CAIN ABLE

Implementation

A scanner like Nessus works from a large set of targets to narrow in on particular vulnerabilities on a host. Cain, on the other hand, works from a single host to expand access to other network systems. It collects many of the capabilities used by tools in other chapters, such as Windows enumeration (Chapter 6), password cracking (Chapter 8), and sniffing (coming up in Chapter 16). The first thing to do is configure Cain's network sniffing features, as shown in Figure 12-7.

As a sniffer, Cain focuses on the authentication step of a protocol rather than collecting all network traffic. Thus, it will watch for anything from FTP or Telnet sessions, to Windows file share access, to authentication for services like VNC or MySQL. Figure 12-8 shows Cain's interception of SMB password hashes (used to access a Windows file share). Right-click on a hash to send it to the Password Cracker utility. From there, you can select any manner of dictionary or brute-force attack against which to test the hash.

The Tools menu provides hash and password analysis utilities for many devices that you're likely to encounter on a large network. The menu also lets you see the current TCP and UDP services and their corresponding application. This makes it easier to map ports to applications than using the netstat command. Figure 12-9 shows an example output.