Skip to main content

MDK3

The new MDK3 uses the osdep injection library from the www.aircrack-ng.org project. The Linux-dependant includes have been removed, mdk3 compiles and runs on FreeBSD and even Windows (Cygwin). For Windows you need special drivers, a possibly illegal DLL file and the cygwin environment. Please see the aircrack-ng website for details about Packet Injection in Windows.

MDK3 works on the new mac80211 stack.

If you are a Linux user, just make, make install and have fun.
If you are a FreeBSD user, do the same, and report back to me, if it works correctly there.
If you are a Windows user, good luck, but expect no support from me.

MDK3 is licenced under GPLv2.

Features:
•Bruteforce MAC Filters
•Bruteforce hidden SSIDs (some small SSID wordlists included)
•Probe networks to check if they can hear you
•intelligent Authentication-DoS to freeze APs (with success checks)
•FakeAP - Beacon Flooding with channel hopping (can crash NetStumbler and some buggy drivers)
•Disconnect everything (aka AMOK-MODE) with Deauthentication and Disassociation packets
•WPA TKIP Denial-of-Service
•WDS Confusion - Shuts down large scale multi-AP installations

Changelog:
MDK3 version 6

•Amok Mode now works on Ad-Hoc and MANET networks (WARNING: Clients may not reconnect automatically, so they may stay disconnected after the attack stopped!)
•Removed duplicate WPA downgrade in Deauth Mode (sorry for the confusion)
•SSID Bruteforce Mode understands 0 and 1 byte SSIDs as hidden now, and tries all lengths
•GCC 4.4 support, all warnings and extra warnings fixed
•Whitelists and Blacklists in Amok Mode are re-read periodically every 3 seconds.
You can use this to dynamically allow or block hosts with scripts.
•A lot of small bugfixesMDK3 version 5

•Enhanced MAC-Filter Bruteforce Mode
•Another WDS/WIDS/WIPS Confusion Test
•Amok Mode supports QoS packets
•Michael Countermeasure Exploit (also known as TKIP QoS Exploit)
Shuts down APs using TKIP encryption and QoS Extension with 1 sniffed and 2 injected QoS Data Packets

•WPA-Downgrade Test - deauthenticates Stations and APs sending WPA encrypted packet
With this test you can check if the sysadmin will try WEP or even disables encryption
mdk3 will let WEP and unencrypted clients work, so if the sysadmin simply thinks "WPA is broken" he sure isn't the right one for this job. (this can/should be combined with social engineering)
MDK3 version 4

•Added high-speed MAC-Filter Bruteforce Mode (experimental)
Please test this on your APs and report back for optimizing and bugfixing, thanks!


mdk3-v6.tar.bz2

Comments

Popular posts from this blog

Test New ALFA-AWUS036H v.2 (1.000mW) VS ALFA-AWUS036H v.1 (500mW)

- Recently emerged the New ALFA-AWUS036H v.2 (1.000mW), and these are the tests. TEST WITH NETSTUMBLER 1) usb da 100mW chipset railink 2) usb da 200mW chipset railink rt73 3) intel 2200 b/g con connettore esterno rp-sma 4) Alfa-AWUS036H 500mW 5) New Alfa-AWUS036H V2 da 1.000mW

Creating A Cheap Bluetooth Sniffer

Many papers and posts on internet forums have commented on the success of turning normal everyday bluetooth USB dongles ($10), into their more powerful counterparts that allow the capturing of packets from the airwaves. These more powerful USB dongles are usually sold at a much higher price ($10,000) together with the software to drive and control these devices. The problems associated with BlueTooth sniffing You cant simply just purchase the dongle with the alternate firmware. There is next to no real opensource packet capture program for the bluetooth protocol. Hardware & Limitations Chipsets: Whats the difference? The chipset of the Bluetooth USB Dongles are very important. Broadcom chipsets are cheap hardware and are deemed unsuitable devices for this paper. But unfortunalty nowadays, every manufacturer seems to prefer putting these chips in their products compared to the more reliable Cambridge Silicon Radio (CSR) chipset. If your lucky enough to find a dongle with a CSR chips...

ALFA-­AWUS036H & ALFA-­AWUS050NH INSTALLING/UPDATING DRIVERS RTL8187, r8187, RT2800usb on UBUNTU

NOTE: For surfing Internet with ALFA-AWUS050NH on Ubuntu Jaunty with rt2870sta driver, you must use the Kernel "2.6.28-11-generic #42-Ubuntu", without change or updates the drivers modules. NOTE: The tutorial is not related to Ubuntu karmic. Driver RTL8187/Stacks-­mac80211 (ref. ALFA-­AWUS036h) ­- These drivers, for surfing Internet, are more stable than r8187, and fully compatible with Network-Manager 0.7 installed by default on Ubuntu 9.04. Network-Manager 0.7 installed by default on Ubuntu 9.04. ­- Supports all encryption without problems. (OPEN, WEP and WPA/WPA2) ­- With Compat-Wireless, the "injection" working, but for support “Fragmentation attack” (opt. -5) you need to install one patch. - The RX sensitivity and packets injection is less, related to drivers r8187. Driver r8187/Stacks-ieee80211 (ref. ALFA-AWUS036h) - This driver is recommended for use with the Suite of Aircrack-ng, but not particularly suitable for Internet connections, as less stable and disc...