MDK3 is a conceptual tool for proof. It is used to test 802.11 (wifi) networks. It consists of various methods for testing. Some of the essential sare processes are flooding, deauthentication, WPA-dos, etc. For pentests, mdk is used for the monitoring and compatibility of the network infrastructures with 802.11 implementations.
Options
Syntax: mdk3 < interface > < test mode > < test-options >
Mdk3 – help < test mode >: for test options
TEST MODES:
b-Beacon Flood Mode
Send beacon frames to show customer fake APs. This can crash network scanners and even drivers sometimes!
a-Authentication DoS mode
Sends authentication frames to all applications within the range. Too many customers freeze or reset individual APs.
p-Basic probing and ESSID Bruteforce mode
AP samples and reply checks are useful to verify whether SSID has been adequately decommissioned or whether AP in your adapters can also send SSID brute-forcing with this test mode.
d-Deauthentication / Disassociation Amok Mode
Kicks everybody found from APi
m-Michael shutdown exploitation (TKIP)
Cancel all traffic always
x-802.1X tests
w-WIDS / WIPS Confusion
Intrusion Detection and Prevention Programs Confuse / Abuse
f-MAC filter Bruteforce mode
This test uses a list of known MAC addresses for clients and attempts to authenticate them on the given AP while changing their response timeout dynamically to ensure the best performance. It currently only operates on APs that correctly reject an open authentication request
g-WPA Downgrade test
Deauthenticates WPA encrypted packets from stations and APs. This test helps you to verify if the sysadmin attempts to set your network to WEP or disable encryption.
Lab 1:Deauthenticate all clients on a channel
In this lab, we ‘re trying to deny service to all clients on one channel. This is called a test of deauthentication.
Step 1: First, we need to make sure that the monitor interface is enabled.
Command: iwconfig
All wireless interfaces and their wireless features are presented.
Step 2: Let the monitor interface start
Command: airmon-ng start wlan0<your interface here>
Step 3: See nearby all Access Points and set our target.
Command: airodump-ng mon0
This shows all wifi access points, including hidden access points nearby.
We are getting a lot of information out of that. Access points, Mac IDs, clients, channels every AP is broadcasting on, etc. There is only one AP here that is going to be our target. We can see from the picture above that it’s operating on channel 6. So let’s launch an attack on channel 6.
Command: mdk3 mon0 d -c 6
Lab 2: Beacon Flooding
This lab features the creation of fake access points in different SSIDs (Broadcast Names) at a fast rate. This could crash some customers or repeated wireless access points or extenders etc.
Step 1: Make sure your monitor interface works. For this, see the previous lab.
Step 2: Launch attack
Command: mdk3 mon0 b
Here’s an android phone showing all the access points we’ve made. This could likely be crashed.
