While Cain is powerful when used on the pentester's computer, it is quite limited in terms of "pivoting" (i.e. using a compromised host as a bouncer to reach another part of the target network).
Installing Cain on a compromised host yields at least two severe limitations :
- Cain requires Winpcap. If Winpcap is not found, Cain will refuse to load. Winpcap installs a new driver, and might require a reboot, which is not good in terms of footprint.
- Cain is being detected as Potentially Unwanted Software by most antivirus software out there.
To have Cain loading properly, it is enough to add the following DLLs in Cain directory :
- packet.dll
- wanpacket.dll
- wpcap.dll
To make Cain undetected by most (if not all) antivirus software, the software must be "repacked". However, this is another story :)
Note#2: Cain still requires administrative rights on the compromised host.
4 comments:
Do forget Abel: a client for compromised host. Execute some (pwdump) command remotely without uploading cain files.
Indeed, but Cain can collect far more passwords from the localhost than Abel - and Cain can explore locally visible Windows domains, too.
Most password collection utilities are available individually from NirSoft, but it is nice to have this "all-in-one" functionnality in Cain.
BTW, "abel.dll" is also blacklisted by many antivirus software.
Where do I find those DLLs?
You can get them by installing WinPcap (http://www.winpcap.org/) ... or from Cain on an other machine :)
Post a Comment