i recently decoded a pwl file. its pretty cool because you can get the admins paswword. if you want a prog that can do this go to **link removed** and d/l the software. it is called cain. NOTE: this should only be used if you have forgotten your password

See below. -Socalgal

[This message has been edited by socalgal (edited 01-04-2001).]

Hmmm... I wonder how it would fare against this How to Make Windows 2000 and NT 4 Passwords Uncrackable (http://sysopt.earthweb.com/articles/win2kpass/index.html)

NOTE: SysOpt.com does not promote, solicit nor support any illegal activity.

acctually it makes the article out of date!
this prog uses the 187 symbols when decrypting a file. it does take some more time. (if it is 9 characters it takes about an hour)if it is 5 chars it take 30 sec. but this should only be used if you forgot your password.

The Cleaner on my test system reports a Trojan detected: Cain and Abel.

For the purpose of our members safety, your link has been removed.

If you wish to further correspond regarding your topic, I suggest you email joel@sysopt.com , the author of the article.

[This message has been edited by socalgal (edited 01-04-2001).]

Note: I haven't run this program on a NT/2000 box. The below information is based on knowledge of NT/2000 itself and so is a little more theoretical than real-world. As we well know, MS doesn't always make should be theoretically correct practically correct. http://sysopt.earthweb.com/forum/smile.gif

Actually this whole thing is irrelevant to the article. .pwl was terrible encryption used by Win9x for password checking and is not used by Windows 2000 or Windows NT. Instead, password hashes are stored in the SAM database, including both LM and NTLM hashes. LM is the weaker of the two, and this is why crackers target that password first.

The only way you could get your sysadmin's password from this program would be
a) He logged in as an admin from a Win9x box
AND
b) You have access to that Win9x box.
--or--
c) His regular login (on Win9x) has the same password as an admin on the NT/2k domain.

Any one of these is considered a major breach in security. There's nothing that can be done to save WinNT/2k passwords if they make it this easy on people trying to break in.

Name: Cain & Abel
Aliases:
Ports: 666
Files: Cain10b.zip - 181,397 bytes Cain15.zip - 592,627 bytes Cain151.zip - 622,446 bytes Cain.exe - 430,080 bytes Cain10.exe - 501,871 bytes Cain15.exe - 605,464 bytes Cain151.exe - 635,247 bytes Cain20.exe - Msabel32.exe -
Created: Nov 1998
Requires:
Actions: Steals passwords

Versions: Cain: 1.0b, 1.0, 1.5, 1.51, 2.0, Abel: 1.0, 1.1,
Registers:
Notes: Works on Windows 95 and 98. Can brute force crack stolen passwords.
Country:
Program: Written in VC++.

Hey J! That room of yours ever get cleaned up? http://sysopt.earthweb.com/forum/wink.gif

Also:


Cain and Abel v1.50 - 1.51

Translator

(Updated Nov 26th, 1999)

Cain and Abel, is a password grabbing trojan.
Cain is the client, while Abel is the trojan server.
Cain can connect to an infected system, get any and all passes, and for those that are encrypted, it will try to 'brute force' krack them, and can do this with the aid of a dictonary file.
What this means is, even if your passwords are random letters and numbers, it will eventually decrypt them. If your passwords are found in a dictonary, it will decrypt them Much faster.

Another feature of the Abel trojan, besides giving cain access to your password files, is that Abel can be set to brute force krack passwords on your own system, using spare CPU time, without anyone connected!
You dont even need to be online for it to do this. And once it decrypts a password, it is stored for when the cain client connects and retrieves them.

If you have been infected with Abel, you should assume ALL of your passwords that have Ever been typed into your PC are now public information, and you should have them all changed as soon as possible.

This includes Windows filesharing and networking, Windows screen saver, PWL files, Pass files for common programs such as ICQ, FTP programs, Email, and DIalup Networking.

--------------------------------------------
Removal
Go to Start -> shutdown. Select 'Restart the computer in MS-DOS mode.' and click OK.
When your computer is at the C:\windows\ prompt, type the following:
cd system
del msabel32.exe

Then type exit to return to windows.

Your now disinfected, however per the notice above, you must assume all passwords on anything you have/had access to are known.
You should have all of your passwords on services you use, changed.

Yes, it did. I moved. http://sysopt.earthweb.com/forum/smile.gif

Of course, this is the key:
"Notes: Works on Windows 95 and 98. Can brute force crack stolen passwords. "

Looks like the theory held out in practice. http://sysopt.earthweb.com/forum/smile.gif

What was that file? Was it named cain.exe on the website. I downloaded something....something crack, but before I installed it or even unzipped the file, I deleted it. I used tauscan to check my comp right now and it came up clean. Does this mean I am okay? Oh yeah....what if I am using WinME? I can't get to msdos, if I am infected with anything, how do I remove?? Thank you so much..

Tw1112

If you didn't install or even unzip the file, I *assume* you're ok. I also ran the prog on ME but The Cleaner caught the trojan files and it instructed a reboot to clear the offenders.

This was my first experience with this trojan, but I uninstalled the program via Add/Remove, did a regedit for "cain" "abel", ran a search for "cain" and "msabel32.exe" and ran a complete Cleaner scan. (updated, of course) and changed all my passwords.

I did not download anything with the word "crack" in it though. The file came as a zip file with only one file in it - Cain151.exe.

THanks SoCalgal!! Good thing I was sleepy and didn't read every single word of his first post because I downloaded the wrong thing. I Thought it was kinda fishy though, so I didn't unload the install files. Well...thanks again SoCal! http://sysopt.earthweb.com/forum/smile.gif

Tw1112