minutes. [+] NTLM Session Security authentications downgrade to LM&NTLMv1. [+] Added "Challenge Spoofing Reset" button to limit spoofed challenges in the f irst NTLM authentication only. DCE/RPC. [!] Fixed a list bug when cracking LM+challange hashes with cryptanalysis and br ute-force attacks. .0 of those drivers still have problems sending wireless frames. "lmchall" and "ntlmchall" tables can be used against LM and NTLM response hashes for spoofed challenges (0x1122334455667788). [+] New types of RainbowTables have been added to Winrtgen v2. POP3. ==================================== Version 4. TDS. [!] Separated "Challenge Spoofing" and "NTLM Downgrading" functions. IMAP.This feature actually works with Airpcap drivers v2.0 Release (22-11-2006) ==================================== [+] Cain's MitM NTLM Challenge Spoofing. the release versi on v2. [+] New types of RainbowTables have been added to Winrtgen v2. "ntlmchall" and " halflmchall" tables.2 Release (30-11-2006) ==================================== [+] Added "Challenge Spoofing" configuration dialog. [+] NTLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.4 added to installation package.0 beta TX. [!] Added Cain support for RinbowTables with a custom spoofed challenge. [!] Winpcap library upgrade to version 4. [+] Added HALFLMCHALL hashes submission to rainbowcrack-online client. ==================================== Version 4. WARNING !!! Enabling Challenge Spoofing cause users to fail authentications so p lease use it carefully. [!] Removed Winrtgen fixed challenge limitation for "lmchall". "halflmchall" tables can be used against the first 8 bytes LM response hashes fo r spoofed challenges (0x1122334455667788) to recover the first 7 characters of the original password. [+] LM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables. [+] Ability to deauthenticate client stations from Access Points. [+] Winrtgen v2. this feature enable s the use of RainbowTables for cracking network hashes. [!] SID Scanner modified for custom starting RID.0 final.3 Release (29-01-2007) ==================================== [+] Ability to dump LSA Secrets directly from SYSTEM and SECURITY registry hive files.

[!] Fixed a bug in TDS sniffer filter for NTLM authentications.9 Release (17-11-2006) ==================================== [+] Ability to dump MS-CACHE hashes directly from SYSTEM and SECURITY registry h ive files. ==================================== Version 3.5 Release (09-11-2006) ==================================== [+] ORACLE Hashes Cryptanalysis via Sorted Rainbow Tables.1 codec initialization causing Cain crashes while sn iffing or processing capture files. "mscache" table s can be used against MSCACHE hashes for specific usernames that can be set in the configuration dialog. ==================================== Version 3. [!] DCE/RPC sniffer filter now follows dynamic TCP ports. ==================================== Version 3. [!] Fixed startup problem using WinPcap driver 3. [!] Fixed a problem within syskey dumper (now looking for the correct ControlSet LSA key). [+] A new type of RainbowTables has been added to Winrtgen v1. . [!] Winpcap library upgrade to version 4.0.6 Release (10-11-2006) ==================================== [+] Added Ophcrack's RainbowTables support for NTLM Hashes Cryptanalysis attack.7 Release (12-11-2006) ==================================== [+] AirPcap library upgrade to version 2.8 Release (12-11-2006) ==================================== [!] Fixed a bug during OphCrack's RainbowTables attack againts big number of has hes.9. "oracle" tables can be used against ORACLE hashes for specific usernames that can be set in the configuration dialog.==================================== Version 3. [!] Fixed a memory allocation error in cryptanalysis attack via Ophcrack's Rainb owTables on systems with 2Gb of RAM or more.4 Release (07-11-2006) ==================================== [+] MSCACHE Hashes Cryptanalysis via Sorted Rainbow Tables. ==================================== Version 3.0 beta2.0 beta2.3 Release (27-10-2006) ==================================== [!] Fixed a problem in G722. ==================================== Version 3.1. [+] A new type of RainbowTables has been added to Winrtgen v2. [!] Fixed problems during OphCrack's RainbowTables recognition. ==================================== Version 3.

[!] Voip sniffer decoding problem when the communication is made by different co decs. [+] 802.1 Release (26-10-2006) ==================================== [+] Sniffer filter for DCE/RPC authentications (Outlook connectiing to Exchange server). (Capture files are compatible with Aircrack's . ==================================== Version 2. [+] Added support fo Winpcap library version 4. [!] Fixed a memory allocation error in cryptanalysis attack via RainbowTables on systems with 2Gb of RAM or more.ivs file formats.0 adapter in Wireless Scanner.DLL dynamically linked to let Cain start on systems where that DLL is not present.9 Release (19-04-2006) ==================================== [!] RASAPI32. [!] Winpcap library upgrade to version 4.9.8d. [+] AirpCap. are immediately processes by cryptana lysis attack via RainbowTables to save time.ivs files) [+] 802.DLL dynamically linked. [!] Added support fo Winpcap library version 3. if valid. [!] Fixed support fo Winpcap library version 3. [!] Second half of LM passwords. [+] WPA-PSK pre-shared key calculator. ==================================== Version 2.0 Release (18-10-2006) ==================================== [+] Support for AirPcap USB 2. [+] Added G722.==================================== Version 3.2. [+] Passive Wireless Scanner with channel hopping support. ==================================== Version 3.0 beta1. ==================================== Version 3.11 capture files analyzer compatible with PCAP and Aircrack's .1 codec support in the VoIP sniffer.2 Release (27-10-2006) ==================================== [+] Added an option to disable the promiscuous mode of the network card (NDIS_PA CKET_TYPE_ALL_LOCAL will be used instead). .9 Release (22-05-2006) ==================================== [+] Added Ophcrack's RainbowTables support for LM Hashes Cryptanalysis attack.8. [!] Fixed a problem with bugus lengths in UDP header. [!] Fixed a problem within dictionary attack dialog. [+] WEP IVs sniffer. [!] OUI List updated. [!] OpenSSL library upgrade to version 0. [!] WSNMPAPI. [!] Off-line capture file processing now compatible with Wireless extensions.11 capture files decoder (support WEP and WPA-PSK encryption. [!] Fixed a problem in MS-CACHE hashes dumper.0 and higher.2 in Wireless Scanner. [+] WEP Keys Cracker using Korek Attack (64-bit and 128-bit key length supported ).DLL dynamically linked to let Cain start on Windows NT systems wher e that DLL is not present.

