How to configure Cain and Abel Properly
Disclaimer: Sniffing a network is illegal, without the proper permission. If in any instance you get caught, I nor the creators of Cain and Able be liable of responsible for what laws you violate. In no way is the author of this pictorial responsible for any loss of data, business revenue or hardware damages. Use this information at your own risk!
xyr0x is in No way affiliated with the developers of Cain and Able http://www.oxid.it/cain.html
Copyright xyr0x security 2007/2008
Step One: Configuring the Sniffer, make sure you’ve selected the proper device, which lists your Internal IP. You can find your Internal IP by looking at Step.
Step Two: Configuring ARP Poisoning Routine. You can Spoof your IP And MAC Address, be noted that it must be within your default gateway IP range. Check the “Pre-Poison ARP Caches” And do NOT use ARP REQUEST PACKETS on larger networks, as it’s more prone to cause DoS(Denial of Service attacks). Once configured, click Apply, and Ok
Step Three: Click on the Yellow Hazard icon… to Turn the sniffer on
Step Four: Goto Start|Run|CMD And type in the following syntax: ipconfig /all Now look for your “DEFAULT GATEWAY” this is what you’re going to want to remember. Aswell, as your Internal IP will be displayed as well. For carrying over onto Step One. (I’ve ommitted my sensitive information)
Step Five: Ok .this is the place where a lot of people get confused (infektid, thanks), Ok, see the APR display in the LEFT pane? Click on the top APR icon, now in the RIGHT pain, click on it. Now, you see the Blue + button enabled up? Click on the Blue Plus button, it’ll bring you to the New ARP Poison Routing dialog. Ok, now remember what your Default gateway was? Good, locate it in the Left pane, in the dialog, and click on it. Now in the RIGHT pane, you’ll see the rest of the other people on your network. Highlight all of the gateway address’ in the RIGHT pane, once that is done, click OK.
Step Six: Click on the Sniffer tab, and then goto the HOSTS in the lower tabs at the bottom. Click on the BLUE PLUS button again, and be noted if you spoofed your DEFAULT GATEWAY you’ll need to set the Range, rather then All hosts in my subnet, or else it won’t detect the gateways on your network… or any below your spoofed gateway. Select All tests in Promiscuous-Mode scanner, click OK. Now wait for the hosts to parse through the sniffer, and appear on the interface. Once this has been completed… you can goto the Sniffer tab, and witness it poison the network, and once it’s started the pre-poisoning routines you’ll probably have successfully logged passwords, and shit. I hope this helped you, You script kiddie! =o] – xyr0x