Remove CAIN

Author: SaiSakthidar

documentation/modules/auxiliary/server/capture/mysql.md

@@ -16,10 +16,6 @@ This module creates a mock MySQL server which accepts credentials.  Upon receivi
 
   Write a file containing a John the Ripper format for cracking the credentials.  Default is ``.
 
-### CAINPWFILE
-
-  Write a file containing a Cain & Abel format for cracking the credentials.  Default is ``.
-
 ### SRVVERSION
 
   The MySQL version to print in the login banner.  Default is `5.5.16`.

documentation/modules/auxiliary/server/capture/smb.md

@@ -18,10 +18,6 @@ Microsoft provides an article on how to detect, disable, and enable SMB in vario
 
 ## Options
 
-### CAINPWFILE
-
-A file to store Cain & Abel formatted captured hashes in. Only supports NTLMv1 Hashes.
-
 ### CHALLENGE
 
 The 8 byte server challenge. If unset or not a valid 16 character hexadecimal pattern, a random challenge is used instead.

documentation/modules/auxiliary/server/relay/smb_to_ldap.md

@@ -82,10 +82,6 @@ msfconsole server (see an example below).
 
 Target address range or CIDR identifier to relay to.
 
-### CAINPWFILE
-
-A file to store Cain & Abel formatted captured hashes in. Only supports NTLMv1 Hashes.
-
 ### JOHNPWFILE
 
 A file to store John the Ripper formatted hashes in. NTLMv1 and NTLMv2 hashes

documentation/modules/auxiliary/server/relay/smb_to_mssql.md

@@ -23,10 +23,6 @@ Example steps in this format (is also in the PR):
 
 Target address range or CIDR identifier to relay to.
 
-### CAINPWFILE
-
-A file to store Cain & Abel formatted captured hashes in. Only supports NTLMv1 Hashes.
-
 ### JOHNPWFILE
 
 A file to store John the Ripper formatted hashes in. NTLMv1 and NTLMv2 hashes

documentation/modules/exploit/windows/smb/smb_relay.md

@@ -79,10 +79,6 @@ flowchart LR
 
 Target address range or CIDR identifier to relay to
 
-### CAINPWFILE
-
-A file to store Cain & Abel formatted captured hashes in. Only supports NTLMv1 Hashes.
-
 ### JOHNPWFILE
 
 A file to store John the Ripper formatted hashes in. NTLMv1 and NTLMv2 hashes will be stored in separate files.

lib/msf/core/exploit/remote/smb/server/hash_capture.rb

@@ -16,7 +16,6 @@ def initialize(info = {})
 
       register_options(
         [
-          OptString.new('CAINPWFILE', [false, 'Name of file to store Cain&Abel hashes in. Only supports NTLMv1 hashes. Can be a path.', nil]),
           OptString.new('JOHNPWFILE', [false, 'Name of file to store JohnTheRipper hashes in. Supports NTLMv1 and NTLMv2 hashes, each of which is stored in separate files. Can also be a path.', nil])
         ], self.class)
     end
@@ -35,11 +34,6 @@ def validate_smb_hash_capture_datastore(datastore, ntlm_provider)
         print_status("#{build_jtr_file_name(Metasploit::Framework::Hashes::JTR_NTLMV2)} for NTLMv2 hashes.")
         print_line
       end
-
-      if datastore['CAINPWFILE']
-        print_status("Cain & Abel hashes will be stored at #{File.expand_path(datastore['CAINPWFILE'], Msf::Config.install_root)}")
-        print_line
-      end
     end
 
     def report_ntlm_type3(address:, ntlm_type1:, ntlm_type2:, ntlm_type3:)
@@ -140,15 +134,6 @@ def report_ntlm_type3(address:, ntlm_type1:, ntlm_type2:, ntlm_type3:)
           f.puts(combined_hash)
         end
       end
-
-      # Cain & Abel doesn't support import of NTLMv2 hashes
-      if datastore['CAINPWFILE'] && jtr_format == Metasploit::Framework::Hashes::JTR_NTLMV1
-        # Cain&Abel hash format
-        # Username:Domain:Challenge:LMHash:NTLMHash
-        File.open(File.expand_path(datastore['CAINPWFILE'], Msf::Config.install_root), 'ab') do |f|
-          f.puts("#{user}:#{domain}:#{server_challenge}:#{client_hash}")
-        end
-      end
     end
 
     def on_ntlm_type3(address:, ntlm_type1:, ntlm_type2:, ntlm_type3:)

modules/auxiliary/server/capture/http_ntlm.rb

@@ -39,8 +39,6 @@ def initialize(info = {})
     )
 
     register_options([
-      # OptString.new('LOGFILE',     [ false, "The local filename to store the captured hashes", nil ]),
-      OptString.new('CAINPWFILE', [ false, 'The local filename to store the hashes in Cain&Abel format', nil ]),
       OptString.new('JOHNPWFILE', [ false, 'The prefix to the local filename to store the hashes in JOHN format', nil ]),
       OptString.new('CHALLENGE', [ true, 'The 8 byte challenge ', '1122334455667788' ])
 
