mdk3 man page on Kali

Man page or keyword search:  
man Server   9211 pages
apropos Keyword Search (all sections)
Output format
Kali logo
[printable version]

MDK3(1)		 wireless attack tool for IEEE 802.11 networks	       MDK3(1)

NAME
       mdk3 - wireless attack tool for IEEE 802.11 networks

SYNOPSIS
       mdk3 <interface> <test_mode> [test_options]

DESCRIPTION
       MDK  is	a proof-of-concept tool to exploit common IEEE 802.11 protocol
       weaknesses.

OPTIONS
       --fullhelp

	      Show all test options.

       --help <test_mode>

	      Show test options about <test_mode>.

   TEST MODES
       b   - Beacon Flood Mode

	      Sends beacon frames to show fake APs at clients.

	      This can sometimes crash network scanners and even drivers!

       a   - Authentication DoS mode

	      Sends authentication frames to all APs found in range.

	      Too much clients can freeze or reset some APs.

       p   - Basic probing and ESSID Bruteforce mode

	      Probes AP and check for answer, useful for checking if SSID  has
	      been  correctly  decloaked  or  if AP is within your wifi inter‐
	      face's sending range.

	      SSID Bruteforcing is also possible with this test mode.

       d   - Deauthentication / Disassociation Amok Mode

	      Kicks out everybody found from AP.

       m   - Michael shutdown exploitation (TKIP)

	      Cancels all traffic continuously.

       x   - 802.1X tests.

       w   - WIDS/WIPS Confusion.

	      Confuse/Abuse Intrusion Detection and Prevention Systems.

       f   - MAC filter bruteforce mode

	      Uses a list of known client MAC Addresses and tries to authenti‐
	      cate  them  to  the  given  AP  while  dynamically  changing its
	      response timeout for best performance. It currently  works  only
	      on APs who deny an open authentication request properly.

       g   - WPA Downgrade test

	      Deauthenticates Stations and APs sending WPA encrypted packets.

	      All the unencrypted and WEP networks will still work.

   TEST MODES OPTIONS
       b - Beacon Flood Mode

	      Sends beacon frames to show fake APs at clients.

	      This can sometimes crash network scanners and even drivers!

	      -n <ssid>

		     Use SSID <ssid> instead of randomly generated ones.

	      -f <filename>

		     Read SSIDs from file.

	      -v <filename>

		     Read  MACs	 and  SSIDs  from  file.  See  example file at
		     /usr/share/doc/mdk3/fakeap-example.txt.

	      -d

		     Fake Ad-Hoc stations.

	      -w

		     Fake WEP encrypted stations.

	      -g

		     Fake 802.11b stations (54 Mbit/s).

	      -t

		     Fake WPA TKIP encrypted stations.

	      -a

		     Fake WPA AES encrypted stations.

	      -m

		     Use valid accesspoint MAC from OUI database.

	      -h

		     Hop to channel where AP is spoofed.

		     This  makes  the  test  more   effective	against	  some
		     devices/drivers but it reduces packet rate due to channel
		     hopping.

	      -c <chan>

		     Fake an AP on channel <chan>. If you want	your  card  to
		     hop on this channel, you have to set -h option, too!

	      -s <pps>

		     Set speed in packets per second (default: 50).

       a   - Authentication DoS mode

	      Sends authentication frames to all APs found in range.

	      Too much clients can freeze or reset some APs.

	      -a <ap_mac>

		     Test only the specified AP <ap_mac>.

	      -m

		     Use a valid client MAC from OUI database.

	      -c

		     Do NOT check if the authentication succeeded.

	      -i <ap_mac>

		     Perform  intelligent  test	 on  AP	 (-a  and  -c  will be
		     ignored).

		     This test	connects  clients  to  the  AP	and  reinjects
		     sniffed data to keep them alive.

	      -s <pps>

		     Set speed in packets per second (default: unlimited).

       p   - Basic probing and ESSID Bruteforce mode

	      Probes  AP and check for answer, useful for checking if SSID has
	      been correctly decloaked or if AP is  within  your  wifi	inter‐
	      face's sending range.

	      Use -f and -t option to enable SSID Bruteforcing.

	      -e <ssid>

		     Set the target SSID.

	      -f <filename>

		     Read  SSIDs  from	file, useful to bruteforce hidden net‐
		     works.

	      -t <bssid>

		     Set MAC address of target AP.