DLL dynamically linked to let Cain start if ActiveSync is not installed .2 Release (14-12-2005) ==================================== [+] Rainbowcrack-Online client. ==================================== Version 2. [!] OUI List (UPDATED).1 Release (09-11-2005) ==================================== [+] Oracle Password Cracker (Dictionary and Brute-Force Attacks). ==================================== Version 2. .8. G726-16.3 Release (26-12-2005) ==================================== [!] Installation package rewritten using NullSoft Install system. ========================================== Version 2. [!] Bug fixed in Rainbowcrack-Online client when there are no hashes in list.rainbowcrack-online. ==================================== Version 2.8 Release (16-03-2006) ==================================== [!] RAPI. ==================================== Version 2. Of course you need a valid account to use this feature.8.1.8.8.[!] Fixed problems for some German's characters in Dictionary Cracker.7 Release (16-03-2006) ==================================== [+] Added hashes syncronization functions (Export/Import) to/from Cain for Pocke tPC via ActiveSync.4 Release (10-01-2006) ==================================== [!] Manual updated.8. Thanks to bd66 for the bug report. ==================================== Version 2. The communication from Cain and the web site is SSL enabled.8. [!] Bug fixed in Syskey dumper.5 Private Release (25-01-2006) ========================================== [!] Bug fixed in HTTP sniffer. G726-32. ==================================== Version 2.com. ==================================== Version 2. Thanks to bd66 for the bug report.8.8. LPC-10.6 Release (16-02-2006) ==================================== [+] Added VoIP sniffer support for the following codecs: G723. G726-2 4. Cain can now submit and retrieve hashes/passwords to/from the online cracking service at www. [!] Little bug fixed in Rainbowcrack-online client. G726-40.

==================================== Version 2. Bug fixed in MySQL password sniffer (incorrect challenge length).9.8. [!] OpenSSL library upgrade to version 0.[+] [+] [!] [!] Oracle Password Extractor via ODBC.net/ for the bug report. Cain can now extract the Boot Key.7. ==================================== Version 2.7.8 Release (09-10-2005) ==================================== [!] Fixed a bug in tooltip visulization.6 Release (21-09-2005) ==================================== [!] Fixed a problem in the LSA Secrets Dumper causing system crashes. MySQL Password Extractor via ODBC.7. [!] Fixed a serious bug in Cain's internals.8a.4 Release (07-09-2005) ==================================== [+] Syskey Decoder. from the local system or external registry files (Eg: C:\<windir>\system32\config\system). [-] Removed some low-used icons from the toolbar. UDP port 1812 added by default to RADIUS sniffer filter. . ==================================== Version 2. [!] OpenSSL library upgrade to version 0.8 Release (17-10-2005) ==================================== [+] Cisco VPN Client Password Decoder. ==================================== Version 2.7.7. ==================================== Version 2. ==================================== Version 2. [+] NT Hashes Dumper can now extract password hashes from external SAM files enc rypted with the Syskey utility.7 Release (07-10-2005) ==================================== [+] Wireless Zero Configuration Password Dumper.9 Release (16-10-2005) ==================================== [+] Added "Export" and "Refresh" functions to Wireles Scanner list. Thanks to Nicolas RUFF for the bug report. ==================================== Version 2.5 Release (07-09-2005) ==================================== [!] Fixed a problem with extended ASCII characters in the Cryptanalysis Attack.7.9.1. Thanks to Ramius from http://www. generated with the Syskey utility.rainbowtables. [!] Winpcap library updated to version 3.

the one used to connect to the Terminal Server service of a remote Windows compu ter. [+] LM Hashes Cryptanalysis via FastLM Sorted Rainbow Tables.69 Release (07-05-2005) ==================================== [+] A new type of Rainbow Tables has been added to Winrtgen v1. [!] Winrtgen v1. Cain can now perform man-in-the-middle attacks against the heavy encrypted Remot e Desktop Protocol (RDP).7 added to the installation package.71 Release (31-05-2005) ==================================== [!] Fixed a little bug in RainbowTable's verification function. tcpdump. FastLM tables ar e not compatible with standard tables for LM Hashes generated by RainbowCrack. [!] Benchmark added to Cain's cryptanalysis dialog.68 Release (22-04-2005) ==================================== [+] Off-line capture file processing compatible with winpcap.3. The attack can be completely invi sible because of the use of APR (Arp Poison Routing) and other protocol weakness. [+] Winrtgen v1. [!] Fixed a bug in SNMP community sniffer filter.7. [+] Brute-Force and Dictionary Attacks for SIP-MD5 Hashes. [!] Fixed a bug in Kerberos5 sniffer filter. ==================================== Version 2.3 added to installation package.==================================== Version 2.6 added to the installation package.7.7 Release (28-05-2005) ==================================== [+] RDPv4 session sniffer for APR (experimental). "FastLM" table s can be used against LM Hashes and provide both faster generation and cryptanalysis. ==================================== Version 2. [+] Sniffer filter for SIP-MD5 authentications. . ==================================== Version 2. [+] Winrtgen v1. Client-side key strokes are also decoded to provide some kind of password interception. ==================================== Version 2. renaming the filenames is useless. The entire session from/to the client/server is decrypted and saved to a text file.2 Release (09-06-2005) ==================================== [!] Fixed another little bug in RainbowTable's verification function.3 Release (10-06-2005) ==================================== [!] Fixed another little bug in fastlm RainbowTable's algorithm.4 added to the installation package. ==================================== Version 2. ethereal format. [+] Winrtgen v1.

