Kali Linux-use MDK3 to build WiFi

0x01 causes

Some time ago a good base of friends to find me, and I want to talk with a long-time girl to vindicate, want me to give him the whole of a tall on the way of confession,

The base friend off the list of course is the force of Ah, I think of modern indispensable WiFi, but according to the ordinary tutorial, fishing WiFi can only build a

Since it is the confession of this kind of thing, of course, the more shocking the better Ah, Baidu after a few, I found the final appropriate tool-MDK3

0x02 Introduction

MDK3 is a wireless DoS attack test tool capable of initiating attacks in Beacon Flood, authentication DoS, deauthentication/disassociation amok, etc.

In addition, it has the detection mode for hidden Essid, 802.1X penetration test, wids interference and other functions, can be said to be a more useful WiFi attack tool,

Today our goal is: to build a lot of junk WiFi to give the sister -in-law confession (Why the word "sister-in-law" not much explanation)

Let's start with a brief look at some of MD3 's commands, open the terminal, enter Mdk3--help

[Email protected]:~# mdk3--help

MDK 3.0 V6-"Yeah, well, whatever"
By ASPJ of K2wrlz, using the OSDEP library from Aircrack-ng
And with lots of help from the great Aircrack-ng community:
Antragon, Moongray, Ace, Zero_chaos, Hirte, Thefkboss, Ducttape,
Telek0miker, Le_vert, Sorbo, Andy Green, Bahathir and Dawid Gajownik
THANK you!

MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
Important:it is your responsibility to make sure you had permission from the
Network owner before running MDK against it.

This code is licenced under the GPLv2

MDK USAGE:
Mdk3 <interface> <test_mode> [test_options]

Try mdk3--fullhelp for all test options
Try mdk3--help <test_mode> for info on one test only

TEST MODES:
B-beacon Flood Mode
Sends Beacon frames to show fake APs at clients.
This can sometimes crash network scanners and even drivers!
A-authentication DoS Mode
Sends authentication frames to all APs found in range.
Too much clients freeze or reset some APs.
P-basic probing and ESSID bruteforce mode
Probes AP and check for answer, useful for checking if SSID have
been correctly decloaked or if AP is in your adaptors sending range
SSID bruteforcing is also possible with the this test mode.
D-deauthentication/disassociation Amok Mode
Kicks everybody found from AP
M-michael shutdown Exploitation (TKIP)
Cancels all traffic continuously
X-802.1X Tests
W-wids/wips confusion
Confuse/abuse intrusion Detection and prevention Systems
F-MAC Filter Bruteforce Mode
This test uses a list of known client Macs Addresses and tries to
Authenticate them to the given APS while dynamically changing
Its response timeout to best performance. It currently works only
On APs who deny an open authentication request properly
G-WPA downgrade test
Deauthenticates stations and APs sending WPA encrypted packets.
With this test can check if the sysadmin would try setting his
Network to WEP or disable encryption.

Well, actually there is a simplified version of the instructions, but keep the above a large section of English appears the author forced aligning higher

Mdk3 Mon b-N <ssid>//Custom Essid-F <filename>//Read Essid list file-V <filename>//customizing Essid and Bssid corresponding list text-D//Customizing to Ad-hoc mode-W  //Customizing for WEP mode-G//54Mbit Mode-T//WPA TKIP Encryption-A//WPA AES Encryption-M//Read database MAC address-C <chan>//Custom Channel-S <pps>//Packet Rate

These are the common parameters we use today for the Mdk3 B type attack, and we're going to start the confession journey.

0X03 Confession

First, we first turn on the network card listening mode:

Airmon-ng start wlan0< Wireless card name >

Here my wireless card name is Wlan0, we need to change the name of your wireless network card

Then we enter ifconfig to see if the network card is switched on, that is, to see if the network card name adds Mon

[Email protected]:~#ifconfigWlan0mon:flags=4163<UP,BROADCAST,RUNNING,MULTICAST> MTU theUnspec -- $- --bd-94- About- -- --xx-xx-xx-xx-xx-xx-xx-xxTxqueuelen +(unspec) RX packets -bytes6198(6.0KiB) RX Errors0Dropped -Overruns0Frame0TX Packets0bytes0(0.0B) TX errors0Dropped0Overruns0Carrier0Collisions0

Here we can see that our network card has been switched on and listening mode.

And then we're going to list the name of a junk WiFi in a text first.

We write a text in the root directory:

Leafpad Wifiname

Then I wrote the confession in the Wifiname text, then ctrl+s save the file

PS: Here to note that our custom WiFi name can not be duplicated , or only build a WiFi, the best solution is to add a number after the name, for example, I love you 1, I love you 2 and so on, followed by each input good one WiFi name after the carriage return , Enter the second WiFi name in the second row, or the names will be squeezed into a WiFi name

After that we began to confess:

6  +-F./Wifinam//wlan0mon  switch on the wireless card name of the listening mode //B         -- >MDK3 Tool Type B attack//-C 6---- to signal frequency 6 send a large number of SSIDs/-S--    Broadcast 1000 data per second to this frequency /-F./wifiname--     -Custom WiFi name (i.e. SSID) file path

Then we wait a moment, open the phone to detect the WiFi can see our confession information

Of course, this time the base friend's confession result of course is I occupy the Thunder, that sister to go my mobile phone number ...

So now I am in the hospital bed with one hand typing, next to a fierce Han face angrily staring at me =

Kali Linux-use MDK3 to build WiFi