Cain & Abel v4.9.56 released
- Added Windows Vault Password Decoder.
- Added Windows 8 support in LSA Secret Dumper.
- Added Windows 8 support in Credential Manager Password Decoder.
- Added Windows 8 support in EditBox Revealer.
- Added ability to keep original extensions in fake certificates.
- Added support for Windows 8 RDP Client in APR-RDP sniffer filter.
- Winpcap library upgrade to version 4.1.3 (Windows8 supported)
- Added Root Certificate Generator in Certificate Spoofing configuration page.
- Added experimental Certificate Injection feature to inject custom certificates into HTTPS/ProxyHTTPS responses directed to victim APR's clients.
- Added Anticache option for APR-HTTPS/APR-ProxyHTTPS (touch "If-Modified-Since" and "If-None-Match" fields in HTTP headers from client).
- Added Anticompress option for APR-HTTPS/APR-ProxyHTTPS (touch "Accept-Encoding" field in HTTP headers from client).
- Added Anticompress option for APR-IMAPS (touch "COMPRESS=DEFLATE" field in capabilities from server).
- Speed improvement in Certificate Collector.
- Speed improvement in APR engine.
- Speed improvement all APR-SSL sniffer filters.
- Added Automatic extraction of Subject Common Name (CN) from server certificates to be used as hostname in APR-SSL lists.
- Preservation of Subject Alternative Name extension in fake certificates.
- New Base64 Password Decoder dialog.
- OpenSSL library upgrade to version 1.0.1f.
- OUI List updated.
- Several bugs fixed.

Windows Vault Password Dumper v1.0 released.
This tool uses native undocumented functions of Windows Vault API to enumerate and extract credentials stored by Microsoft Windows Vault (eg: Internet Explorer 10 passwords).
The full source code is available in the Topics area. Binaries are available here.

Cain & Abel v4.9.36 released
- Added MP3 audio file generation in VoIP sniffer.
- Fixed Abel DLL crashes on 64-bit operating systems.
- Modified Export function to Users, Groups, Services and Shares lists with TAB separators.
- Fixed a bug in Wireless Password Decoder concerning Microsoft Virtual WiFi Miniport Adapter.
- Fixed a bug in NTLMv2 Cracker within the "Test Password" function.
- Removed "WindowsFirewallInitialize failed" startup error message if Windows Firewall service is stopped.

Cain & Abel v4.9.30 released
- Added support for the following codecs in VoIP sniffer: G722, Speex-16Khz, Speex-32Khz, AMR-NB, AMR-WB.
- Added Certificate Collector ability to generate self-signed or chained fake certificates.
- Added certificate format conversion function (from PKCS#12 to PEM).
- Added support for Licensing Mode Terminal Server connections in APR-RDP sniffer filter.
- Added channel hopping capability on A, BG and ABG channels in Passive Wireless Sniffer.
- Added support for A channels in Passive Wireless Sniffer.
- Added automatic detection of RX/TX ABG channels for AirPcap NX adapters.
- WEP ARP Injection thread now avoid sending packets to disassociated stations.
- AirPcap library upgrade to version 4.0.0 (to support the new AirPcap NX adapters from CACE Technologies).
- Winpcap library upgrade to version 4.1 beta 5.
- OpenSSL library upgrade to version 0.9.8j.

Cain & Abel v4.9.23 released
- Added LRWB-16Khz codec support in VoIP sniffer.
- Added MGCP/RTP sniffer filter. Cain can now extract SDP-RTP parameters from MGCP protocol.
- Fixed some bugs in SIP/RTP sniffer filter causing crashes while sniffing.
- All Dumper's DLL Injection functions have been rewritten to directly use undocumented ZwCreateThread API instead of CreateRemoteThread. On XP/2003, Cain now supports passwords/hashes/secrets extraction even if executed in Terminal Server sessions.
- Fixed a bug in dictionary attack "Double" option.

Cain & Abel v4.9.14 released
- Added GRE/PPP sniffer filter for PAP, CHAP and MS-CHAPv1 (LM & NTLM) authentications.
- Added CHAP-MD5 (Dictionary and Brute-Force Attacks).
- Added sniffer analysis on GRE/PPP incapsulated traffic; MPPC compression not supported yet.

