Configuring Cain to Sniff Passwords on Wireless LAN Adapter

The Cain & Abel software by Massimiliano Montoro, is probably the best password recovery on Windows platform. It is listed as number the number one password recovery software on sectools.org, and the best thing is that although closed sourced, it is free. It can recover your password and others of course in many different ways, by directly recovering the password over the network or indirectly by using the various nifty tools available. In the last case using APR-DNS, to *cough*pharm*cough* and test other browsers security setting, is one of my favorite, but that is another story.

Although it is well known that you can use it to recover passwords on wired network, you can actually also use it on wireless network.

Here's a step-by-step how to prepare your Wireless LAN adapter for Cain goodness. (No airpcap adapter needed)

The assumption here is that you have properly installed Cain and used it previously.

  1. Enable both your wireless LAN adapter and your Ethernet adapter.
  2. Connect to a wireless network and take note your Wireless LAN adapter IP address, subnet mask, and default gateway.
  3. Turn on Cain using sufficient privilege
  4. Click on Configure, and the Sniffer tab select the adapter with the IP address that has been assigned to your Wireless LAN adapter, then click on Apply.
  5. If you get The spoofing IP address must be in your subnet error message, you need to change your Ethernet adapter IP address and default gateway to a new IP that is in the same subnet as your Wireless LAN adapter. Twice. Yes you heard it right, Twice (although if you did hear the word twice instead of reading it, I strongly suggest you see a shrink, NOW!) Redo the previous step. Note: You don't have to disable and enable the Ethernet adapter or closing Cain while doing this step.
  6. Click on APR (Arp Poison Routing) tab, Click Use Spoofed IP and MAC addresses, select the IP address you want to spoof, to change the spoofing MAC address, use regedit and modify the value "SpoofMAC" at this location: "HKEY_CURRENT_USER\Software\Cain\Settings" then click Apply.
  7. That's it. You are good to go.

I'd like to thank my good friend at First Media for reminding me that the MAC sublayer in 802.11 is different from that on Ethernet, and subsequently making me read a 15MB pdf file before I wrote this short article.

Modern Warfare - Information Warfare?

With Call of Duty Modern Warfare 2 out in the market, selling millions of unit worldwide, having the biggest video game launch ever beating even the largest music sales and video game sales record previously owned by Grand Theft Auto IV. I'm just wondering, how modern is Modern Warfare 2?

With the current state of information technology of most technologically advanced countries, they could do lots of things that would render physical combat to a stopping halt. Using satellites, spies and drones to steal battle plans and positions of soldiers and war machines, to track of influential soldiers or person to make assassination easier, to disrupt air traffic systems, to gather information on all possible combat locations, to tap, decrypt and falsify information like eaves dropping and sending false messages to the enemy, intercept their wireless communication system or even penetrating their cellular networks. And to a country that relies heavily on information, hacking into and taking over their network systems be it wired or wireless, disabling their life supporting utilities like electrical, water and gas plants, disrupt financial data to prevent banks from reconciling their financial transaction and stock exchange to go haywire and finally the country economic systems. Imagine all that happening to your country just before the troops and lethal forces comes in and invade.

Wouldn’t that be more terrorizing?

One might argue that it is not there yet. But information warfare is here. With people using public cloud computing to crack PGP encrypted files, what kind of computing power do you think the central governments agencies, such as NSA have for example? Secure networks? I’ve seen people sending private messages using their company systems, revealing all internal networks IP addresses, operating systems, mail client and server versions and usernames. People using wireless devices while at the same time connected to their internal networks. Third world countries that do not rely heavily on IT? Information warfare does not rely on the internet only. And now most countries have internet and unfortunately Microsoft operating systems on their desktops, go figure. And small groups of people are already hacking into cell phones and do man-in-the-middle attacks on satellite network transmissions.

So, back to the question. How modern is Modern Warfare 2?

Syndicate content