Whax ver. 3 on Vmware Version 4.0.2 build 5592

This article assumes you are familiar with Vmware.

Until I find something better, Whax is my favorite White Hat
tool.  It is a Swiss army knife with built in Swiss army knives
for computer security testing.  What is even cooler about
Whax is that you can make it a virtual OS with Vmware. 

This means you can use Whax to test a whole network of
virtual Operating Systems on a single PC.  With enough RAM and
hardrive space, you can have a few different versions of
Windows and a few versions of Solaris on a
single computer being tested by Whax.

Here is how I loaded a virtual version of Whax on a Dell Latitude D600 laptop. 

First of all, you'll need:

A Dell Latitude D600 (x86 system with at least 128Ram, 8 Gig HD, 1GHZ… need more RAM & HD for more OSes) See basic system requirements HERE.

Vmware 4.0.2 build-5592 (may work with other versions such as the FREE Vmware player)

Whax version 3 (should work with any version of Whax.  Download free version of Whax HERE.) 

 

Loading Whax on Vmware with the Vmware 4.0 Wizard:

Select File | New | choose “Custom”

Guest Operating System: Select “Linux” as the Guest Operating System

Virtual Machine Name: Whax (optional, I usually name this something to make it stand out from the other OSes) 

Location: I chose the default location

Network Connection: This depends on what you are
trying to do and your network set up.  It you have a
internetworking device that you want Whax to interface with with it own
IP address you will want to choose Network Address Translation. 

Disk: Select “Create a new vitural disk”

Disk Capacity: As low as 1GB

Disk File: I usually rename the Disk file “Whax” so it can be distinguishable from other OSes you have loaded.

 

Edit Virtual Machine Settings:

I haven't been able to get the RAM below 128Megs, but maybe you'll have better luck than me.

The hard disk can be brought down to 1Gig perhaps even lower.

 

Whax can be run on VMware from an ISO on the desktop.

With this setting, Whax will run on VMware directly from the disk. 

The elusive setting that initially stopped this Whax from working on
VMware was the “acceleration” feature that is turned on by default on
some versions of VMware.  To modify this feature, click
on “Edit virtual machine settings” once your Whax Guest Operating
System is set up.  From the “Virtual Machine Control Panel”
select the “Options” tab and select “Disable Acceleration” in the
Advanced options box.  

On my Dell Latitude d600 the load time is very slow (as in takes a
total of about 5-10 minutes total to see the dragon), but I sure this
will be faster on a betters system.  Good Luck.

Another Cool trick with VMWare can be found at  baeke.info

Auditor Flash Video Showing WPA Cracking (some WHAX hacks too)

I don't think if would be this easy to crack WPA2.  Unless a hacker really wants your goods he/she/shim is more than likely going to exploit your neighbor next door who doesn't even have WEP enabled.

A nice flash video showing how to crack wpa wireless security encryption. Using the auditor security collection.

This one is even better: http://www.hackingdefined.com/movies/whax-aircrack-wpa.html

WPA hack using WHAX.

More WHAX ATTACKS:

http://eks0.free.fr/whax-demos/

Click read more to access subject of this post.  See why auditor is so very cool.

read more | digg story

Whax How to (formerly known as whoppix)

The WHAX Live CD OS (formerly known as WHOPPIX) has a useful knowledgebase of growing information on how to use its very modular features.

I notice a few people coming to my blog to find tutorials on WHAX/Whoppix, but where you really want to go is here:

http://iwhax.net/modules/xoopsfaq/

If there is something you want to know just ask the WHAX gurus on their interactive site.  The Whoppix webpage looked nice but the creators of this incredible tool made a briliant move in this new interactive, blog howto structure.

If you Whax guys read this, I suggest getting some trackbacks.

read more | digg story

Network Vulnerability tool: AutoScan is a utility for network exploration

AutoScan is a utility for network exploration.

I used AutoScan on my home network and found out that my Router has Linux on it.  For my customer's enclave I used Autoscan to quickly locate vulnerabilities.

Although the network is small the scan was usefull since it has given me a good idea what affect AutoScan will have on my customers larger newtork with more valuable assets and a potentially larger number of risks.

AutoScan did not alter my customers work as it instantly picked up workstations, internetworking devices and printers.  The built in nmap scripts adds a very nice touch. 

If you're a mobile White Hat on the go like me, autoscan within the WHAX live CD is a great security tool to add to your “batbelt.”

The objective of the program is to post the list of all equipment connected to the network. A list of ports preset is scanned for each equipment. You can find many more vulnerability tools with tags at Technorati & Del.icio.us:
http://del.icio.us/tag/vulnerability+assessment

read more | digg story

Whoppix replaced by WHAX: bootable CD

Remember Whoppix–White Hat Knoppix? Well, it's now based off of SLAX
instead of Knoppix, making WHAX. This was done for modularity, making
it more easily customizable.

I've made a copy of Whoppix, Knoppix STD and WHAX and each time I've
had to re-learn how to make a bootable CD and each time I figure it out
I wonder how the hell could I be so silly as to forget something so
easy.  It's like having a brain fart and forgeting how to spell
“of.”

The key is to burn it as an Image or .ISO NOT BOOTABLE.  Most of the popular burners have this feature.

Anyway here is how you do it:

*note: SLAX and Knoppix variations
often are compressed into an archive file or .rar.  Many systems
automatically see this as a .ISO or image file.  No need to
extract it.

Making a Data CD from a CD Image with Easy CD Creator (Save the Image to your Hard drive) 

    1)  Insert a blank CD in CD Recorder

    2)  Select “Record CD from Image” from the File menu

    3)  Select the image file WHAX-x-beta.iso or whatever
         the .ISO file is named and click Open. 
   
    4)   Once the Record CD Setup dialog box appears, 
          Click Start Recording

Basically, just look for the burn Image or .ISO feature and your good.