Cain & Abel v4.9.12 released
New features:
- Added Windows Vista compatibility in all APR-SSL sniffers.
- Added support for new Aircrack-ng's IVs file format in WEP IVs sniffer and cracker.
- Modified separator character in cracker's and sniffer's LST files from ";" to "TAB".

WARNING !!! The password list file format is changed and old LST files are not compatible anymore. It is strongly suggested to backup your files before upgrade to this new release.

Cain & Abel v4.9.6 released
New features:
- Added Windows Vista support in LSA Secrets Dumper for external registry files.
- Fixed a bug in LSA Secrets Dumper causing application crashes.
- Fixed a bug in NT Hashes dumper for hive files when only NT hashes are present.
- Winpcap library upgrade to version 4.0.1.
- Added Windows Vista support for Active Wireless Scanner.
- Off-line capture file processing now compatible with 802.1Q Vlan encapsulation.
- Sniffer filter for LDAP passwords.
- Automatic Certificate Collector for LDAPS protocol.
- LDAPS Man-in-the-Middle Sniffer and password collector (TCP port 636).

CACE Technologies asked me to remove the Airpcap drivers v2.0 beta TX from my site, so you cannot download it anymore from oxid.it. That driver was intended for testing purposes only .... a new Airpcap driver with TX capabilities is expected to be available on their site in the future.

Cain & Abel v4.3 released
New features:
- Cain's MitM NTLM Challenge Spoofing. (Requires APR to be active and a MitM condition between victim hosts).
You can now spoof server challenges in NTLM authentications; this feature enables the use of RainbowTables for cracking network hashes.
WARNING !!! Enabling Challenge Spoofing cause users to fail authentications so use it carefully.
- NTLM Session Security authentications downgrade to LM&NTLMv1. The following protocols are supported: SMB, DCE/RPC, TDS, HTTP, POP3, IMAP, SMTP.
- LM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- HALFLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- NTLM + spoofed challenge Hashes Cryptanalysis via Sorted Rainbow Tables.
- New types of RainbowTables have been added to Winrtgen v2.4.
"lmchall" and "ntlmchall" tables can be used against LM and NTLM response hashes for spoofed challenges (default: 0x1122334455667788).
"halflmchall" tables can be used against the first 8 bytes LM response hashes for spoofed challenges to recover the first 7 characters of the original password.
- Added HALFLMCHALL hashes submission to rainbowcrack-online client.
- Ability to dump LSA Secrets directly from SYSTEM and SECURITY registry hive files.

A big thanks to all oxid.it forum's users for the excellent support.

Mao at Hackcon#2 security conference (February 7/8 - OSLO, Norway)
I have been asked to be there as a speaker to present the latest features of my program Cain & Abel.
Detailed information at http://www.hackcon.org.

Cain & Abel v3.3 released
New features:
- Support for AirPcap USB 2.0 adapter in Wireless Scanner.
- Passive Wireless Scanner with channel hopping support.
- AirpCap.DLL dynamically linked.
- WEP IVs sniffer (Capture files are compatible with Aircrack's .ivs files).
- 802.11 capture files analyzer compatible with PCAP and Aircrack's .ivs file formats.
- 802.11 capture files decoder (support WEP and WPA-PSK encryption).
- WPA-PSK pre-shared key calculator.
- WEP Cracker using Korek's Attack (64-bit and 128-bit key length supported).
- Off-line capture file processing now compatible with Wireless extensions.
- Added G722.1 codec support in the VoIP sniffer.
- Added sniffer filter for DCE/RPC authentications (Outlook connecting to Exchange server).
- Added support for Winpcap library version 4.0 and higher.
- Added an option to disable the promiscuous mode of the network card.
- Fixed a problem with bugus lengths in UDP header to avoid sniffer crashes.
- Fixed a problem in MS-CACHE hashes dumper.
- Fixed a memory allocation bug in cryptanalysis attack via RainbowTables on systems with 2Gb of RAM or more.
- OpenSSL library upgrade to version 0.9.8d.
- Winpcap library upgrade to version 4.0 beta2.

