Options

Syntax: mdk3 < interface > < test mode > < test-options > Mdk3 – help < test mode >: for test options

TEST MODES:

b-Beacon Flood Mode Send beacon frames to show customer fake APs. This can crash network scanners and even drivers sometimes! a-Authentication DoS mode Sends authentication frames to all applications within the range. Too many customers freeze or reset individual APs. p-Basic probing and ESSID Bruteforce mode AP samples and reply checks are useful to verify whether SSID has been adequately decommissioned or whether AP in your adapters can also send SSID brute-forcing with this test mode. d-Deauthentication / Disassociation Amok Mode Kicks everybody found from APi m-Michael shutdown exploitation (TKIP) Cancel all traffic always x-802.1X tests w-WIDS / WIPS Confusion Intrusion Detection and Prevention Programs Confuse / Abuse f-MAC filter Bruteforce mode This test uses a list of known MAC addresses for clients and attempts to authenticate them on the given AP while changing their response timeout dynamically to ensure the best performance. It currently only operates on APs that correctly reject an open authentication request g-WPA Downgrade test Deauthenticates WPA encrypted packets from stations and APs. This test helps you to verify if the sysadmin attempts to set your network to WEP or disable encryption.

Lab 1:Deauthenticate all clients on a channel

In this lab, we ‘re trying to deny service to all clients on one channel. This is called a test of deauthentication. Step 1: First, we need to make sure that the monitor interface is enabled. Command: iwconfig All wireless interfaces and their wireless features are presented. Step 2: Let the monitor interface start Command: airmon-ng start wlan0 Step 3: See nearby all Access Points and set our target. Command: airodump-ng mon0 This shows all wifi access points, including hidden access points nearby. We are getting a lot of information out of that. Access points, Mac IDs, clients, channels every AP is broadcasting on, etc. There is only one AP here that is going to be our target. We can see from the picture above that it’s operating on channel 6. So let’s launch an attack on channel 6. Command: mdk3 mon0 d -c 6

Lab 2: Beacon Flooding

This lab features the creation of fake access points in different SSIDs (Broadcast Names) at a fast rate. This could crash some customers or repeated wireless access points or extenders etc. Step 1: Make sure your monitor interface works. For this, see the previous lab. Step 2: Launch attack Command: mdk3 mon0 b Here’s an android phone showing all the access points we’ve made. This could likely be crashed.