Sokar

Greetings,

I am having issues with WHAX 3.0. Specifically, I am having trouble getting aireplay to consistently produce a high enough number of ARP requests. Sometimes it will work (only 1 out of 10 times I bootup using WHAX), but only if there is another authenticated client. I am attempting to use WHAX to crack a WEP encrypted router.

To give you some background, I am running WHAX 3.0. I am using a DLink wireless card with an Atheros chipset. My router is a DLink wireless router (DI-524).

I used the following commands to start the process:

===============================================
(Konsole 1 - capture packets)
airmon.sh ath0 start
airodump ath0 out 6 1 (my network is on ch 6)
--------------------------------------------------------------------------------
(Konsole 2 - fake auth and ARP replay)
iwpriv ath0 mode 2
aireplay -1 0 –e <my ssid> -a <MAC of my router> -h <fake client mac> ath0
<authentication successful>
aireplay -3 -b <MAC of my router> -h <fake client mac> -x 600 ath0
--------------------------------------------------------------------------------
(Konsole 3 - deauthentication)
Aireplay -0 2 –a <MAC of my router> -h <fake client mac> ath0

================================================

From what I understand, deauthentication should not be necessary, however, I will not see any ARPs in Konsole 2 if I don’t.

In all cases, I am able to associate, and do ARP replay, however most of the time, I see few if any ARPs.

Very rarely does it work, and when it does, it is only when there is a second authorized client (i.e. one that has a network key) on the network. In these cases, either the client must either disconnect or reconnect, or I have to use a deauth attack. It seems to be more successful when I do a fake ARP and deauth using a client MAC as opposed to a fake one.

I also tried to reinject packets as well, but that did not work.

I tried to run WHAX using the same card on a different laptop, but I had the same problem.

I have learned that some versions of WHAX have injection issues, and that I should use aireplay-ng instead of aireplay, which is the built in version on WHAX. However, I saw this tutorial

http://www.mirrors.wiretapped.net/security/vulnerability-assessment/aircrack/whax-aircrack-wep/whax-aircrack-wep.html

which apparently does not use aireplay-ng.

I tried using BackTrack, but i cannot associate much less collect any arps with BackTrack.

Is there a newer version of WHAX i can download? If so where can I get it from?

If not, how do i fix the problem with BackTrack so I can associate and inject?

Thnx.

itsnotme

(Ederly voice) Sonnyboy, you do know this is the netstumbler support forums? We like to stick to that stuff here, boy. You do know that there's an aircrack support forums, a backtrack support forums, and so on. Git over there, laddie!