Experimental oxid.it forum is online.

Incredible results for Cain & Abel at Insecure.Org 2006 survey

Ranked 9th in the complete list - Top 100 Network Security Tools
Ranked 4th in the category "Packet Sniffers" - Top 11 Packet Sniffers
Ranked 1st in the category "Password Crackers" - Top 10 Password Crackers

Thanks to all security professionals that voted for the program. I would also like to say a big thanks to all users and beta testers for the help given, donations, improvement suggestions, bug reports, and the great support.

thanks again,
Massimiliano Montoro.

Cain & Abel v2.9 released
New features:
- Added Ophcrack's RainbowTables support for LM Hashes Cryptanalysis attack.
- Added hashes syncronization functions (Export/Import) to/from Cain for PocketPC via ActiveSync.
- Added VoIP sniffer support for the following codecs: G723.1, G726-16, G726-24, G726-32, G726-40, LPC-10.
- Added support for Winpcap v3.2.

I recently read a Washington Post article showing a picture of US President George W. Bush visiting the National Security Agency  (NSA) headquarters in January 2006. Cain & Abel is there, displayed on the Talisker Radar in the background. Altough I'm not concerned about NSA monitoring the program's development (they are welcome), I think they are actually missing a lot of features because the version on the screen is not updated.

Cain for PocketPC (ARM) v1.2 released. Download it here.
Requirements:
- PocketPC 2003 device with an ARM based microprocessor architecture (eg: ipaq6515, Qtek 2020, Qtek 9090 ....).
- Microsoft Windows CE or Windows Mobile operating system.
- 5 Mb of free memory
Features:
- Rainbowcrack-online client (works with any Internet connection available such as GPRS, ActiveSync .... ).
- Dictionary Attacks for the following hash types: MD2, MD4, MD5, SHA1, RIPEMD160, CiscoPIX, MySQL v3.23, MySQL v3.23 + challange, MySQL SHA1, MySQL SHA1 + challange, LM, LM + challange, NTLM, NTLM + challange, NTLM Session Security.
- Hash Calculator.
- Base64 Password Decoder.
- Cisco Type-7 Password Decoder.
- Cisco VPN Client Password Decoder.
- VNC Password Decoder.
- Microsoft Messenger Password Decoder.
- Internet Explorer Password Decoder.
- ActiveSync Password Decoder.

Your help is needed for the recovery of Pocket Outlook passwords ! They are probably stored into "pmailFolders" database under the form of security BLOBS. If you find details about the correct way to decrypt them, please send them to me and I'll update Cain as soon as possible.

Cain & Abel v2.8.4 released
New features:
- Rainbowcrack-Online client.
The client has been developed in collaboration with Rainbowcrack-Online team. Cain can now interact with  the outstanding power of this on-line cracking service based on RainbowTable technology. The service is not free and you need a valid account to use this feature, please check current rates on their site. The communication between Cain and the web site is SSL enabled to ensure privacy of transmitted information.
- Oracle Password Cracker (Dictionary and Brute-Force Attacks).
- Oracle Password Extractor via ODBC.
- MySQL Password Extractor via ODBC.
- Program's Manual updated.

Tokyo International Security Conference 2005
SIDC KK and M Factory Corporation of Japan have entered into an agreement to host and sponsor the first annual Tokyo International Security Conference (Tokyo InterSec) to be held on November 17th and 18th.
I have been asked to be there as a speaker to present the latest release of my program Cain & Abel.

