Matt Cupp

Matt Weber
Cain & Abel Tutorial
Cain & Abel is actually two programs in one. Cain is the GUI windows based
hacking and password recovery utility and Abel is the tool to be used for Windows NT
service. Due to the time constraints of this project and the fact that we are not using
Windows NT, we will only be discussing Cain, as it is more useful for what we are doing.
This tutorial will cover the main aspects of this complex and useful program.

Installation

For this install, you must be logged in as Admin. Enter the administrator password and
copy ca_setup.exe to the desktop from the Z Drive.

Double Click the installation exe to begin the installation.

Click next for the introduction and license agreements.

Choose a place for the program to be installed into. Usually /Program Files/Cain is just
fine. Click Next.

Click Next once more to begin installation.

Click Finish.

Next you have to install the WinPcap packet driver so Cain & Abel can interact with your
machine. Click OK.

Proceed through the introduction and liscense agreement and begin the installation.

Once you finish you will have to reboot the computer, do so and log in as Admin again.

For some reason, these machines will not install the abel.exe and abel.dll files correctly.
To fix this, click on My Computer and go to C:/Program Files/cain and find
Abel.exe.sig and Abel.dll.sig and rename then to Abel.exe and Abel.dll.

Now we can run the program.

Activity One: Starting/Stopping Services Across the Network

1. Click on the Network tab. This feature of the program lets you remotely access
any machine on the network. When connecting to another machine on the
network, the program uses the account that you are logged into on your machine.
It works here only because we are logged in as the administrator and all the
machines on the network use the same login and password for that account. With
 administrator privileges we can start, stop, or pause almost any of the services on
any machine on the network.
2. After clicking the network tab, look at the tree on the left and click on Entire
Netwrok. From there click on IUP and you should get a list of every IP address
on this network. Another option is to right click on Quick List and click Add to
Quick List. Then add the desired IP.
3. On this network, the end of the IP address is the number of the computer. So find
your neighbor’s IP address and click on it and follow the tree until you get a list
with Groups, Services, Shares, and Users.
4. Click on Services and look through the list. You can start, stop, or pause most of
these services, but there are some critical ones that it would not let us change.
5. Find the services for your neighbor’s McAfee programs. If you stop these
services, you can see the shield at the bottom right of your neighbor’s screen go
inactive.
6. You can play around with this, shutting down or starting services and seeing what
it does.

Activity Two: Sniffing

1. Click the sniffer buttons on the top left to activate the sniffer/ARP abilities (the
buttons look like a circuit board and a radioactive sign).

Click the Sniffer Tab. Click the blue plus sign to populate this table with all the machines
on your network. Now click the APR tab (with the radioactive icon) along the bottom of
the program to bring up the APR tables.

Click the blue plus sign to bring up a dialog box. The left list on this box displays the IP
addresses of those computers that you want to re-route their traffic from. The list on the
right side displays the IP addresses of those computers where you want the IP traffic
directed through (you can CTRL-click to select multiple IP addresses). Click OK to start
the ARP Poisoning.

The upper table on the sniffer tab displays the computers that are being poisoned on your
network. The lower table displays the traffic that is being routed across the network.
Using this information can allow you to see what computers are communicating with
each other.