Csec 610 Lab Assignment #1

Lab Assignment #1: Password Cracking Using Cain and Abel

1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective?

Cain and Abel is a free Windows based password software recovery program. It provides several attacking options to crack a user password, which include Dictionary attacks, Brute-Force and Cryptanalysis. These attack options allow for recovery of a user’s password and testing the strength of the organization’s overall password policy.

Lab assignment 1 identified the requirement of Dictionary attacks, which is a process that uses every word in the dictionary for password identification, and the Brute-Force, which uses a combination of letters, numbers, and symbols. Each attack was to be executed after selecting the LAN Manager (LM) hash and the NT LAN Manager (NTLM) hash. The LM has allows for passwords up to 14 characters and the NTLM hash, which was created to replace LM, allows for longer password length. (Saunders, 2010)

Based on the simplicity of the passwords created for this assignment (See Question #2, Table 1), I found the Dictionary attack, using the NTLM hash, to be a timely and successful method. The Brute-Force attacks showed an estimated time of completion in hours and years, whereas the Dictionary attack was completed within minutes.

2. Compare and contrast the results from the two methods used to crack the accounts for the three passwords each encrypted by the two hash algorithms. What conclusions can you make after using these two methods?

In order to complete the Lab Assignment 1 successfully, several actions were required to be completed. The first step listed was the creation of three user accounts and their associated passwords, which can be found in Table 1 below. The next action required, was to run a Brute-Force and a Dictionary attack against each user account, ensuring both LM and NTLM hash...