Sunday 23 October 2011
| Cain & Abel v4.9.42 released- Added support for Licensing Mode Terminal Server connections to Windows 2008 R2 servers in APR-RDP sniffer filter. - Added support for MSCACHEv2 Hashes (used by Vista/Seven/2008) in Dictionary and Brute-Force Attacks. - Added MSCACHEv2 Hashes Cryptanalysis via Sorted Rainbow Tables. - Added MSCACHEv2 RainbowTables to WinRTGen v2.6.3. - MS-CACHE Hashes Dumper now supports MSCACHEv2 hashes extraction from Windows Vista/Seven/2008 machines and offline registry files. - Fixed a bug (crash) in Certificate Collector with Proxy settings enabled. |
| 07/04/2011 |
| Cain & Abel v4.9.40 released- Added Proxy support for Cain's Certificate Collector. - Added the ability to specify custom proxy authentication credentials for Certificate Collector. - Added ProxyHTTPS Man-in-the-Middle Sniffer (TCP port 8080). - HTTP, APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated. - Added progress bar indicator in the off-line capture file function. - Bug fixed in ProxyHTTPS Man-in-the-Middle Sniffer parsing "Connection Established" string. - Bug fixed in VoIP Sniffer creating MP3 Mono files. - Bug fixed in RTP Sniffer processing off-line capture files. - WinRTGen recompiled with OpenSSL library version 0.9.8q. - OpenSSL library upgrade to version 0.9.8q. - Winpcap library upgrade to version 4.1.2. |
| 01/02/2011 |
| Cain & Abel v4.9.38 released - Added TCP/UDP Large Send Offloading status detection on Windows Vista/Seven. - Better handling of APR-SSL MitM threads. - Fixed a problem with APR in Windows7 causing attacker's machine to be isolated from poisoned hosts. - Speed improvement in Credential Manager Password Decoder for x64 operating systems. - Fixed a Cain's runtime error when SIP/RTP sniffer filter is disabled. - SIP, MGCP and RTP sniffer filters are now separated. - Fixed RTP sniffer filter to avoid processing Link-local Multicast Name Resolution (LLMNR) traffic on UDP port 5355. - Fixed RTP sniffer filter to avoid processing SSDP traffic on UDP port 1900. - Fixed RTP sniffer filter to avoid processing Multicast DNS (MDNS) traffic on UDP port 5353. - Improved RTP protocol validation function. |
| 19/06/2010 |
Cain & Abel v4.9.36 released- Added MP3 audio file generation in VoIP sniffer. - Fixed Abel DLL crashes on 64-bit operating systems. - Modified Export function to Users, Groups, Services and Shares lists with TAB separators. - Fixed a bug in Wireless Password Decoder concerning Microsoft Virtual WiFi Miniport Adapter. - Fixed a bug in NTLMv2 Cracker within the "Test Password" function. - Removed "WindowsFirewallInitialize failed" startup error message if Windows Firewall service is stopped. |
| 25/10/2009 |
| Cain & Abel v4.9.35 released- Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter. - Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems. - Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder. - Added Windows Live Mail (Windows 7) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts. - Fixed a bug of RSA SecurID Calculator within XML import function. - Fixed a bug in all APR-SSL based sniffer filters to avoid 100% CPU utilization while forwarding data. - Executables rebuilt with Visual Studio 2008. - Added Windows Firewall status detection on startup. - Added UAC compatibility in Windows Vista/Seven. - Winpcap library upgrade to version 4.1.1. |
| 27/05/2009 |
| Cain & Abel v4.9.31 released- SIPS Man-in-the-Middle Sniffer (TCP port 5061; successfully tested with Microsoft Office Communicator with chained certificates). - Added support for RTP G726-64WB codec (Wengo speex replacement ) in VoIP sniffer. - X509 certificate's extensions are now preserved in chained fake certificates generated by Certificate Collector. - Extended ASCII characters support for SSID in Passive Wireless Scanner. - Some bugs in Cain's Traceroute fixed. |
| 21/04/2009 |
Cain & Abel v4.9.30 released - Added support for the following codecs in VoIP sniffer: G722, Speex-16Khz, Speex-32Khz, AMR-NB, AMR-WB. - Added Certificate Collector ability to generate self-signed or chained fake certificates. - Added certificate format conversion function (from PKCS#12 to PEM). - Added support for Licensing Mode Terminal Server connections in APR-RDP sniffer filter. - Added channel hopping capability on A, BG and ABG channels in Passive Wireless Sniffer. - Added support for A channels in Passive Wireless Sniffer. - Added automatic detection of RX/TX ABG channels for AirPcap NX adapters. - WEP ARP Injection thread now avoid sending packets to disassociated stations. - AirPcap library upgrade to version 4.0.0 (to support the new AirPcap NX adapters from CACE Technologies). - Winpcap library upgrade to version 4.1 beta 5. - OpenSSL library upgrade to version 0.9.8j. |