62 Release (24-02-2005) ==================================== [!] Fixed a bug in APR and DNS protocol. thanks to Patrick Geschwindner for repo rting this bug. . Brute-Force and Dictionary Attacks for MSCACHE Hashes.66 Release (16-03-2005) ==================================== [!] Fixed a buffer overflow condition in IKE-PSK sniffer handling long ID string s.64 Release (26-02-2005) ==================================== [+] Added Export function to Users. Groups. [!] VoIP sniffer general code cleanup. ==================================== Version 2. ==================================== Version 2. [!] Fixed a buffer overflow condition in HTTP sniffer handling long usernames or passwords. Fixed "unknown" type in IKE-PSK hashes list. ==================================== Version 2. ==================================== Version 2. Sniffer's lists code cleanup.7g.[+] [+] [+] [!] [!] [!] Cain's MSCACHE Hashes Dumper.67 Release (20-03-2005) ==================================== [!] Fixed several HEAP overflow conditions in POP3. OpenSSL library upgrade to version 0. thanks t o Pawel Goleñ for the bug report. ==================================== Version 2. VNC Hash added to the Hash Calculator. IMAP. Thanks to Peter Sommer for the bug report and b eta testing. ==================================== Version 2. Services and Shares lists.63 Release (25-02-2005) ==================================== [!] Fixed a bug in VoIP sniffer.61 Release (24-02-2005) ==================================== [!] Fixed a bug in VoIP sniffer when the ACK packet of the SIP handshake is seen after RTP stream packets. NNTP and TDS sni ffer filters. SMTP.65 Release (26-02-2005) ==================================== [!] SIP/RTP sniffer filter redesigned. [!] Bug fixed in the "Test password" function in LM & NTLM Hashes list.9. ==================================== Version 2.

ADPMC. SHA-2(512)Has hes. MS-GSM. Outlook Express Identity Manager. [!] HTTP Sniffer collects only few passwords in POST methods packets. SHA-2(384). ==================================== Version 2.6 Release (21-02-2005) ==================================== [+] Experimental VoIP Sniffer The sniffer can now extract audio conversations based on SIP/RTP protocols and s ave them into WAV files.. iLBC. [!] HTTPS acceptor sockets is now active only when APR is enabled. POP3. DV I. G729.5 beta65 (01-12-2004) ==================================== [+] Brute-Force and Dictionary Attacks for SHA-2(256). GSM. SHA-2(384). [!] Bug fixing in HTTPS to HTTP sniffer using custom ports. ==================================== Version 2. [+] Export function in Dialup Password Decoder. [+] SHA-2(256). ==================================== Version 2. Outlook Express (HTTP Mail) and Outlook (IMAP. [!] Problem adding multiple Rainbow Tables to the list. [!] OUI List (UPDATED). [!] Resolve best gateway in APR (Cain's APR follows the local route table when i t does not know where to re-route packets). [!] Bug fixing in cryptanalysis charsets. [!] Problems with username's length > 32 characters in Brute-Force and Dictionar y Crackers. [!] TCP Traceroute now uses Winpcap to bypass Windows XP SP2 restrictions on raw sockets.) in Protected Storage Password Manager. [!] Sniffer filters still enabled if their checkbox is cleared in configuration dialog.5 beta64 (20-11-2004) ==================================== [+] Added Hashes of type SHA-2(256). SHA-2(512)Hashes Cryptanalysis via Sorted Rainbow Ta bles.. SHA-2(512) in Hash Calculator. MSN Explorer Autocomplete. G711 aLaw. The following codecs are supported: G711 uLaw.5 User Manual added to installation package. [+] Support for Outlook Express multiple identity in Protected Storage Password . [!] ParseURL function in Certificate Collector (you can now use server:port synt ax)..5 beta63 (10-11-2004) ==================================== [+] Password decoders for MSN Explorer Sign In. ==================================== Version 2. SHA-2(384).==================================== Version 2. LPC. [!] RC4 Key for encrypted pipes changed to "Cain & Abel". L16. [+] Cain & Abel v2. Speex.2 added to installation package. [!] Bug fixing in Protected Storage Password Manager.5 Release (15-12-2004) ==================================== [+] Winrtgen v1. [!] Problem with PWL Dictionary Cracker.

5 beta61 (28-10-2004) ==================================== [+] SNMP Community Sniffer [+] Support for Extended ASCII passwords (eg: mäö) in LM Hashes crackers (Dictionary and Brute-Force).5 beta57 (06-09-2004) ==================================== [+] Speed improvement in LM Brute-Force Password Cracker. ==================================== Version 2.Manager.5 beta58 (09-09-2004) ==================================== [+] Added Password History Hashes in the Hash Dumper.9.7e. MD5. LM+challenge and NTLM Brute-Force Passwor d Crackers.5 beta59 (26-09-2004) ==================================== [+] Added Abel-side Password History Hashes Dumper. ==================================== Version 2. ==================================== Version 2.1 beta4. ==================================== Version 2. [!] NTLM Brute-Force Attack does not work with Extended ASCII passwords (eg: màò).512) hashes. [!] Dictionary attack hangs in Case permutation of Extended ASCII passwords. ==================================== Version 2. No more crashes with WindowsXP SP2. [+] Speed improvement in MD4.384. . [!] Winpcap library updated to version 3.5 beta56 (16-06-2004) ==================================== [!] Fixed sniffer activation/deactivation interaction with Wireless Scanner. ==================================== Version 2. [!] Added hash type column in LM & NTLM Cracker for fast recognition of hashes. [!] Minor bugs fixed. LM. [!] Some bugs fixed and code cleanup in Hash Dumper. [+] Hash Calculator support for SHA-2 (256. [+] Ability to select active DNS names to spoof in APR-DNS.5 beta60 (14-10-2004) ==================================== [+] Credential Manager Password Decoder for Windows XP/2003. ==================================== Version 2. [!] OUI List (UPDATED). [!] OpenSSL library upgrade to version 0. [+] Ability to insert/modify Username and Password Fields used by HTTP Sniffer F ilter. [!] Bug fixed in LSA Secrets Dumper.5 beta62 (06-11-2004) ==================================== [+] Ability to insert/modify sniffer's TCP/UDP protocol ports.

