Cain and Able, wireshark, wireless, etc.
Posted on 2013-10-24
Anybody Cain and Able or ethical hacking experts.
I have a computer that hasn't been used in awhile, but is available.
We generally use the new PC as its better..
We know the admin password of the local account and get logged on.
We have online accounts that we use all the time (new PC). no problem. easy right.
Well we forgot passwords to some of the rare sites we used to use... so just change password right -- well the email address associated with the userid is no longer being used, so if a password request link was sent, we don't even know where it would send too. esecpially in the case where it was a yahoo.com account that sat unused for years, so it deleted/deactivated it. tryied to log into yahoo, with believed account and it looks like it has been repurposed or in another example this account is available, do you wish to register and create an new account with this name...
Alright, getting of base here -- the issue is that the old pc has visted these sites, has logged on, even has the userid email address cached, which sent me down the road of yahoo validation,,, but since they retried and password reset link isn't available -- I want to see if I can hack the old computer and find out all the passwords used for the sites and logon id for the given account... Both brousers were used.. Firefox/Mozilla and IE.. I am not 100% certain on version, but since its the old barely used computer, I am guesing its an older version since patches are routinely installed. I thought the firefox would be easy retrieval since it has the option -- security tabe, search site, lookup password. but no password.
even tried the password type = text thingy I read. In these examples it reports that there is hidden atrecks in the password filed prepolulated or cached, and you just want to know what they are... Well there isn't any dots or astricks.. it has the username, but not a chached password.
I thought all this stuff is stored somewhere. Even poked around IE... but nothing promising there either...
So googled some more, and they talked about cain and able, and other stuff.
I installed but it was (1) quiet confusing, (2) not sure what the heck Im doing, (3) other interesting options and stuff were available from app, but wondering how I can expand what it reports.
My main focus and question is just trying to retriev password hidden someone on the old pc...
But as secondary curious questions, what other apps and tools are used. most recommended and trusted, and if using cain and able.. I saw where it can scan for local accounts and it showed the password, which is cool.. not that we needed it, cuz we already know it... but how can this be scanned against perhaps another computer..
Additionally, the old pc, was a wireless adapter that connects to the wireless router/modem... The router has a sid that we know... sweet. I saw a tab that says it can scan the wep and wpa and wireless ap and retireve the passwords... and do you know what,. it did... awesome... but it only showed the wireless SSID password I was connected to.. I was curious if this tool could be used to sniff out the password of another wireless network that is broadcasting its SSID, has signal, but has security wep or wpa enabled. wireless sees it, but doesn't report its password.. why? how do you make it do this?
Just curious? I am assuming that it is not connected, but if it was connected, it would already know the pass phrase. so reporting the SSId password of a network you are already connected to is irrelevant since you already know the password...
Again, just trying to understand and learn about the tool. got confused, googled. looked at docs. but made my confusion worse. so reaching out to the experts.
And maybe Cain and Able isn't the tool to use.. then what is...
This is only ethical hacking --- nothing mischievious nor miliessious, always been interested in the stuff.