@@ -308,8 +306,6 @@ def html_get_hash(arg = {})
           "NTHASH:#{nt_hash || '<NULL>'} " \
           "NT_CLIENT_CHALLENGE:#{nt_cli_challenge || '<NULL>'}\n"
       when NTLM_CONST::NTLM_2_SESSION_RESPONSE
-        # we can consider those as netv1 has they have the same size and i cracked the same way by cain/jtr
-        # also 'real' netv1 is almost never seen nowadays except with smbmount or msf server capture
         capturelogmessage =
           "#{capturedtime}\nNTLM2_SESSION Response Captured from #{host} \n" \
           "DOMAIN: #{domain} USER: #{user} \n" \
@@ -338,24 +334,6 @@ def html_get_hash(arg = {})
 
       report_creds(opts_report)
 
-      # if(datastore['LOGFILE'])
-      #  File.open(datastore['LOGFILE'], "ab") {|fd| fd.puts(capturelogmessage + "\n")}
-      # end
-
-      if datastore['CAINPWFILE'] && user && ((ntlm_ver == NTLM_CONST::NTLM_V1_RESPONSE) || (ntlm_ver == NTLM_CONST::NTLM_2_SESSION_RESPONSE))
-        fd = File.open(datastore['CAINPWFILE'], 'ab')
-        fd.puts(
-          [
-            user,
-            domain || 'NULL',
-            @challenge.unpack('H*')[0],
-            lm_hash || '0' * 48,
-            nt_hash || '0' * 48
-          ].join(':').gsub(/\n/, '\\n')
-        )
-        fd.close
-      end
-
       if datastore['JOHNPWFILE'] && user
         case ntlm_ver
         when NTLM_CONST::NTLM_V1_RESPONSE, NTLM_CONST::NTLM_2_SESSION_RESPONSE

modules/auxiliary/server/capture/mssql.rb

@@ -46,7 +46,6 @@ def initialize
     register_options(
       [
         OptPort.new('SRVPORT', [ true, 'The local port to listen on.', 1433 ]),
-        OptString.new('CAINPWFILE', [ false, 'The local filename to store the hashes in Cain&Abel format', nil ]),
         OptString.new('JOHNPWFILE', [ false, 'The prefix to the local filename to store the hashes in JOHN format', nil ]),
         OptString.new('CHALLENGE', [ true, 'The 8 byte challenge ', '1122334455667788' ])
       ]
@@ -258,8 +257,6 @@ def mssql_get_hash(arg = {})
           "NTHASH:#{nt_hash || '<NULL>'} " \
           "NT_CLIENT_CHALLENGE:#{nt_cli_challenge || '<NULL>'}\n"
       when NTLM_CONST::NTLM_2_SESSION_RESPONSE
-        # we can consider those as netv1 has they have the same size and i cracked the same way by cain/jtr
-        # also 'real' netv1 is almost never seen nowadays except with smbmount or msf server capture
         smb_db_type_hash = Metasploit::Framework::Hashes::JTR_NTLMV1
         capturelogmessage =
           "#{capturedtime}\nNTLM2_SESSION Response Captured from #{host} \n" \
@@ -273,10 +270,6 @@ def mssql_get_hash(arg = {})
 
       print_status(capturelogmessage)
 