[!] Cisco PIX Password calculator moved to Hash Calculator. The scanner uses the Winpcap protocol driver so it should work on Windows 2000 and WindowsXP.5 beta54 (11-06-2004) ==================================== [!] Bug fixed in Wireless Scanner (NDIS_WLAN_BSSID enumeration). ==================================== Version 2.5 beta51 (14-05-2004) ==================================== [!] Long words Dictionary Attack problem fixed. It has been successfully testes with a Compaq WL110 card. [!] Bug in Cisco-PIX-MD5 Dictionary Attack cracker fixed.5 beta48 (29-04-2004) . Suggestions on how to do that on Windows are really appreciated ! [!] Winpcap library updated to version 3.5 beta53 (09-06-2004) ==================================== [!] Bug fixed in Wireless Scanner.==================================== Version 2. ==================================== Version 2. [!] "Timeout expired stopping HTTPS main thread" problem on exit fixed. ==================================== Version 2. ==================================== Version 2. The scanner does not put the wireless card into "monitor mode" so it cannot receive 802. [!] Winpcap library updated to version 3. [!] Squid port 3128 added to HTTP password sniffer.1 beta2.5 beta55 (11-06-2004) ==================================== [!] Crashes opening configuration dialog.5 beta49 (30-04-2004) ==================================== [+] Cisco PIX Hashes Cryptanalysis via Sorted Rainbow Tables. [!] Quick fix on cryptanalysis statistics.5 beta52 (28-05-2004) ==================================== [+] Wireless Scanner (experimental). ==================================== Version 2.5 beta50 (01-05-2004) ==================================== [!] Quick fix on poison packets.1 beta3. however I really don't know how many cards are supported.11 frames -> no WEP cracking for now. ==================================== Version 2. ==================================== Version 2.

Compatibility with RainbowCrack v1.MD5 Hashes Cryptanalysis via Sorted Rainbow Tables (ADDED) . [+] Users enumeration and SID scanner independent threads. . [!] OUI List updated. [+] Brute-Force and Dictionary attacks rewritten for all crackers.". . [!] Winpcap library updated to version 3.MD4 Hashes Cryptanalysis via Sorted Rainbow Tables (ADDED). [+] "Map Network Drive" function in Shares ListView.5 beta44 ================== NEW FEATURES: .RIPEMD160 Hashes Cryptanalysis via Sorted Rainbow Tables (ADDED).Lists are not sorted correctly by Timestamps (FIXED) .Protected Storage Password Manager support for MS-Outlook 2002 POP3. ================== Version 2.IMAP.5 beta45 ================== NEW FEATURES: .Dialup Password Decoder (ADDED) VARIANT AND FIXES: .OUI List (UPDATED) . VARIANT AND FIXES: .HTTP . [!] Server name not showing in SQL Server 2000 Password Extractor. [+] "Get Certificate" function in Certificates ListView.==================================== [+] MySQL Hashes Cryptanalysis via Sorted Rainbow Tables. [+] MySQL Password Cracker (works with both v3. [!] EditBox's 64Kb limit fixed.23 and SHA1 Hashes). [+] Sniffer filter for Microsoft Kerberos5 Pre-Authentication over TCP. [-] MSN Messenger Password Sniffer/Cracker (MSNP7 protocol no more supported on servers)." bug in Dialup Password Decoder (FIXED).The "Test Password" function reports passwords in uppercase when used against NTLM Session Security Hashes (FIXED) ================== Version 2.9. VARIANT AND FIXES: .23 and SHA1).MD2 Hashes Cryptanalysis via Sorted Rainbow Tables (ADDED). ================== Version 2.MD2 Hashes Cracker does not auto-save resume informations (FIXED). [+] Sniffer filter for MySQL authentications (v3. ================== Version 2.2 (ADDED) . [!] OpenSSL library updated to version 0.5 beta47 ================== NEW FEATURES: .SHA-1 Hashes Cryptanalysis via Sorted Rainbow Tables (ADDED) .7d.Minor BUG fixing.5 beta46 ================== NEW FEATURES: . .NTLM Hashes Cryptanalysis via Sorted Rainbow Tables (ADDED).1 beta. [!] Protected Storage not automatically dumped on startup.

5 beta41 ================== NEW FEATURES: .htm) VARIANT AND FIXES: .Ability to choose the location of RainbowTable files (ADDED) .Microsoft SQL Server 2000 Password Cracker (ADDED) .antsight.com/zsl/rainbowcrack/rcracktutorial.0 and SQL Server 2000) .Ability to stop the cryptanalysis thread (ADDED) .Sortable Groups List .Remote Desktop Password Decoder (ADDED) VARIANT AND FIXES: .Bug in RIP Analisys when switching from authentications (FIXED) .Bug in VNC sniffer filter (FIXED) .Bug in Microsoft SQL Server 2000 Password Extractor (FIXED) .5 beta43 ================== NEW FEATURES: .Enterprise Manager Password Decoder (ADDED) (Decode Enterprise Manager's passwords of SQL Server 7.Process identification in Cain's TCP/UDP Table Viewer (ADDED) . For informations on Rainbow Tables generation and sorting please read the RainbowCrack's Tutorial (http://www.LM Hashes Cryptanalysis via Sorted Rainbow Tables (ADDED) Cain can now perform cryptanalysis attacks on LM Hashes using RainbowCracks's sorted tables.Infinite loop bug in TDS Sniffer filter (FIXED) .Sortable Browsers List .Reloading Cain LM&NTLM Hashes cracker loose resume informations (FIXED) ================== Version 2.and SMTP passwords VARIANT AND FIXES: .Sortable Protected Storage List ================== Version 2.Some bugs in the LM&NTLM Cracker (FIXED) ================== .Microsoft SQL Server 2000 Password Extractor via ODBC (ADDED) VARIANT AND FIXES: .Custom charset support Rainbow Tables (ADDED) .5 beta42 ================== NEW FEATURES: .Process identification in Abel's TCP/UDP Table Viewer (ADDED) (These functions work only on XP or later) .Numbers in the Crackers Tree (ADDED) ================== Version 2.Sniffer crashes when Routing Protocols Analisys is enabled (FIXED) .Sortable Computers List . This kind of attack is pretty fast but works only on LM Hashes not encrypted with a challenge.Sortable Users List .Sortable Abel Hashes List .Sortable Services List .All crackers now auto-save resume informations every 3 minutes .Sortable Shares List .