| 01/12/2008 |
| Cain & Abel v4.9.25 released- Oracle 11g (case sensitive) Password Extractor via ODBC. - Added Oracle 11g Password Cracker (Dictionary and Brute-Force Attacks). - Added support for Oracle TNS 11g (AES-192) in Oracle TNS Hashes Password Cracker. - Added support for Oracle TNS 11g (AES-192) in Oracle TNS sniffer filter. - Experimental SQL Query tool via ODBC. - Fixed a buffer overflow condition in Remote Desktop Password Decoder. |
| 12/11/2008 |
| My paper about Oracle TNS 11g (AES-192) authentication has been added in the Topics area. |
| 03/10/2008 |
Cain & Abel v4.9.23 released - Added LRWB-16Khz codec support in VoIP sniffer. - Added MGCP/RTP sniffer filter. Cain can now extract SDP-RTP parameters from MGCP protocol. - Fixed some bugs in SIP/RTP sniffer filter causing crashes while sniffing. - All Dumper's DLL Injection functions have been rewritten to directly use undocumented ZwCreateThread API instead of CreateRemoteThread. On XP/2003, Cain now supports passwords/hashes/secrets extraction even if executed in Terminal Server sessions. - Fixed a bug in dictionary attack "Double" option. |
| 25/08/2008 |
| Cain & Abel v4.9.21 released - Added PPPoE sniffer filter for PAP, CHAP, MS-CHAPv1 and MS-CHAPv2 authentications. - Added GRE/PPP sniffer filter for MS-CHAPv2 authentications. - Added automatic translation of MS-CHAPv2 to NT-challanges in "Send to Cracker" function. - Added support for Remote Desktop client v6 in APR-RDP sniffer. - Added support for Oracle TNS 10g (AES-128) in Oracle TNS Hashes Password Cracker. - Added support for Oracle TNS 10g (AES-128) in Oracle TNS sniffer filter. - Added UserField and PassField columns in HTTP sniffer list. - Added a "Note" column in all Cracker's lists. - Fixed a bug in offline NTLM hashes dumper when BootKey parameter is not specified. - Fixed a bug in offline NTLM hashes dumper when LM hash is not present. - Charset file updated to support German an Danish special characters in rainbowtables (for Cain and Winrtgen). |
| 01/07/2008 |
| I just want to share results of my research on Oracle TNS (9i 3DES) and (10g AES-128) authentication. The papers can be found in the Topics area. |
| 20/06/2008 |
| Cain & Abel v4.9.15 released- Added Oracle TNS Password Cracker (Dictionary and Brute-Force Attacks for DES and 3DES hashes). - Added Oracle TNS sniffer filter for DES and 3DES authentications. - Fixed a bug in VNC sniffer filter for new RFB protocol versions. - Fixed a bug with TCP/UDP/ICMP traceroute and Windows raw socket error code 10022. - Fixed a bug in RSA SecurID Calculator for keyfobs with serial numbers of more than 8 digits. - Fixed a bug in Dictionary Attack crackers regarding mixed Hybrid and Case Permutations variants. - Fixed a bug in challenge spoofing and NTLM downgrading when one of the victim hosts is a gateway. - OpenSSL library upgrade to version 0.9.8h. |
| 06/03/2008 |
Cain & Abel v4.9.14 released - Added GRE/PPP sniffer filter for PAP, CHAP and MS-CHAPv1 (LM & NTLM) authentications. - Added CHAP-MD5 (Dictionary and Brute-Force Attacks). - Added sniffer analysis on GRE/PPP incapsulated traffic; MPPC compression not supported yet. |
| 28/02/2008 |
Cain & Abel v4.9.12 released New features: - Added Windows Vista compatibility in all APR-SSL sniffers. - Added support for new Aircrack-ng's IVs file format in WEP IVs sniffer and cracker. - Modified separator character in cracker's and sniffer's LST files from ";" to "TAB". WARNING !!! The password list file format is changed and old LST files are not compatible anymore. It is strongly suggested to backup your files before upgrade to this new release. |
| 11/12/2007 |
| Cain & Abel v4.9.10 released New features: - Added Remote Registry Editor. - Added SIREN codec support in VoIP sniffer (the default one used by Windows Messenger).- Added support for new AES-128bit Keyfobs in RSA SecurID Token Calculator. - Microsoft SQL Server 2005 Password Extractor via ODBC. - Fixed a bug in Internet Explorer 7 AutoComplete password decoder. - Default HTTP users and passwords fields updated. - Automatic recognition of AirPcap TX capability based on channels. - AirPcap library upgrade to version 3.2. - Winpcap library upgrade to version 4.0.2. |
| 01/09/2007 |