	      -s <pps>

		     Set speed (default: unlimited; in Bruteforce mode: 300).

	      -b <character set>

		     Use full Bruteforce mode  (recommended  for  short	 SSIDs
		     only!).

       d   - Deauthentication / Disassociation Amok Mode

	      Kicks out everybody found from AP.

	      -w <filename>

		     Read  file	 containing  MACs not to care about (Whitelist
		     Mode).

	      -b <filename>

		     Read file containing MACs	to  run	 tests	on  (Blacklist
		     Mode).

	      -s <pps>

		     Set speed in packets per second (default: unlimited).

	      -c [chan,chan,chan,...]

		     Enable channel hopping.

		     Without  providing	 any channels, mdk3 will hop an all 14
		     b/g channels. Channel will be changed every 5 seconds.

       m   - Michael shutdown exploitation (TKIP)

	      Cancels all traffic continuously.

	      -t <bssid>

		     Set MAC address of target AP.

	      -w <seconds>

		     Seconds between bursts (default: 10).

	      -n <ppb>

		     Set packets per burst (default: 70).

	      -j

		     Use the new TKIP QoS-Exploit.

		     Needs just a few packets to shut AP down!

	      -s <pps>

		     Set speed (default: 400).

       x   - 802.1X tests.

	      0 - EAPOL Start packet flooding

		     -n <ssid>

			    Set the target SSID.

		     -t <bssid>

			    Set MAC address of target AP.

		     -w <WPA type>

			    Set WPA type (1: WPA, 2: WPA2/RSN; default: WPA).

		     -u <unicast cipher>

			    Set	 unicast  cipher  type	(1:  TKIP,  2:	 CCMP;
			    default: TKIP).

		     -m <multicast cipher>

			    Set	 multicast  cipher  type  (1:  TKIP,  2: CCMP;
			    default: TKIP).

		     -s <pps>

			    Set speed (default: 400).

	      1 - EAPOL Logoff test

		     -t <bssid>

			    Set MAC address of target AP.

		     -c <bssid>

			    Set MAC address of target STA.

		     -s <pps>

			    Set speed (default: 400).

       w   - WIDS/WIPS/WDS Confusion

	      Confuses a WDS with multi-authenticated clients which messes  up
	      routing tables.

	      -e <SSID>

		     Set SSID of target WDS network.

	      -c [chan,chan,chan...]

		     Use channel hopping.

	      -z

		     Activate  Zero_Chaos' WIDS exploit (authenticates clients
		     from a WDS to foreign APs to make WIDS go nuts).

	      f	  - MAC filter bruteforce mode

		     Uses a list of known client MAC Addresses	and  tries  to
		     authenticate  them	 to  the  given	 AP  while dynamically
		     changing its response timeout for best performance.

		     It currently works only on APs who deny an open authenti‐
		     cation request properly.

	      -t <bssid>

		     Set MAC address of target AP.

	      -m <mac>

		     Set   the	MAC  address  range  to	 use  (3  bytes,  i.e.
		     00:12:34).

		     Without -m, the internal database will be used.

	      -f <mac>

		     Set the MAC address to begin bruteforcing with (you can't
		     use -f and -m at the same time).

       g   - WPA Downgrade test

	      Deauthenticates Stations and APs sending WPA encrypted packets.

	      All the unencrypted and WEP networks will still work.

	      -t <bssid>

		     Set MAC address of target AP.

FILES
       /usr/share/doc/mdk3/common-ssids.txt.gz
	      Commmon SSIDs.

       /usr/share/doc/mdk3/fakeap-example.txt
	      Fake AP examples for the Beacon Flood Mode (b).

       /usr/share/doc/mdk3/less-common-ssids.txt.gz
	      Not-so-common SSIDs.

       /usr/share/doc/mdk3/useful2.gz
	      Extra SSIDs.

AUTHOR
       MDK3  was  developed  Pedro  Larbig "ASPj" <pedrolarbig@compuserve.de>,
       with code taken from: aircrack-ng (by Christophe Devine) and kismet (by
       Mike Kershaw), all with contributions from various authors.

       This  manual  page was written by Samuel Henrique <samueloph@gmail.com>
       for the Debian project, it was based on mdk3 --fullhelp output and  can
       be used by other projects as well.

SEE ALSO
       aircrack-ng(1)

mdk3 6.0			September 2016			       MDK3(1)
[top]

List of man pages available for Kali

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net