OpenSSL library upgrade to version 0. The transfer is initiated by the device itself so dyna mic NAT between you and the device is a problem too.Bug fixed in Cain's HTTP parser (FIXED) .1a (ADDED) .Network enumeration of Terminal Services Servers (ADDED) VARIANT AND FIXES: .Check for local Administrator's rights (ADDED) .7c ================== Version 2.OUI List (UPDATED) . ================== Version 2. NTLM and NTLMv2 Hashes with or without NTLMSSP encapsulation are supported and can be "Sent to the Cracker" for Dictionary and Brute-Force attacks.0.5 beta39 ================== NEW FEATURES: .NTLM Session Security Password Cracker The long awaited cracker for NTLM Session Security authentications is finally available in this version.Duplicate entries in the APR list (FIXED) .5 beta36 ================== NEW FEATURES: . The device will download its configuration from Cain using TFTP protocol.5 beta37 ================== VARIANT AND FIXES: . all kind of LM.9.5 beta35 ================== NEW FEATURES: . The device configuration request is made via SNMPv1 using the Read/Write community string (the Read-Only one is not enoug h). This feature will not work if there are network restrictions like ACLs or firewa ll rules on those protocols.Some bugs in the LM&NTLM Cracker(FIXED) .Winpcap library updated to version 3.Version 2. Now. ================== Version 2.5 beta38 ================== .5 beta40 ================== VARIANT AND FIXES: .Crashes parsing truncated HTTP packets (FIXED) ================== Version 2.Better Error handling in network functions (ADDED) ================== Version 2.Cisco Config Uploader (ADDED) Cain can now upload configuration files to Cisco routers and switches that supports the OLD-CISCO-SYSTEM-MIB.

The sniffer/cracker has been successfully tested using a Cisco VPN Client v4.Some problems in HTTP and NNTP sniffer filter (FIXED) .3(1).5 beta33 ================== VARIANT AND FIXES: .9. The device will upload its confi guration to Cain using TFTP protocol.Crashes in Users Enumerations function (FIXED) .Cisco Config Downloader (ADDED) This feature lets you download the configuration file from Cisco routers and switches that supports the OLD-CISCO-SYSTEM-MIB or the new CISCO-CONFIG-COPY -MIB.0 and a Cisco PIX Firewall Version 6.IKE Aggressive Mode Pre-Shared Keys Cracker (ADDED) The cracker works with both MD5 and SHA1 Hashes.5 beta32 ================== NEW FEATURES: . The transfer is initiated by the device itself so dynamic NAT between you and the device is a problem too. NTLMv1 onl y (NTLMSSP).Cisco Type 7 Password Decoder fails to decode long passwords (FIXED) . (It seems that the Cisco PIX Firewall does not support this feature) The device configuration request is made via SNMPv1 or SNMPv2 using the Read/Wri te community string (the read-only is not enough). This feature will not work if there are network res trictions like ACLs or firewall rules on those protocols.Sniffer filter for PROXY-HTTP authentications (LM&NTLMv1 (NTLMSSP). . VARIANT AND FIXES: . Please let me know your results.Sniffer filter for IKE Aggressive Mode Pre-Shared Keys authentications (ADDED) The sniffer collects all the parameters needed to crack a Pre-Shared Key used in IKE Aggressive Mode authentications (see RFC-2409 for details).Sniffer filter for HTTP authentications (LM&NTLMv1 (NTLMSSP).Some crashes due to the Base64 decoding function (FIXED) ================== Version 2.5 beta31 . NTLMv1 only (NTL MSSP).Sortable Lists in Sniffer->Passwords TAB . NTLMv2 (NTLMSSP)) (ADDED) VARIANT AND FIXES: .7b ================== Version 2.OpenSSL library upgrade to version 0..5 beta34 ================== NEW FEATURES: . NTLMv2 (NTLMSSP)) (ADDED) ."Cannot open the session file" problem in Telnet List (FIXED) ================== Version 2. ================== Version 2.

Winpcap library upgrade to version 3.0 ================== Version 2.Fake local ARP cache entries needed for HTTPS sniffer are now "Dynamic".Some problems in SMB sniffer filter (FIXED) .================== VARIANT AND FIXES: .5 beta27 ================== NEW FEATURES: . It makes use of APR (Arp Poison Routing) so the attacker's IP and MAC addresses can be totally spoofed client-side.Some problems in POP3 sniffer filter (FIXED) . The sniffer cannot decrypt HTTPS traffic if directed to/from the attacker's workstation.Cain crashes parsing DNS packets with extended labels (RFC 2673) (FIXED) ================== Version 2.Bug in the OSPF-MD5 Cracker (FIXED) .Sniffer filter for "NTLMv1 only (NTLMSSP)" authentications (ADDED) VARIANT AND FIXES: .Some problems in HTTP sniffer filters (FIXED) ================== Version 2.SMB sniffer incorrectly reports "NTLMv1 only" authentications as "Cleartext" ( FIXED) .Sniffer filter for ICQ authentications (ADDED) VARIANT AND FIXES: .HTTPS Man-in-the-Middle Sniffer and password collector (ADDED) Cain's HTTPS sniffer works in in FULL-DUPLEX-MODE processing both Client and Server HTTPS traffic.5 beta29 ================== NEW FEATURES: . All fake certificate's parameters except for public keys are the same as in originals.9. .OpenSSL library upgrade to version 0. .5 beta28 ================== VARIANT AND FIXES: .LSA Secrets Dumper (ADDED) . .Some problems in HTTP sniffer filter and Cookie parser (FIXED) .5 beta30 ================== NEW FEATURES: .Abel's LSA Secrets Dumper (ADDED) .Automatic HTTPS Certificate Collector (ADDED) The collector automatically grabs certificates from HTTPS servers and creates a fake copy of them locally.7a ================== Version 2.Some problems in POP3 sniffer filter (FIXED) .ICMP Traceroute always ask "Please enter a positive integer" (FIXED) .

