While Cain is powerful when used on the pentester's computer, it is quite limited in terms of "pivoting" (i.e. using a compromised host as a bouncer to reach another part of the target network).
Installing Cain on a compromised host yields at least two severe limitations :
- Cain requires Winpcap. If Winpcap is not found, Cain will refuse to load. Winpcap installs a new driver, and might require a reboot, which is not good in terms of footprint.
- Cain is being detected as Potentially Unwanted Software by most antivirus software out there.
To have Cain loading properly, it is enough to add the following DLLs in Cain directory :
- packet.dll
- wanpacket.dll
- wpcap.dll
To make Cain undetected by most (if not all) antivirus software, the software must be "repacked". However, this is another story :)
Note#2: Cain still requires administrative rights on the compromised host.
