Massimiliano Montoro is the mastermind behind Cain & Abel, the password recovery tool for Windows. In this interview he provides insight on the history of the tool, the development process, and much more.

Cain & Abel is one of the most important security tools that is probably in the software toolkit of every security professional. Can you walk our readers back in time and provide some insight on how it all started and how the project evolved?

Thank you! The software has been developed in the hope that it could be useful for network administrators, teachers, security professionals, forensic staff, security software vendors, professional penetration testers and everyone else that plans to use it for ethical reasons.

It all started more then ten years ago, the first version of the program was a simple password cracker for Windows 9x PWL files, then the software has evolved in time accordingly to the features I have needed during my consulting activities (vulnerability assessment, ethical hacking) and on requests I've received from users.


From the beginning I wished that the software was focused to work on long-lifetime vulnerabilities only. For long-lifetime vulnerabilities I mean those that require a complete software re-design to be fixed (eg: the usage of a weak encryption algorithm, the unsafe storage of credentials, old authentication schemes still used for backward compatibility and so on). What I wanted was a piece of software that remain useful over time; for this reason I have deliberately avoided any kind of features that were made to exploit 0-day vulnerabilities and other programming errors easily removable by mean of a patch issued by the vendor of the software.

If you think about it, in the last few years Microsoft, as a lot of other vendors, has released hundreds of patches to fix issues in its software, but even if you have already applied all of them. Cain can still crack Windows passwords and it can still perform MitM attacks on the RDP protocol by mean of the vulnerability I described in my advisory on 28/05/2005. The same thing happens to the network protocols; as of today the ARP protocol is still stateless and authentication less, allowing you to conduct traffic hijacking attacks based on ARP poisoning technique. Honestly I have never come across a company that took into account the mitigation of the risks arising from these vulnerabilities.

Cain & Abel covers the features of several hacking tools into a single freeware application. The main purpose is to take advantage of different hacking techniques and use them together into a program focused on password recovery.