Minor error in POP3 and Kerberos sniffer filter (FIXED) ================== Version 2.IMAP.Minor BUG fixed in the OUI list ================== Version 2.Some problems in POP3.NNTP sniffer filters (FIXED) .Important BUG fixed in APR to avoid remote cache pollution .Sniffer filter for MSN authentications (ADDED) . .Cain crashes at random intervals while sniffing (passwords filters disabled) ( FIXED) .ARP healing function modified to use ARP Request Packets .Cain can now dump LSA Secrets indirectly from the registry.5 beta23 ================== VARIANT AND FIXES: .RADIUS User's Passwords Sniffer/Decoder (ADDED) Capture and decrypt RADIUS user's passwords once the NAS Shared Key is found.Sniffer filter for RADIUS authentications (ADDED) VARIANT AND FIXES: .Some problems IMAP and FTP sniffer filters (FIXED) . The dumper uses LSASS code injection technique so you need Administrator privileges.SMTP. VARIANT AND FIXES: .5 beta26 ================== VARIANT AND FIXES: . . Once the right key is found all User's passwords can be recovered instantly.Pre-Poison function using ARP Request Packets to force entries in remote ARP caches (ADDED) VARIANTS AND FIXES: .Minor BUG fixed in POP3 (APOP-MD5) sniffer ================== Version 2.5 beta25 ================== VARIANT AND FIXES: .Selectable sniffer filters .5 beta22 ================== NEW FEATURES: . The cracker extracts Authenticators fields from Access-Request and Access-Accept packets and use them to recover these keys.Another minor BUG loading the OUI list (FIXED) ================== Version 2.Some code clean-up ================== Version 2.RADIUS Shared Keys Cracker (ADDED) A RADIUS Key is a shared secret between the RADIUS server and a NAS(Network Access Server) used to encrypt RADIUS User's passwords.MSN Password Cracker (ADDED) .5 beta24 ================== NEW FEATURES: .

3DES and Blowfish.Smart Poison on ARP requests for host contained in the APR table (ADDED) VARIANTS AND FIXES: .New Cain's Traceroute GUI .Some problems in HTTP and POP3 Password Sniffers (FIXED) . These parameters are found in Token's activation files typically named "something.Export function in Protected Storage Passwords Viewer (ADDED) ================== Version 2. Zlib compression is not supported in this version. The calculator produces valid tokens given the serial number and the activation key of an RSA SecurID device.SSH-1 Sniffer for APR (ADDED). Cain's SSH-1 sniffer works in in FULL-DUPLEX-MODE processing both Client and Server SSH-1 traffic. APR (ARP Poison Routing) and a Man-in-the-Middle situation is also required because of the RSA asymmetric encryption used in SSH-1 negotiation's phase.Export function in PWL Cached resources Viewer (ADDED) .ASC".Only one instance of Cain forced to run at a time .Sniffer filter for HTTP Cookies authentications (ADDED) .Problems in Hot-Key and the main Menu (FIXED) . VARIANTS AND FIXES: .0 Sniffer report wrong usernames if the password is blank (FIXED) ================== Version 2.Promiscuous-Mode Scanner (ADDED). It tries various tests based on non-standard ARP packets and it uses the same Spoofing configuration of APR.Minor bug-fixing . The sniffer supports 3 symmetric encryption algorithms: DES.5 beta21 ================== NEW FEATURES: . It makes use of APR (Arp Poison Routing) so the attacker's IP and MAC addresses can be totally spoofed and never exposed on the network."Couldn't create session file" error in Telnet Sniffer (FIXED) .5 beta20 ================== NEW FEATURES: . The sniffer cannot decrypt SSH-1 traffic if directed to/from the attacker's workstation.TDS v7. .RSA SecurID Token Calculator (ADDED).5 beta19 .- Option to Poison using ARP Request or ARP Reply Packets (more network traffic) BUG in TDS password sniffer (FIXED) BUG in VNC passwords sniffer (FIXED) BUG in HTTP password sniffer (FIXED) BUG in POP3 password sniffer (FIXED) BUG in APOP passwords sniffer (FIXED) Sniffer's memory allocation problems (FIXED) ================== Version 2.MD5 Brute-Force Password Cracker cannot crack some passwords (FIXED) .Export function in Host List (ADDED) . . The scanner has been included in the main "Hosts List".

Access Database Password Manager -> Access Database Password Decoder ================== Version 2. CRAM-MD5.Sniffer filter for Microsoft Kerberos5 Pre-Authentication (ADDED) .x.Protected Storage Password Manager (ADDED) VARIANTS AND FIXES: ================== Version 2.0 symbolic links (FIXED) .VNC Password Decoder (ADDED) . v5.Sniffer filter for POP3 authentications (LM&NTLMv1 (NTLMSSP).Dictionary Attacks errors in MD2.0.5 beta18 ================== NEW FEATURES: .================== NEW FEATURES: .0.DNS Spoofer for APR (ADDED) .SHA-1. LM&NTLMv1 (NTLMSSP).Start Sniffing and Poisoning at startup (ADDED) VARIANTS AND FIXES: .Access Database Password Decoder support for Access 2000/XP (ADDED) VARIANTS AND FIXES: . LM&NTLMv1 (NTLMSSP).5 beta16 ================== NEW FEATURES: .5 beta15 ================== NEW FEATURES: .Problems with Winpcap 3.Wrong "Next-Hop" in Internal EIGRP Routes Extractor (FIXED) ================== Version 2. v7 . LM&NTLMv1 (NT LMSSP).Hash Calculator (ADDED) . NTLMv2 (NTLMSSP))(ADDED) VARIANTS AND FIXES: . LM&NTLMv1 (NTLMSSP).Sniffer filter for IMAP authentications (LOGIN.MD4 Password Cracker (ADDED) . Microsoft SQL) authentications (v4.RIPEMD-160 Crackers when Hybrid-Brute is selected (FIXED) ================== Version 2.SHA-1 Password Cracker (ADDED) .Sniffer filter for TDS (Sybase.MD5. LOGIN.Sniffer filter for SMTP authentications (PLAIN.Sniffer filter for NNTP authentications (PLAIN. NTLMv2 (N TLMSSP)) (ADDED) .MD5 Password Cracker (ADDED) . NTLMv2 (NTLMSSP)) (ADDED) .5 beta14 ================== NEW FEATURES: . NTLMv2 (NTLMSSP) ) (ADDED) .VRRP Monitor (ADDED) .The Sniffer's Password Tree now shows the # of captured passwords .Microsoft Kerberos5 Pre-Authentication Cracker (ADDED) .Hosts are not sorted correctly for IP addresses (FIXED) .RIPEMD-160 Password Cracker (ADDED) . NTLMv2 (N TLMSSP)) (ADDED) .

