Cain VoIP Recording & Cracking Utility

There's an interesting "security" software product called Cain & Abel that can record your SIP-based VoIP applications. Cain's sniffer can now extract audio conversations based on SIP/RTP protocols and save them into WAV files. The following codecs are supported: G711 uLaw, G711 aLaw, GSM, MS-GSM, ADPMC, DVI, LPC, L16, G729, Speex, iLBC.

Cain & Abel was designed as a "network administrator security tool" to pinpoint security holes. I put that it quotes, since it can also be used as a hacker's tool. For instance, Cain & Abel can capture your encrypted keystrokes during a Remote Desktop session. According to their website, "Cain can now perform man-in-the-middle attacks against the heavy encrypted Remote Desktop Protocol (RDP), the one used to connect to the Terminal Server service of a remote Windows computer. The entire session from/to the client/server is decrypted and saved to a text file. Client-side key strokes are also decoded to provide some kind of password interception. The attack can be completely invisible because of the use of APR (Arp Poison Routing) and other protocol weakness."

Yikes! I use RDP to connect to my home PC and my work PC.

But that's not all. Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP. Cain can now dump passwords from user's credential files and show them in they're clear text form.

Basically Cain recovers the passwords and Abel does the brute force attacks.

It also supports:
- Wireless scanner using Winpcap protocol driver & WEP cracking
- The sniffer can analyze encrypted protocols such as SSH-1 and HTTPS if used with APR and a man-in-the-middle situation.
- Microsoft SQL Server 2000 Password Cracker
- MySQL Hashes Cryptanalysis via Sorted Rainbow Tables
- MySQL Password Cracker (works with both v3.23 and SHA1 Hashes)
- Brute-Force and Dictionary attacks rewritten for all crackers
- Cisco PIX Hashes Cryptanalysis via Sorted Rainbow Tables
- and much more...

So basically, Cain aims to be an "all-in-one" security tooll. Yup, I will have to play with this "security tool" in the lab. Hope I don't break some DMCA rule or something. Please use this tool at your own risk. You didn't hear about this tool from me, got it?

August 12, 2005 9:56 AM | 3 Comments | 0 TrackBacks

Categories:

Tags:

Post a comment
View Cain VoIP Recording & Cracking Utility news in TechnoratiTechnorati bookmark Cain VoIP Recording & Cracking Utility in del.icio.usDel.icio.us Slashdot.comSlashdot Submit Cain VoIP Recording & Cracking Utility to Digg.comDigg

Listed below are links to sites that reference Cain VoIP Recording & Cracking Utility:

0 TrackBacks

Cain VoIP Recording & Cracking Utility TrackBack URL : http://blog.tmcnet.com/mt/mt-tb.cgi/12314

3 Comments

this is a great product and tools

mahmoud ossman | August 30, 2006 11:57 AM | Reply

Well, Avast AV is picking it as a Virus...

Nish Vamadevan | September 9, 2006 10:54 AM | Reply

how i can record voice of specific IP address.such as one is source and the second is destination.

ABID ZIA | July 25, 2007 6:50 AM | Reply

Leave comment to Cain VoIP Recording & Cracking Utility article

Search


Recent Entries

Recent Comments

Subscribe to Blog

Categories

Tag Cloud

    View my Microsoft MVP Profile:

Blogroll

Recent Assets

  • asterisk-gui-20-incoming-rules.png
  • asterisk-gui-20-conference-bridge.png
  • asterisk-gui-20-voicemail-settings.png
  • star-trek-enterprise-warp-core.jpg
  • fring-sip-call-in-progress-over-cellular-connection.JPG
  • fring-make-call-types.JPG
  • classmate_pc_3.jpg
  • Front_Treo800w.gif
  • digium-headquarters.jpg
  • s0213924_std.jpg

Yearly Archives

'04 '05 '06 '07 '08
  Jan Jan Jan Jan
  Feb Feb Feb Feb
Mar Mar Mar Mar Mar
Apr Apr Apr Apr Apr
May May May May May
Jun Jun Jun Jun Jun
Jul Jul Jul Jul Jul
Aug Aug Aug Aug Aug
Sep Sep Sep Sep  
Oct Oct Oct Oct  
Nov Nov Nov Nov  
Dec Dec Dec Dec  

Around TMCnet Blogs

  • Communications and Technology Blog - Tehrani.com:
    More Bars in Less Places
  • First Coffee:
    CRM, Other Microsoft Licensing Updates, Bosque for Open, CDC's New ERP, Eskadenia CRM in Sudan
  • Greg Galitzine's VoIP Authority Blog:
    Action-Packed Week (Part 2)
  • VoIP & Gadgets Blog:
    You Can Buy Gadgets Everywhere!
  • Communications and Technology Blog - Tehrani.com:
    Newest Form of Computer Input: Your Tongue
  • First Coffee:
    CRM for Rand from Datacentrix, Infusionsoft Inc.'s #226, Chordiant and IBM Renew Vows, Oki Spinoff, Infra-Strategy
  • Greg Galitzine's VoIP Authority Blog:
    Action-Packed Week (Part 1)
  • VoIP & Gadgets Blog:
    Is Sony Ericsson Headed for Splitsville?

    • Latest Whitepapers

  • Signaling System 7 (SS7) Pocket Guide: Exclusive reference guide for SS7 signaling professionals
  • SIP Pocket Guide: Exclusive reference guide for Session Initiation Protocol (SIP) professionals
  • SIP Signaling and Session Control Part 1: Upgrading the Next-gen Network
  • Key Performance Indicators (KPIs): Leveraging signaling-based KPIs to optimize the network and improve the business
  • Mobile Security: Malicious attached are just around the corner. Are you protected?
  • Mobile Advertising: The Next Great Revenue Opportunity
  • Mobile Unified Communications: Delivering on the Promise of FMC Seamless Mobility
  • Sangoma Signaling and Media Gateway (SMG)
  • Demystifying Enterprise Call Recording for the Avaya Platform
  • Special Report:The 4 Steps to More Profitable Remote Managed Service Delivery