Cain & Abel v2.8 released
New features:
- Cisco VPN Client Password Decoder.
- Syskey Decoder. Cain can now extract the Boot Key, generated with the Syskey utility, from the local system or external SYSTEM registry files.
- NT Hashes Dumper can now extract password hashes from "off-line" SAM files encrypted with the Syskey utility.
- Wireless Zero Configuration Password Dumper.
- RDPv4 session sniffer for APR.
Cain can now perform man-in-the-middle attacks against the heavy encrypted Remote Desktop Protocol (RDP), the one used to connect to the Terminal Server service of a remote Windows computer. The entire session from/to the client/server is decrypted and saved to a text file. Client-side key strokes are also decoded to provide some kind of password interception. The attack can be completely invisible because of the use of APR (Arp Poison Routing) and other protocol weakness.
- Winrtgen v1.8 added to the installation package. (fastlm tables generated with a version prior to 1.7 could have problems, please update)
- Fixed a problem in the LSA Secrets Dumper causing crashes on systems with DEP enabled. Thanks to Nicolas RUFF for the bug report.
- Fixed a problem with extended ASCII characters in the Cryptanalysis Attack. Thanks to Ramius from rainbowtables.net for the bug report.
- Bug fixed in rainbow table's verification function. Thanks to all beta testers for the the bug reports.
- Bug fixed in fastlm rainbow table's algorithm.
- OpenSSL library upgrade to version 0.9.8a.

Security Advisory: Remote Desktop Protocol, the Good the Bad and the Ugly. Check the topics area for details.

Cain & Abel v2.69 released
New features:
- A new type of Rainbow Tables has been added to Winrtgen v1.3. "FastLM" tables can be used against LM Hashes and provide both faster generation and cryptanalysis. FastLM tables are not compatible with standard tables for LM Hashes generated by RainbowCrack, renaming the filenames is useless.
- LM Hashes Cryptanalysis via FastLM Sorted Rainbow Tables.
- Benchmark added to Cain's cryptanalysis dialog.
- Fixed two bugs in Kerberos5 and SNMP sniffer filters (thanks for the bug reports).
- MSCACHE Hashes Dumper
- MSCACHE Hashes Dictionary and Brute-Force Crackers
- Sniffer filter for SIP-MD5 authentications
- SIP-MD5 Hashes Dictionary and Brute-Force Crackers
- Off-line capture file processing compatible with winpcap, tcpdump, ethereal format.

Cain & Abel v2.67 released
Fixed two buffer overflow conditions in IKE-PSK and HTTP sniffer filters. Many thanks to Gary Oleary-Steele and Rafal ^^MAg^^ Kwasny for the bug reports. Also fixed several heap overflow bugs in POP3, SMTP, IMAP, NNTP and TDS sniffer filters.

Cain & Abel v2.65 released
New features:
- VoIP sniffer / recorder
Cain's sniffer can now extract audio conversations based on SIP/RTP protocols and save them into WAV files. The following codecs are supported: G711 uLaw, G711 aLaw, GSM, MS-GSM, ADPCM, DVI, LPC, L16, G729, Speex, iLBC. This feature is experimental, let me know your results.

Cain & Abel v2.5 released
Finally, release version 2.5 is out. This does not mean that the program is now error free or that there is nothing more to do within it, however after 65 beta version I think is now time for a release. I spent considerable time working on this program and its documentation but things could change in the future..... You can now help oxid.it continuing to develop freeware software making donations to my PayPal account. The money I receive this way goes towards my ongoing web hosting fees and other costs that I incur by making the programs on this site available to you free of charge.

Winrtgen v1.2 (Rainbow Table Generator) released
- Added table generation for SHA-2(256), SHA-2, (384) and SHA-2 (512) hashes
- Added custom charset support

Cain & Abel v2.5 beta65 for NT/2000/XP released (this is probably the last beta version, Cain & Abel v2.5 User Manual will be available as soon as possible)
New features:
- Credential Manager Password Decoder for Windows XP/2003
Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP. Cain can now dump passwords from user's credential files and show them in they're clear text form. I also prepared a command line version of this feature called creddump. The FULL SOURCE CODE for Visual C++ is included.
- Brute-Force and Dictionary Attacks for SHA-2(256), SHA-2(384), SHA-2(512) Hashes
- SHA-2(256), SHA-2(384), SHA-2(512) Hashes Cryptanalysis via Sorted Rainbow Tables
- TCP Traceroute now uses Winpcap to bypass the new Windows XP SP2 restrictions on raw sockets
- Support for Extended ASCII passwords in LM & NTLM crackers
- Sniffer filter for SNMP Community strings
- Ability to insert/modify sniffer's TCP/UDP protocol ports
- Ability to insert/modify Username and Password Fields used by HTTP Sniffer Filter
- Ability to select active DNS names to spoof in APR-DNS
- Password decoders for MSN Explorer Sign In, MSN Explorer Autocomplete, Outlook Express Identity Manager, Outlook Express (HTTP Mail) and Outlook (IMAP,POP3,...) in Protected Storage Password Manager
- Support for Outlook Express multiple identity in Protected Storage Password Manager
- Added Hashes of type SHA-2(256), SHA-2(384), SHA-2(512) in Hash Calculator
- Export function in Dialup Password Decoder
- Winpcap library updated to version 3.1 beta4

