- Syskey Decoder. Cain can now extract the Boot Key, generated with the Syskey utility, from the local system or external SYSTEM registry files.
- NT Hashes Dumper can now extract password hashes from "off-line" SAM files encrypted with the Syskey utility.
- RDPv4 session sniffer for APR
Cain can now perform man-in-the-middle attacks against the heavy encrypted Remote Desktop Protocol (RDP), the one used to connect to the Terminal Server service of a remote Windows computer. The entire session from/to the client/server is decrypted and saved to a text file. Client-side key strokes are also decoded to provide some kind of password interception. The attack can be completely invisible because of the use of APR (Arp Poison Routing) and other protocol weakness.
- Winrtgen v1.8 added to the installation package. (fastlm tables generated with a version prior to 1.7 could have problems, please update)
- Fixed a problem in the LSA Secrets Dumper causing crashes on systems with DEP enabled. Thanks to Nicolas RUFF for the bug report.
- Fixed a problem with extended ASCII characters in the Cryptanalysis Attack. Thanks to Ramius from rainbowtables.net for the bug report.
- Bug fixed in rainbow table's verification function. Thanks to all beta testers for the the bug reports.
- Bug fixed in fastlm rainbow table's algorithm.