MDK
Z WiKi AIRdump.CZ
MDK je proof-of-concept nástroj pro exploitaci zranitelností IEEE 802.11 protokolu. Testujete bez záruk a garancí, jedna se o experimentální nástroj. V príloze je log z testování a volby které aplikaci nebízí.
Použití aplikace
mdk <interface> <attack_mode> [attack_options]
Módy
b - Beacon Flood Mode
Možnosti
-n <ssid>
Use SSID <ssid> instead of randomly generated ones
-f <filename>
Read SSIDs from file
-d
Show station as Ad-Hoc
-w
Set WEP bit (Generates encrypted networks)
-g
Show station as 54 Mbit
-t
Show station using WPA TKIP encryption
-a
Show station using WPA AES encryption
-m
Use valid accesspoint MAC from OUI database
-h
Hop to channel where AP is spoofed
This makes attack more effective against some devices/drivers
But it reduces packet rate due to channel hopping.
-c <chan>
Fake an AP on channel <chan>. If you want your card to hop on
this channel, you have to set -h option, too!
-s <pps>
Set speed in packets per second (Default: 50)
a - Authentication DoS mode
Sends authentication frames to all APs found in range.
Too much clients freeze or reset almost every AP.
OPTIONS:
-a <ap_mac>
Only attack the specified AP
-m
Use valid client MAC from OUI database
-c
Do NOT check for attack being successful
-s <pps>
Set speed in packets per second (Default: unlimited)
p - Basic probing and ESSID Bruteforce mode
Probes AP and check for answer, useful for checking if SSID has
been correctly decloaked or if AP is in your adaptors sending range
Use -f and -t option to enable SSID Bruteforcing.
OPTIONS:
-e <ssid>
Tell mdk2 which SSID to probe for
-f <filename>
Read lines from file for bruteforcing hidden SSIDs
-t <bssid>
Set MAC adress of target AP
-s <pps>
Set speed (Default: unlimited, in Bruteforce mode: 300)
-b <character set>
Use full Bruteforce mode (recommended for short SSIDs only!)
Use this switch only to show its help screen.
d - Deauthentication / Disassociation Amok Mode
Kicks everybody found from AP (beta)
OPTIONS:
-w <filename>
Read file containing MACs not to attack (Whitelist mode)
-s <pps>
Set speed in packets per second (Default: unlimited)
m - Michael shutdown exploitation (TKIP)
Cancels all traffic continuously
-t <bssid>
Set Mac address of target AP
-w <seconds>
Seconds between bursts (Default: 10)
-n <ppb>
Set packets per burst (Default: 70)
-s <pps>
Set speed (Default: 400)
x - 802.1X EAPOL Start packet flooding
-n <ssid>
Use SSID <ssid>
-t <bssid>
Set Mac address of target AP
-w <WPA type>
Set WPA type (1: WPA, 2: WPA2/RSN; default: WPA)
-u <unicast cipher>
Set unicast cipher type (1: TKIP, 2: CCMP; default: TKIP)
-m <multicast cipher>
Set multicast cipher type (1: TKIP, 2: CCMP; default: TKIP)
-s <pps>
Set speed (Default: 400)
MDK 2.0 v32 - Zuo Meng Hua, I love you! :D by ASPj of k2wrlz, based on C. Devines aireplay code And with lots of help from the great aircrack-ng community: Antragon, moongray, Ace, Zero_Chaos, Hirte, thefkboss, ducttape, telek0miker - THANK YOU!
Aktualizácia nástroj je v súčastnosti dostupný vo verzii 5. Pribudli nasledovné módy:
w - WIDS/WIPS Confusion
Confuse/Abuse Intrusion Detection and Prevention Systems
f - MAC filter bruteforce mode
This test uses a list of known client MAC Adresses and tries to
authenticate them to the given AP while dynamically changing
its response timeout for best performance. It currently works only
on APs who deny an open authentication request properly
g - WPA Downgrade test
deauthenticates Stations and APs sending WPA encrypted packets.
With this test you can check if the sysadmin will try setting his
network to WEP or disable encryption.
MDK 3.0 v5 - "OOPS! My expensive Microsoft® Windows® VISTA® crashed :("-Edition
by ASPj of k2wrlz, using the osdep library from aircrack-ng
And with lots of help from the great aircrack-ng community:
Antragon, moongray, Ace, Zero_Chaos, Hirte, thefkboss, ducttape,
telek0miker, Le_Vert, sorbo, Andy Green, bahathir and Dawid Gajownik
THANK YOU!
Súvisiace články:
Příbuzné téma: Ska
Download balíčku aplikací: DIR