Cain & Abel v2.5 beta59 for NT/2000/XP released
- Added Password History Hashes in the Hash Dumper
- Added Abel-side Password History Hashes Dumper
- Some bugs fixed and code cleanup in Hash Dumper
- Bug fixed in LSA Secret Dumper with WindowsXP Service Pack 2

Help needed for WEP cracking on windows !
I wrote a quick and dirty sample program to control Prism2 based cards using the Winpcap protocol driver and the PacketRequest API. WEP cracking requires the capture of 802.11 frames; this program shows how to set those cards into HostAP and monitor mode and contains functions to get/set parameters of  the Prism2 chipset. The FULL SOURCE CODE for Visual C++ is included, I hope that you can help me on some topics and problems I found. The code should compile without problems but to test the program you need a Prism2 based card and the Winpcap driver installed.
You can download Prisma here.

Winrtgen v1.1 (Rainbow Table Generator) released
Some of you asked for a graphical version of rtgen and rtsort from RainbowCrack v1.2. Winrtgen generates rainbow tables for LM, NTLM, MD2, MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHA1 and CiscoPIX hashes. You can find Winrtgen in the projects area.
For details on tables generation please refer to RainbowCrack's site.

Cain & Abel v2.5 beta56 for NT/2000/XP released
New features:
- Wireless Scanner
The scanner uses the Winpcap protocol driver so it should work on Windows 2000 and WindowsXP. I really don't know how many cards are supported, the compatibility chart is here. Please let me know your results.
- Winpcap library updated to version 3.1 beta3

Cain & Abel v2.5 beta51 for NT/2000/XP released
New features:
- MySQL Hashes Cryptanalysis via Sorted Rainbow Tables
- Cisco PIX Hashes Cryptanalysis via Sorted Rainbow Tables
( I also prepared a patch for RainbowCrack v1.2 to support those tables )
- MySQL Password Cracker (works with both v3.23 and SHA1 Hashes)
- Sniffer filter for MySQL authentications (v3.23 and SHA1)
- Brute-Force and Dictionary attacks rewritten for all crackers
- OpenSSL library updated to version 0.9.7d
- Winpcap library updated to version 3.1 beta2
- Bug fixing and code cleanup
(A special thanks to SgarS for the fast assembler binary search algorithm)

Cain & Abel on TechTV
The program has been presented by "The Screen Savers". Details and video here.

Cain & Abel v2.5 beta47 for NT/2000/XP released
New features:
- NTLM, MD2, MD4, MD5, SHA1 and RIPEMD160 Hashes cryptanalysis via Sorted Rainbow Tables
- Compatibility with RainbowCrack v1.2
- Dialup Password Decoder
- Microsoft SQL Server 2000 Password Cracker
- Microsoft SQL Server 2000 Password Extractor via ODBC
- Enterprise Manager Password Decoder (SQL Server 7.0 and SQL Server 2000 supported)
- Remote Desktop Password Decoder (decode passwords in .RPD files)
- Support for MS-Outlook 2002 POP3, IMAP, HTTP and SMTP passwords in Protected Storage Password Manager

Cain & Abel v2.5 beta41 for NT/2000/XP released
New features:
- LM Hashes cryptanalysis via sorted RainbowTables
Cain can now perform cryptanalysis attacks on LM Hashes using RainbowCracks's sorted tables. This kind of attack is pretty fast but works only on LM Hashes not encrypted with a challenge. For informations on Rainbow Tables generation and sorting please read the RainbowCrack's Tutorial (http://www.antsight.com/zsl/rainbowcrack/rcracktutorial.htm)