Speed improvement in Arp Poison Routing (APR) . NTLMv1 only.Sniffer filter for RIPv2-MD5 authentication (ADDED) .5 beta12 ================== NEW FEATURES: .Cisco PIX Firewall Password Cracker (for "enable" and "passwd" commands) (ADDE D) FIXES: .Sniffer filter for VNC authentications (ADDED) ."\Device\Packet_NdisWanIp" eliminated from the adapters list .Various "Memory Leak" problems in Sniffer's filters (FIXED) .5 beta13 ================== NEW FEATURES: .OSPF-MD5 Password Cracker (ADDED) .Cisco PIX Firewall Password Calculator (ADDED) .Incorrect "Origin AS" in EIGRP External Route analysis (FIXED) ================== Version 2.Sniffer filter for NTLMSSP (LM & NTLMv1.RIPv2-MD5 Password Cracker (ADDED) FIXES: .NTLMv2 Password Cracker (ADDED) ******************************************************************************** ******** ************************************ WARNING!!!! ******************************* ******** ******************************************************************************** ******** In NTLMv2 authentication the Domain/Hostname name is also used..Little speed improvement in all MD5 based password crackers .5 beta11 ================== NEW FEATURES: .Speed improvement in Sniffer's filters ."Send to Cracker" and "Send All to Cracker" functions modified . for this reason the following commands: .Sniffer filter for OSPF-MD5 authentication (ADDED) .Some fixes and speed improvement in LM & NT Hashes password crackers ================== Version 2.Sniffer filter for VRRP authentications (ClearText and IP Auth Header based)(A DDED) VARIANTS AND FIXES: .Buffer overflow in DNS Spoofer (crash parsing compressed names) (FIXED) .Sortable Hosts List .VRRP-HMAC-96 Password Cracker (ADDED) .IP packets routed by APR are processed twice -> Double passwords entry in list s (FIXED) .OUI Fingerprint stops working when all hosts are removed from the Hosts list ( FIXED) ================== Version 2.Sniffer filter for NTLMv2 authentication (ADDED) . NTLMv2) authentications (ADDED) .VNC Password Cracker (ADDED) .

.......Packets sent are 1 Byte longer than the right size (FIXED) .RIP Monitor (ADDED) .CRAM-MD5 Password Cracker (ADDED) ..Winpcap v2..DOMAIN..Sniffer filter for APOP-MD5 authentications (ADDED) .APOP-MD5 Password Cracker (ADDED) . 2) Restart Cain and test the password again However.LST in the programs directory deleting the Domain/Hostname: EXAMPLE: Contents of NTLMv2.3 support and compatibility (ADDED) FIXES: .Cannot switch to Cain because the tray icon is not present (FIXED) ...Automatic scroll in Password's ListViews (ADDED) .5 beta10 ================== NEW FEATURES: .... To avoid checking the password twice. This name is extracted from the authenticati on packet sniffed on the network.Sniffer filter for POP3 CRAM-MD5 authentications (ADDED) .C0A9FBDBD59A919E3E6812AF92CB338F.Sniffer filter for IMAP authentications (Basic and CRAM-MD5) (ADDED) ..Main window XP display problems (FIXED) ================= Version 2."net use \\SERVER\C$ /user:administrator password" "net use \\SERVER\C$ /user:DOMAIN\administrator password" produce different NTLMv2 encrypted passwords. modified -> Administrator. If it 0) 1) you already known the password and the NTLMv2 cracker does not retrieve correctly try as follows: Quit Cain modify the line in the file NTLMv2.. With the second command Windows encrypt s the NTLMv2 password using Domain = "DOMAIN"...5 beta9 ================= .Some problems with the GUI (FIXED) ================== Version 2...... if you send to the cracker NTLMv2 hashes captured from a "good" session (a session with the "Successful" string in the LogonResult column) the cracker should work correctly.APR remains in Half-Routing state while poisoning certain firewalls (FIXED) .C0A9FBDBD59A919E3E6812AF92CB338F..LST original -> Administrator.. With the first command Windows enc rypts the NTLMv2 password using Domain = NULL..Box Revealer for passwords hidden by asterisks (ADDED) FIXES: .. ******************************************************************************** ******* ******************************************************************************** ******* . the cracker always use the Domain/Hostname in the "Domain" column of the list....

Base64 Password Decoder (ADDED) .LST" contains more than 256 lines (FIXED) .TCP/UDP/ICMP Traceroute + DNS Resolver + WHOIS resolver (ADDED) (The WHOIS client extracts "inetnum" and "route" informations from RIPE's Databa se) FIXES: .Multiple AS support in EIGRP Monitor (ADDED) .ieee.Adapter statistics on status bar (ADDED) .Multiple HSRP Group support in HSRP Monitor (ADDED) .RC4-MMX routines as been optimized in Assembler for Pentium-Pro or later proce ssors (ADDED) .Sniffer filter for HTTP Form Authentication (ADDED) .3beta is needed for XP support ================= NEW FEATURES: ..Access 97 Password Decoder Dialog (ADDED) .Cain crashes on startup when "HASHES.EIGRP Monitor does not return EIGRP routes from routers with AS != 1 (FIXED) .3 Release for XP support ================= NEW FEATURES: .OUI Fingerprint (ADDED) (The updated public OUI list is available at http://standards.HSRP Monitor (ADDED) ..ARP Responder for the spoofed address (ADDED) .5 beta7 .EIGRP Monitor does not return EIGRP routes from routers with certain IOS versi ons (FIXED) .org/regauth/o ui/oui.RC4 routines parallelized using MMX technology (ADDED) .still waiting for Winpcap 2.Deleting all APR WAN entries causes packets retransmission (ACK Storm) until T TL reaches 0 (FIXED) .Computers enumeration does not recognize Windows XP platforms (FIXED) ================= Version 2.HSRP and VRRP virtual address identification (ADDED) .Speed improvement in PWL Password Cracker (ADDED) .TCP Traceroute does not change source port at every probe (FIXED) .NEW FEATURES: .Access 97 Password Decoder ListView (REMOVED) .EIGRP Monitor does not work correctly when spoofed IP and MAC addresses are us ed (FIXED) .EIGRP Monitor (ADDED) .OSPF Monitor .txt) .UDP Traceroute does not stop correctly at destination when the specified remot e UDP port is in use at the target (FIXED) .Hop's Netmask discovery using ICMP packets in Traceroute (ADDED) FIXES: .EIGRP Routes ListView does not report the correct "NextHop" address for Intern al routes (FIXED) ================= Version 2.IP swapping in HSRP ListView when more than one HSRP group is present (FIXED) .BPF Kernel filter to accept only ARP and IP traffic (ADDED) .Problems enumerating network domains in Windows XP (FIXED) .5 beta8 Winpcap 2.ICMP Traceroute does not stop correctly when used against misconfigured PAT de vices (FIXED) .