-      # DB reporting
-      # Rem :  one report it as a smb_challenge on port 445 has breaking those hashes
-      # will be mainly use for psexec / smb related exploit
-
       jtr_hash = case smb_db_type_hash
                  when Metasploit::Framework::Hashes::JTR_NTLMV2
                    user + '::' + domain + ':' + datastore['CHALLENGE'].to_s + ':' + nt_hash + ':' + nt_cli_challenge.to_s
@@ -294,23 +287,6 @@ def mssql_get_hash(arg = {})
         type: :nonreplayable_hash,
         jtr_format: smb_db_type_hash
       )
-      # if(datastore['LOGFILE'])
-      #	File.open(datastore['LOGFILE'], "ab") {|fd| fd.puts(capturelogmessage + "\n")}
-      # end
-
-      if datastore['CAINPWFILE'] && user && ((ntlm_ver == NTLM_CONST::NTLM_V1_RESPONSE) || (ntlm_ver == NTLM_CONST::NTLM_2_SESSION_RESPONSE))
-        fd = File.open(datastore['CAINPWFILE'], 'ab')
-        fd.puts(
-          [
-            user,
-            domain || 'NULL',
-            @challenge.unpack('H*')[0],
-            lm_hash || '0' * 48,
-            nt_hash || '0' * 48
-          ].join(':').gsub(/\n/, '\\n')
-        )
-        fd.close
-      end
 
       if datastore['JOHNPWFILE'] && user
         case ntlm_ver

modules/auxiliary/server/capture/mysql.rb

@@ -13,7 +13,7 @@ def initialize
       'Description' => %q{
         This module provides a fake MySQL service that is designed to
         capture authentication credentials. It captures	challenge and
-        response pairs that can be supplied to Cain or JtR for cracking.
+        response pairs that can be supplied to JtR for cracking.
       },
       'Author' => 'Patrik Karlsson <patrik[at]cqure.net>',
       'License' => MSF_LICENSE,
@@ -27,7 +27,6 @@ def initialize
         OptPort.new('SRVPORT', [ true, 'The local port to listen on.', 3306 ]),
         OptString.new('CHALLENGE', [ true, 'The 16 byte challenge', '112233445566778899AABBCCDDEEFF1122334455' ]),
         OptString.new('SRVVERSION', [ true, 'The server version to report in the greeting response', '5.5.16' ]),
-        OptString.new('CAINPWFILE', [ false, 'The local filename to store the hashes in Cain&Abel format', nil ]),
         OptString.new('JOHNPWFILE', [ false, 'The prefix to the local filename to store the hashes in JOHN format', nil ]),
       ]
     )
@@ -178,20 +177,6 @@ def on_client_data(client)
         proof: info[:database] || hash_line
       )
 
-      if datastore['CAINPWFILE']
-        fd = ::File.open(datastore['CAINPWFILE'], 'ab')
-        fd.puts(
-          [
-            info[:username],
-            'NULL',
-            info[:response].unpack('H*')[0],
-            @challenge.unpack('H*')[0],
-            'SHA1'
-          ].join("\t").gsub(/\n/, '\\n')
-        )
-        fd.close
-      end
-
       if datastore['JOHNPWFILE']
         john_hash_line = "#{info[:username]}:$mysqlna$#{@challenge.unpack('H*')[0]}*#{info[:response].unpack('H*')[0]}"
         fd = ::File.open(datastore['JOHNPWFILE'] + '_mysqlna', 'ab')

modules/auxiliary/server/capture/sip.rb

@@ -15,7 +15,7 @@ def initialize
       'Description' => %q{
         This module provides a fake SIP service that is designed to
         capture authentication credentials. It captures	challenge and
-        response pairs that can be supplied to Cain or JtR for cracking.
+        response pairs that can be supplied to JtR for cracking.
       },
       'Author' => 'Patrik Karlsson <patrik[at]cqure.net>',
       'License' => MSF_LICENSE,
@@ -35,7 +35,6 @@ def initialize
         OptAddress.new('SRVHOST', [ true, 'The local host to listen on.', '0.0.0.0' ]),
         OptString.new('NONCE', [ true, 'The server byte nonce', '1234' ]),
         OptString.new('JOHNPWFILE', [ false, 'The prefix to the local filename to store the hashes in JOHN format', nil ]),
-        OptString.new('CAINPWFILE', [ false, 'The local filename to store the hashes in Cain&Abel format', nil ]),
       ]
     )
     register_advanced_options(
@@ -206,22 +205,6 @@ def run
             fd.close
           end
 
-          if datastore['CAINPWFILE']
-            resp = []
-            resp << auth_tokens['realm']
-            resp << auth_tokens['username']
-            resp << ''
-            resp << request[:uri]
-            resp << auth_tokens['nonce']
-            resp << response
-            resp << method
-            resp << algorithm
-
-            fd = File.open(datastore['CAINPWFILE'], 'ab')
-            fd.puts resp.join("\t") + "\r\n"
-            fd.close
-          end
-
         end
         sip_send_error_message(request, 401, 'Unauthorized')
       when 'ACK'