| Mao's marriage to Roberta. |
| 29/07/2007 |
Cain & Abel v4.9.6 released New features: - Added Windows Vista support in LSA Secrets Dumper for external registry files. - Fixed a bug in LSA Secrets Dumper causing application crashes. - Fixed a bug in NT Hashes dumper for hive files when only NT hashes are present. - Winpcap library upgrade to version 4.0.1. - Added Windows Vista support for Active Wireless Scanner. - Off-line capture file processing now compatible with 802.1Q Vlan encapsulation. - Sniffer filter for LDAP passwords. - Automatic Certificate Collector for LDAPS protocol. - LDAPS Man-in-the-Middle Sniffer and password collector (TCP port 636). |
| 05/07/2007 |
| Some screenshots from Farrell's computer in Die Hard 4 movie ... take a look over the red devil here and here. |
| 19/06/2007 |
| Cain & Abel v4.9.4 released New features: - Automatic Certificate Collector for FTPS (implicit), IMAPS and POP3S protocols. - FTPS Man-in-the-Middle Sniffer and password collector. - POP3S Man-in-the-Middle Sniffer and password collector. - IMAPS Man-in-the-Middle Sniffer and password collector. - Added Windows Mail (Vista) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts. - Added PTW WEP cracking attack. - Added Windows Vista support in Wireless Password Decoder. - Wireless Password Decoder now uses DLL injection under XP. |
| 03/05/2007 |
| Cain & Abel v4.9.1 released New features: - Added Windows Vista support in NT Hashes Dumper. - Added Windows Vista support in LSA Secrets Dumper. - Added Windows Vista support in Credential Manager Password Decoder. - Added Windows Vista support in DialUp Password Decoder. - Added Windows Vista support in all DLL Injection functions. - Added support for Internet Explorer 7 AutoComplete passwords. - Added support for Outlook Express Deleted Accounts in Protected Storage Password Manager. - WPA-PSK (Dictionary and Brute-Force Attacks). - WPA-PSK Auth (Dictionary and Brute-Force Attacks). - WPA-PSK Authentications sniffer. - WPA-PSK Hashes Cryptanalysis via Sorted Rainbow Tables. - WPA-PSK RainbowTables have been added to Winrtgen v2.5. - Added IE7 passwords support in Credential Manager Password Decoder. - OpenSSL library upgrade to version 0.9.8e. |
| 10/04/2007 |
CACE Technologies asked me to remove the Airpcap drivers v2.0 beta TX from my site, so you cannot download it anymore from oxid.it. That driver was intended for testing purposes only .... a new Airpcap driver with TX capabilities is expected to be available on their site in the future. |
| 25/02/2007 |
| Cain & Abel v4.5 released New features: - WEP cracking speed up via wireless ARP requests injection (AirPcap USB adapter is needed). This feature has been successfully tested with Airpcap drivers v2.0 beta TX. - Ability to deauthenticate client stations from Access Points. - Added Windows Vista compatibility in NTLM Hashes Dumper, LSA Hashes Dumper and Syskey Dumper for hive files. |
| 09/02/2007 |
Cain & Abel v4.3 released New features:- Cain's MitM NTLM Challenge Spoofing. (Requires APR to be active and a MitM condition between victim hosts). You can now spoof server challenges in NTLM authentications; this feature enables the use of RainbowTables for cracking network hashes. WARNING !!! Enabling Challenge Spoofing cause users to fail authentications so use it carefully.- NTLM Session Security authentications downgrade to LM&NTLMv1. The following protocols are supported: SMB, DCE/RPC, TDS, HTTP, POP3, IMAP, SMTP.- LM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables. - HALFLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables. - NTLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables. - New types of RainbowTables have been added to Winrtgen v2.4. "lmchall" and "ntlmchall" tables can be used against LM and NTLM response hashes for spoofed challenges (default: 0x1122334455667788). "halflmchall" tables can be used against the first 8 bytes LM response hashes for spoofed challenges to recover the first 7 characters of the original password. - Added HALFLMCHALL hashes submission to rainbowcrack-online client. - Ability to dump LSA Secrets directly from SYSTEM and SECURITY registry hive files. A big thanks to all oxid.it forum's users for the excellent support. |
| 18/01/2007 |
Mao at Hackcon#2 security conference (February 7/8 - OSLO, Norway) I have been asked to be there as a speaker to present the latest features of my program Cain & Abel. Detailed information at http://www.hackcon.org. |
Post a Comment