Cain & Abel v2.5 beta40 for NT/2000/XP released
New features:
- Cisco Config Uploader
Cain can now upload configuration files to Cisco devices via SNMP/TFTP. This feature works on routers and switches that support the OLD-CISCO-SYSTEM-MIB. TFTP server is NOT required.
- Bug fixing and code cleanup

Cain & Abel v2.5 beta36 for NT/2000/XP released
New features:
- NTLM Session Security Password Cracker
The long awaited cracker for NTLM Session Security authentications is finally available in this version. Now, all kind of LM, NTLM and NTLMv2 Hashes with or without NTLMSSP encapsulation are supported and can be "Sent to the Cracker" for Dictionary and Brute-Force attacks.
- IKE Aggressive Mode Pre-Shared Keys Cracker
The cracker works with both MD5 and SHA1 Hashes.
- Sniffer filter for IKE Aggressive Mode Pre-Shared Keys authentications
The sniffer collects all the parameters needed to crack a Pre-Shared Key used in IKE Aggressive Mode authentications (see RFC-2409 for details). The IKE-PSK sniffer/cracker has been successfully tested using a Cisco VPN Client v4.0 and a Cisco PIX Firewall Version 6.3(1). Please let me know your results.

Cain & Abel v2.5 beta34 for NT/2000/XP released
New features:
- Cisco Config Downloader
Cain can now download the configuration file from Cisco devices via SNMP/TFTP. This feature works on routers and switches that support the OLD-CISCO-SYSTEM-MIB or the new CISCO-CONFIG-COPY-MIB. TFTP server is NOT required.
- Bug fixing

Cain & Abel classified as one of the Top-75 Security Tools
Thanks to all of you out there that voted for Cain & Abel as one of the Top-75 Security Tools available. For more informations check out the complete list here.

Cain & Abel v2.5 FAQ started
I started to write a document of frequently asked questions about the program. You can find it in the Topics area.

Cain & Abel v2.5 beta29 for NT/2000/XP released
New features:
- Automatic HTTPS Certificates Collector
The collector automatically grabs certificates from HTTPS servers and creates a fake copy of them locally. All fake certificate's parameters except for public keys are the same as the originals.
- HTTPS Man-in-the-Middle Sniffer for APR
The  sniffer works in in FULL-DUPLEX-MODE processing both Client and Server HTTPS traffic. It makes use of APR (Arp Poison Routing) so the attacker's IP and MAC addresses can be totally spoofed client-side. The sniffer cannot decrypt HTTPS traffic if directed to/from the attacker's workstation.
- LSA Secrets Dumper (Cain can now dump LSA Secrets  from the registry using LSASS code injection technique)
- Sniffer filter for ICQ authentications
- RADIUS Shared Keys Cracker
- RADIUS User's Passwords Sniffer/Decoder
- Sniffer filter for MSN Messenger authentications
- Sniffer filter for RADIUS authentications
- Bug fixing in HTTP sniffer filters

Cain & Abel v2.5 beta21 for NT/2000/XP released
New features:
- RSA SecurID Tokens Calculator
The calculator produces valid tokens given the serial number and the activation key of an RSA SecurID device. These parameters are found in Token's activation files typically named "something.ASC".
- SSH-1 sniffer for APR
The sniffer works in in FULL-DUPLEX-MODE decrypting both Client and Server SSH-1 traffic.
It  uses APR (Arp Poison Routing) so the attacker's IP and MAC addresses can be totally spoofed and never exposed on the network. APR and a Man-in-the-Middle situation is also required because of the RSA asymmetric encryption used in SSH-1 negotiation's phase. The sniffer supports 3 symmetric encryption algorithms: DES, 3DES and Blowfish. Zlib compression is not supported in this version. The sniffer cannot decrypt SSH-1 traffic if directed to/from the attacker's workstation. Automatic downgrade SSH-2 connections to SSH-1 if server version is v1.99. An example of the output file produced from an SSH-1 session to a Cisco PIX firewall in my test environment is available here.
- Promiscuous-Mode Scanner
The scanner tries various tests based on non-standard ARP packets using the same Spoofing configuration of APR.