WiFi Stress Testing Using MDK3, Beacon Flooding & Deauthentication Attack.

MDK3 is a proof of concept tool. It is used for stress testing 802.11 networks(wifi). It consists of various methods by which we can perform tests. Some of major method sare beacon flooding, deauthentication, WPA- dos etc. In pentests mdk is used for testing the network infrastructures having 802.11 implementations and ensuring compliance standards.

Options

Syntax : mdk3 <interface> <testmode> <test-options>
Mdk3 –help <test mode> : for test options

TEST MODES:

b   - Beacon Flood Mode

Sends beacon frames to show fake APs at clients. This can sometimes crash network scanners and even drivers!

a   - Authentication DoS mode

Sends authentication frames to all APs found in range. Too much clients freeze or reset some APs.

p   - Basic probing and ESSID Bruteforce mode

Probes AP and check for answer, useful for checking if SSID has been correctly decloaked or if AP is in your adaptors sending range SSID Brute-forcing is also possible with this test mode.

d   - Deauthentication / Disassociation Amok Mode

Kicks everybody found from AP

m   - Michael shutdown exploitation (TKIP)

Cancels all traffic continuously

x   - 802.1X tests

w   - WIDS/WIPS Confusion

Confuse/Abuse Intrusion Detection and Prevention Systems

f   - MAC filter bruteforce mode

This test uses a list of known client MAC Adresses and tries to authenticate them to the given AP while dynamically changing its response timeout for best performance. It currently works only on APs who deny an open authentication request properly

g   - WPA Downgrade test

Deauthenticates Stations and APs sending WPA encrypted packets. With this test you can check if the sysadmin will try setting his network to WEP or disable encryption.

Lab 1: Deauthenticate all clients in a channel

In this lab we try to deny service to all clients in one channel. This is called deauthentication test.

Step 1: First we have to ensure monitor interface is enabled.

Command: iwconfig

This shows all the wireless interfaces & their wireless properties.

Wireless Devices & Properties

Step 2: Lets start the monitor interface

Command : airmon-ng start wlan0<your interface here>
Starting monitor Interface.

Step 3: See all Access Points nearby & fix our target.

Command: airodump-ng mon0

This shows all wifi access points including hidden ones nearby.

Starting Airodump & Selecting Target

From this we get a lot of information. Access points, mac IDs, clients, channel on which each AP broadcasts etc. Here only one AP is there which will be our target. We can see from the above image that it’s running in channel 6. So let’s launch attack against channel 6.

Command: mdk3 mon0 d -c 6
De-authentication Attack

Lab 2 : Beacon Flooding

This lab features creating fake accesspoints in different SSIDs(Broadcast Names) at a very fast rate. This may crash some clients or wireless repeating access points or range extenders etc.

Step 1 : Ensure monitor interface is running in your system. For this see previous lab.

Step 2: Launch attack

Command : mdk3 mon0 b
Beacon Flood Attack

Here is an android phone showing all access points which we made. It’s likely that it can be crashed

Fake APs appearing on nearby devices.

Reference: http://tools.kali.org/wireless-attacks/mdk3

Ravi Sankar

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

9 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

9 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

2 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago