- Penetration Testing Tools
- Kali Linux Tools Listing
- mdk4 Help
- Solving the problem with an error «ioctl(SIOCSIWMODE) failed: Device or resource busy»
- mdk4 Usage Example
- How to install mdk4
- mdk4 Screenshots
- mdk4 Tutorials
- Mdk4 kali linux инструкция
- Wireshark
- Mdk4 kali linux инструкция
- Как защититься от подобных атак?
Penetration Testing Tools
Kali Linux Tools Listing
MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
MDK4 is a new version of MDK3.
MDK4 is a Wi-Fi testing tool from E7mer of 360PegasusTeam, ASPj of k2wrlz, it uses the osdep library from the aircrack-ng project to inject frames on several operating systems.
- Supports two WiFi card (one for receiving data, another for injecting data).
- Supports block the specified ESSID/BSSID/Station MAC in command option.
- Supports both 2.4 to 5GHz (Linux).
- Supports IDS Evasion (Ghosting, Fragmenting, Does not fully work with every driver).
- Supports packet fuzz testing.
mdk4 Help
There are 9 attack modules, they are denoted by a single letter.
ATTACK MODE b: Beacon Flooding
Sends beacon frames to show fake APs at clients. This can sometimes crash network scanners and even drivers!
ATTACK MODE a: Authentication Denial-Of-Service
Sends authentication frames to all APs found in range. Too many clients can freeze or reset several APs.
ATTACK MODE p: SSID Probing and Bruteforcing
Probes APs and checks for answer, useful for checking if SSID has been correctly decloaked and if AP is in your sending range. Bruteforcing of hidden SSIDs with or without a wordlist is also available.
ATTACK MODE d: Deauthentication and Disassociation
Sends deauthentication and disassociation packets to stations based on data traffic to disconnect all clients from an AP.
ATTACK MODE m: Michael Countermeasures Exploitation
Sends random packets or re-injects duplicates on another QoS queue to provoke Michael Countermeasures on TKIP APs. AP will then shutdown for a whole minute, making this an effective DoS.
ATTACK MODE e: EAPOL Start and Logoff Packet Injection
Floods an AP with EAPOL Start frames to keep it busy with fake sessions and thus disables it to handle any legitimate clients. Or logs off clients by injecting fake EAPOL Logoff messages.
ATTACK MODE s: Attacks for IEEE 802.11s mesh networks
Various attacks on link management and routing in mesh networks. Flood neighbors and routes, create black holes and divert traffic!
ATTACK MODE w: WIDS Confusion
Confuse/Abuse Intrusion Detection and Prevention Systems by cross-connecting clients to multiple WDS nodes or fake rogue APs.
ATTACK MODE f: Packet Fuzzer
A simple packet fuzzer with multiple packet sources and a nice set of modifiers. Be careful!
This version supports IDS Evasion (Ghosting). Just append —ghost
, , after your attack mode identifier to enable ghosting!
NOTE: Does not fully work with every driver, YMMV…
This version supports IDS Evasion (Fragmenting). Just append —frag , ,
after your attack mode identifier to fragment all outgoing packets, possibly avoiding lots of IDS!
NOTE: May not fully work with every driver, YMMV…
HINT: Set max_frags to 0 to enable standard compliance
Solving the problem with an error «ioctl(SIOCSIWMODE) failed: Device or resource busy»
If you received a message when launching an attack:
This means that you need to stop programs that can use the wireless interface, and also put your wireless adapter into monitor mode.
To stop interfering processes:
To switch to monitor mode, use the following commands:
For example, to put the wlo1 interface into monitor mode:
mdk4 Usage Example
The ‘Beacon Flooding’ attack (b) (creates the appearance of the presence of many fake access points) on the wireless interface (wlo1), while also using non-printable characters in the generated SSID and creating SSIDs that break the 32-byte limit (-a) with valid MAC access points from the embedded OUI database (-m) and send packets at a speed of 500 packets per second (-s 500):
How to install mdk4
Installation on Kali Linux
Installation on BlackArch
Installation on Linux (Debian, Mint, Ubuntu)
mdk4 Screenshots
The result of the b attack:
mdk4 Tutorials
For more information about how attacks work, see the mdk3 help.
Источник
Mdk4 kali linux инструкция
Tool Description:
mdk4 is a proof of concept (the PoC) tools, utilizing common weakness in IEEE 802.11 protocol.
operating:
mdk4 [Interface Name (example: eth0)] [Test Mode] [Test Options]
Options Photo Gallery:
| a -Authentication DoS | Authentication DoS. Verify the identity of the frame to send all ap find the range. Freeze or reset the client each AP found. |
|---|---|
| -a ap_mac | Only a test using a mac address ap |
| -m | OUI from a valid client MAC address database |
| -c | Do not check the test successful. |
| -i ap_mac | Smart tests on AP (-a and -c are ignored): ap_mac using the MAC address to connect a client to AP, and to re-inject sniff state to maintain their activities |
| -s rate | The rate (packets per second) is set as a rate (default to infinity) |
| b – beacon flood | Beacon flooding. Transmitting the beacon frame displayed on the client ap prosthesis. This sometimes makes even a network scanner driver to crash! |
| -n ssid | Specify the SSID rather than randomly generated SSID |
| -f file | Ssid read from a file, rather than randomly generated thereof |
| -v file | MACs and read from a file ssid |
| -d | Display configuration as Ad-Hoc |
| -w | Set WEP bit (generated encrypted networks) |
| -g | 802.11g information display |
| -t | Displays the site using WPA TKIP encryption |
| -a | Displays the site using WPA AES encryption |
| -m | With a valid MAC address from the access database OUI |
| -h | Jump to the spoofed AP channel, which makes testing more efficient for certain devices / drivers, but because the channel hopping, which reduces the packet rate |
| -c chan | Specified channel, if you want your card to jump on this channel, you must also set the -h option! |
| -s rate | Set the speed to the number of packets per second (default 50) |
| d — Deauthentication / Disassociation Amok Mode Kicks everybody found from AP. | Lift authentication / disassociation Amok mode will find all the people from the AP kick. |
| -w file | Reading MACs (whitelist mode) from the affected files |
| -b file | Mac read from the file to be tested in blacklist mode |
| -s rate | The rate (packets per second) is set as a rate (default to infinity) |
| -c [chan 1,chan 2,…chan n] | The channel hopping. In the case where any channel is not available, mdk4 will skip all 14 b / g channel. The current channel will change every five seconds. |
| f — MAC Filter Bruteforce Mode | MAC filter brute mode. This test uses a known client MAC address list and try for a given AP to authenticate, while dynamically change the response timeout for best performance. It is currently only open in the right to refuse to work on authentication requests APs. |
| -t bssid | Target bssid |
| -m mac_prefix | MAC address range provided mac_prefix (3 bytes, such as 00:12:34); -m If not, use the internal database |
| -f mac | Specify the MAC address of the beginning of brute force (Note: -f and -m can not be used) |
| g – WPA Downgrade Test | Ap workstation and transmitting packets WPA encryption for authentication. By this test, you can check whether the system administrator to try his network settings or disable WEP encryption. mdk4 will allow WEP and unencrypted client work, so if the system administrator only that «WPA bad,» then he is certainly not the right person for the job (can / should be combined with social engineering). |
| -t bssid | Target bssid |
| M — Michael Shutdown Exploitation (TKIP) | Continuous block all traffic |
| -t bssid | Target bssid |
| -w time | The time between transmission bursts (sec) (default: 10) |
| -n ppb | Ppb each packet set (default value: 70) |
| -j | TKIP quality using the new service use only a few packages to close the AP! |
| -s rate | The rate (packets per second) is set as a rate (default to infinity) |
| p — Basic Probing and ESSID Bruteforce Mode | The basic detection and ESSID brute force mode. AP detection response and checks whether it is decoded or whether the AP is useful in the transmission range of the adapter to the inspection proper SSID. Using the -f -t option is enabled SSID and brute force. |
| -e ssid | Bssid probe |
| -f file | Reading lines from a file with brute force hidden ssid |
| -t bssid | Target ap bssid |
| -s rate | Set-speed packet per second rate (normal default: infinity; brute default value: 300) |
| -b character_set | Use the recommended (based on only a brief ssid complete brute pattern of character_set! |
| W — WIDS/WIPS/WDS Confusion | The WDS authentication and multi-client confusion, thus messing up the routing table. |
| -e ssid | Target WDS network SSID |
| -c [chan 1,chan 2,… chan n] | The channel hopping. |
| -z | WIDS activation Zero_Chaos of vulnerability (to allow the client to authenticate WIDS in disarray from the outside to the WDS APs) |
| X – 802.1x tests | |
| 0 — EAPOL Start packet flooding | Start packet flooding |
| -n ssid | Specify the SSID |
| -t bssid | Ap target of bssid |
| -w WPA_type | Type Specifies wpa (1: WPA, 2: WPA2 / RSN; Default: WPA |
| -u unicast_cipher_type | Set Unicast cipher types (1: TKIP, 2: CCMP; Default: TKIP) |
| -m multicast_cipher_type | Set the multicast cipher types (1: TKIP, 2: CCMP; Default: TKIP) |
| -s rate | The rate (packets per second) is set as a rate (default value: 400) |
| 1 — EAPOL Logoff test | EAPOL-line test |
| -t ssid | Setting a target AP MAC address |
| -c bssid | Setting a target STA MAC address |
| -s rate | The rate (packets per second) is set as a rate (default value: 400) |
Case:
premise environment:
System: kali linux 2019.4
NIC: rlink 802.11n
operating:
As used herein, airodump-ng get some information, kismet may be used, as in FIG.
Then we will operate for this alternate, where we will alternate the expulsion offline customers, by drawing parameters, the parameters will be described in detail, please see the above translation.
Compare view can be seen under the relevant mac address, use 11-channel client has been expelled off the assembly line.
Airodump-ng the terminal can use a live view operation target command associated client connections may be used Kismet, simultaneously with the start of the block can be opened Kismet, then enter ui client interface connection view, as in FIG.
Kismet to see the specific use of tutorials, but also their own Baidu acquisition using the tutorial and see approach. Other options operate on its own experiments
Mdk4 tutorial period ended, the next issue will be released kali
Wireshark
Capture using filters, more relevant information kali attention: linux the study notes, or visit http://www.xiexiaojiang.xyz, learn more about the kali linux. 
Источник
Mdk4 kali linux инструкция
Смотрели : 2 395
Материал предоставлен исключительно в ознакомительных целях, для тестирования своих точек доступа, и аудита безопасности! Данный материал не призывает повторять эти действия! Автор проделывает все действия лишь на собственном оборудовании и в собственной сети.
Данный инструмент способен создать помехи для множества точек доступа в радиусе своей видимости, другими словами DOS АТАКА.
apt update && apt upgrade
теперь надо подготовить kali linux к использованию mdk4
командой ifconfig необходимо определить адаптер (в моем случае wlan0)
Затем необходимо активировать режим мониторинга
airmon-ng start wlan0
mdk4 wlan0mon b -a -m -s 500
Атака «Флудинг маяками», буква (b) — создаёт видимость присутствия большого количества фальшивых точек доступ), на беспроводном интерфейсе (wlan0mon),
Для запуска «глушилки» необходимо активировать, например
mdk4 wlan0mon f -s abp -m bmstm -p 400
1) mdk4 [attack_options]
Например: mdk4 wlan0mon a
mdk4 wlan0mon a — поступают много клиентов на точку доступа
mdk4 wlan0mon b — это флуд маячками
mdk4 wlan0mon b -ams 500 — ложит сеть
mdk4 wlan0mon d — просто отключает от сети
mdk4 wlan0mon f -sap -m bmstm -p 400 — DOS атака на все устройства в радиусе видимости
Как защититься от подобных атак?
Ответ прост — никак. На данный момент нельзя защититься от подобного рода атак.
Источник
