mdk3(1)
NAME
mdk3 - wireless attack tool for IEEE 802.11 networks
SYNOPSIS
mdk3 <interface> <test_mode> [test_options]
DESCRIPTION
MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
OPTIONS
--fullhelp
Show all test options.
--help <test_mode>
Show test options about <test_mode>.
TEST MODES
b - Beacon Flood Mode
Sends beacon frames to show fake APs at clients.
This can sometimes crash network scanners and even drivers!
a - Authentication DoS mode
Sends authentication frames to all APs found in range.
Too much clients can freeze or reset some APs.
p - Basic probing and ESSID Bruteforce mode
Probes AP and check for answer, useful for checking if SSID has
been correctly decloaked or if AP is within your wifi
interface's sending range.
SSID Bruteforcing is also possible with this test mode.
d - Deauthentication / Disassociation Amok Mode
Kicks out everybody found from AP.
m - Michael shutdown exploitation (TKIP)
Cancels all traffic continuously.
x - 802.1X tests.
w - WIDS/WIPS Confusion.
Confuse/Abuse Intrusion Detection and Prevention Systems.
f - MAC filter bruteforce mode
Uses a list of known client MAC Addresses and tries to
authenticate them to the given AP while dynamically changing its
response timeout for best performance. It currently works only
on APs who deny an open authentication request properly.
g - WPA Downgrade test
Deauthenticates Stations and APs sending WPA encrypted packets.
All the unencrypted and WEP networks will still work.
TEST MODES OPTIONS
b - Beacon Flood Mode
Sends beacon frames to show fake APs at clients.
This can sometimes crash network scanners and even drivers!
-n <ssid>
Use SSID <ssid> instead of randomly generated ones.
-f <filename>
Read SSIDs from file.
-v <filename>
Read MACs and SSIDs from file. See example file at
/usr/share/doc/mdk3/fakeap-example.txt.
-d
Fake Ad-Hoc stations.
-w
Fake WEP encrypted stations.
-g
Fake 802.11b stations (54 Mbit/s).
-t
Fake WPA TKIP encrypted stations.
-a
Fake WPA AES encrypted stations.
-m
Use valid accesspoint MAC from OUI database.
-h
Hop to channel where AP is spoofed.
This makes the test more effective against some
devices/drivers but it reduces packet rate due to channel
hopping.
-c <chan>
Fake an AP on channel <chan>. If you want your card to
hop on this channel, you have to set -h option, too!
-s <pps>
Set speed in packets per second (default: 50).
a - Authentication DoS mode
Sends authentication frames to all APs found in range.
Too much clients can freeze or reset some APs.
-a <ap_mac>
Test only the specified AP <ap_mac>.
-m
Use a valid client MAC from OUI database.
-c
Do NOT check if the authentication succeeded.
-i <ap_mac>
Perform intelligent test on AP (-a and -c will be
ignored).
This test connects clients to the AP and reinjects
sniffed data to keep them alive.
-s <pps>
Set speed in packets per second (default: unlimited).
p - Basic probing and ESSID Bruteforce mode
Probes AP and check for answer, useful for checking if SSID has
been correctly decloaked or if AP is within your wifi
interface's sending range.
Use -f and -t option to enable SSID Bruteforcing.
-e <ssid>
Set the target SSID.
-f <filename>
Read SSIDs from file, useful to bruteforce hidden
networks.
-t <bssid>
Set MAC address of target AP.
-s <pps>
Set speed (default: unlimited; in Bruteforce mode: 300).
-b <character set>
Use full Bruteforce mode (recommended for short SSIDs
only!).
d - Deauthentication / Disassociation Amok Mode
Kicks out everybody found from AP.
-w <filename>
Read file containing MACs not to care about (Whitelist
Mode).
-b <filename>
Read file containing MACs to run tests on (Blacklist
Mode).
-s <pps>
Set speed in packets per second (default: unlimited).
-c [chan,chan,chan,...]
Enable channel hopping.
Without providing any channels, mdk3 will hop an all 14
b/g channels. Channel will be changed every 5 seconds.
m - Michael shutdown exploitation (TKIP)
Cancels all traffic continuously.
-t <bssid>
Set MAC address of target AP.
-w <seconds>
Seconds between bursts (default: 10).
-n <ppb>
Set packets per burst (default: 70).
-j
Use the new TKIP QoS-Exploit.
Needs just a few packets to shut AP down!
-s <pps>
Set speed (default: 400).
x - 802.1X tests.
0 - EAPOL Start packet flooding
-n <ssid>
Set the target SSID.
-t <bssid>
Set MAC address of target AP.
-w <WPA type>
Set WPA type (1: WPA, 2: WPA2/RSN; default: WPA).
-u <unicast cipher>
Set unicast cipher type (1: TKIP, 2: CCMP;
default: TKIP).
-m <multicast cipher>
Set multicast cipher type (1: TKIP, 2: CCMP;
default: TKIP).
-s <pps>
Set speed (default: 400).
1 - EAPOL Logoff test
-t <bssid>
Set MAC address of target AP.
-c <bssid>
Set MAC address of target STA.
-s <pps>
Set speed (default: 400).
w - WIDS/WIPS/WDS Confusion
Confuses a WDS with multi-authenticated clients which messes up
routing tables.
-e <SSID>
Set SSID of target WDS network.
-c [chan,chan,chan...]
Use channel hopping.
-z
Activate Zero_Chaos' WIDS exploit (authenticates clients
from a WDS to foreign APs to make WIDS go nuts).
f - MAC filter bruteforce mode
Uses a list of known client MAC Addresses and tries to
authenticate them to the given AP while dynamically
changing its response timeout for best performance.
It currently works only on APs who deny an open
authentication request properly.
-t <bssid>
Set MAC address of target AP.
-m <mac>
Set the MAC address range to use (3 bytes, i.e.
00:12:34).
Without -m, the internal database will be used.
-f <mac>
Set the MAC address to begin bruteforcing with (you can't
use -f and -m at the same time).
g - WPA Downgrade test
Deauthenticates Stations and APs sending WPA encrypted packets.
All the unencrypted and WEP networks will still work.
-t <bssid>
Set MAC address of target AP.
FILES
/usr/share/doc/mdk3/common-ssids.txt.gz
Commmon SSIDs.
/usr/share/doc/mdk3/fakeap-example.txt
Fake AP examples for the Beacon Flood Mode (b).
/usr/share/doc/mdk3/less-common-ssids.txt.gz
Not-so-common SSIDs.
/usr/share/doc/mdk3/useful2.gz
Extra SSIDs.
AUTHOR
MDK3 was developed Pedro Larbig "ASPj" <[email protected]>, with code taken from: aircrack-ng (by Christophe Devine) and kismet (by Mike Kershaw), all with contributions from various authors. This manual page was written by Samuel Henrique <[email protected]> for the Debian project, it was based on mdk3 --fullhelp output and can be used by other projects as well.
SEE ALSO
aircrack-ng(1)
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