Crashes in Cisco Type-5 Password Cracker when started using non-existent dicti onary file (FIXED) ================= Version 2.Dictionary and Brute-Force Configuration pages separated (ADDED) .Dictionary and Brute-Force Attack Threads separated (ADDED) .Several minus bugs in crackers (FIXED) ================= Version 2.Multiple entries in Telnet Session ListView (FIXED) .Winpcap v2.3 Release for XP support ================= NEW FEATURES: .Out of Subnet Addresses in Host-List View (FIXED) .Cisco Type-5 (MD5 Based) Password Cracker (ADDED) ..Processor Informations Dialog (ADDED) .RC4 and MD5 routines as been optimized in Assembler for Pentium or later proce ssors (ADDED) .The path to Abel.Crashes in NT-Hashes Password Cracker when started using non-existent dictiona ry file (FIXED) .Export Hashes to L0phtCrack v2.Application crashes using Winpcap v2.Cain crashes opening the configuration dialog (FIXED) .3 Release for XP support ================= NEW FEATURES: .NT Cracker doesn't test the username as password (FIXED) ."PacketReceivePacket failed" error when stopping the sniffer (FIXED) .Keyrate (Password/sec) in all crackers (ADDED) FIXES: .PWL Cached-Resources dialog shows only the username for Novell resources (FIXE D) .PWL Cracker doesn't test the username as password (FIXED) .still waiting for Winpcap 2.5 beta5 .Speed improvement in PWL Password Cracker (ADDED) ..Cisco Type-7 Password Decoder (ADDED) FIXES: .Automatic check for MMX support in PWL Cracker (ADDED) .Incorrect IP parameters in configuration dialog (FIXED) .dll is not injected properly in LSASS process (FIXED) .x (.waiting for Winpcap 2.Quick List in network tree (ADDED) FIXES: ..Crashes in PWL Password Cracker when started using non-existent dictionary fil e (FIXED) .lc) compatible file (ADDED) .2 (FIXED) .Code cleanup in MD5 hashing functions (FIXED) .2 support and compatibility (ADDED) ..Cain crashes reading non-existent PWL files in list (FIXED) .Local NT Hash Dumper (ADDED) (no need to install Abel locally anymore) FIXES: .IPC connections don't return network errors (FIXED) ================= Version 2.Incorrect FTP passwords collected (FIXED) .5 beta6 ..5 beta4 ================= NEW FEATURES: .

Abel TCP Table Viewer (ADDED) .Problem in SID Scanner on a machine inserted into a Domain (FIXED) .Console Threads Buffer Overflow Problems (FIXED) .Disconnection Dialog (ADDED) .0.Abel Route Table Manager (ADDED) .Encryption on Abel UDP Table Viewer (ADDED) .Encryption on Abel TCP Table Viewer (ADDED) .Encryption on Abel Hash-Dumper (ADDED) .Console Echo Problem (FIXED) ..Progress dialog in SIDs scanner (ADDED) FIXES: .Console Problem on "\n" only strings (FIXED) .Some SMB sniffer problems (FIXED) .PacketGetNetInfo not working with DHCP (FIXED) .5 beta2 ================= NEW FEATURES: ."Cannot open the Adapter" loop in configuration Dialog (FIXED) .Abel UDP Table Viewer (ADDED) .NULL password check on PWL and NT password cracker (ADDED) .Encryption on Abel Route Table Manager (ADDED) .IP address 0."Hashes.Refresh on all ListView (ADDED) .0 on DHCP enabled adapters (FIXED) ================= Version 2.Abel Service Installation Progress (ADDED) .Cain Route Table Manager (ADDED) .Set Modified Flag Reset Problem (FIXED) .Range dialog in MAC scanner (ADDED) .SID Scanner on request (ADDED) .5 beta1 ================= (First Public Release) NEW FEATURES: .Some SMB Sniffer problems (FIXED) .Cain UDP Table Viewer (ADDED) .Progress dialog in MAC scanner (ADDED) .SMB Sniffer clear-text password support (ADDED) .Abel Remote Console (ADDED) .Incorrect POP3 passwords collected (FIXED) ================= Version 2.SIDs scanner doesn't extract all users (FIXED) .Cain TCP Table Viewer (ADDED) .Right Click on Tree Control Problem (FIXED) ================= Version 2.0.5 beta3 ================= NEW FEATURES: .Abel Service (ADDED) .Console History (ADDED) .Abel Hash-Dumper (DLL Injection into LSASS) works with Syskey enabled (ADDED) FIXES: .APR (ARP Poison Routing) enables sniffing on switched networks (ADDED) .txt" not deleted after Hash Dump (FIXED) .Problem with disabled adapters (FIXED) .

SMB passwords (ADDED) Full Telnet Session Recorder (ADDED) MAC Scanner (ADDED) Access Database Password Recover (ADDED) PWL Password Recover (ADDED) SID Scanner (ADDED) Service Manager (ADDED) Users. FTP. POP3.- Spoofed IP and MAC support on APR (ADDED) Sniffer filters for HTTP. Groups and Service Enumeration (ADDED) .