1. Open up Cain & Abel and click on the Cracker Tab up the Top.
2. Right click in the Grid Area, Select Add to List then select Import Hashes from Local System and click next.
3. Highlight the accounts you want to audit, Right click on the Highlighted Accounts and select Brute Force > NTLM Hashes.
Option 2: Alternatively Rainbow Tables can be used to greatly increase the speed and chances of the audit discovering the password.
To use Rainbow Tables Select Cryptanalysis > NTLM Hashes > via Rainbowtables(Rainbowcrack) Then click Add Table to add the Rainbow Tables.
Note: Rainbow Tables can be downloaded from Rainbow Tables
The negative of Rainbow Tables is that the tables are very large in size.
4. The Brute Force\Cryptanalysis attack will then start going through the combinations until it either cracks all the passwords or you tell it to stop.
5. While this will have gotten us an audit of the local account passwords, installing Cain & Abel on every PC you want to audit
would be painful and unnecessary. So go to the next Step to Learn how to Audit Passwords Remotely.
