Aireplay Vs Mdk3: Wireless Deauthentication

March 16, 2017 | Views: 18652

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I am pretty sure anyone who has ever tried to hack wireless network should have come across aireplay-ng (one among aircrack-ng suite), very few may have heard about mdk3.

Similar to aireplay-ng , mdk3 can be used to Jam a wireless network exploiting IEEE 802.11 protocol weakness. In this article lets talk on how to use them and jump to some conclusions.

1. Aireplay-ng

syntax : aireplay-ng <options> <replay interface>

Sample Example: aireplay-ng –deauth n -a <MAC of AP> -e <ESSID of AP> -c <Client MAC> <Monitor Interface>

aireplay-ng –deauth 5 -a 00:11:22:33:44:55 -e HackThis -c 1c:65:9d:9e:02:07 wlan0mon

Here :

  • –deauth = <For Attack Mode> In this case for de-authentication ; equivalent to -0
  • n = <Number Of Attack Packets> Here 5 is selected. Sends 5 de-authentication packets.
  • -a = <BSSID or MAC of Access Point> Here lets just say 00:11:22:33:44:55 is the MAC of AP.
  • -e = <ESSID of MAC > Optional ; Lets just say WiFi name is “HackThis”.
  • -c = <MAC of Client connected> Optional ; Works better if you indicate a client with the command.
  • Monitor Interface =  The Interface that you set to monitor mode using airmon-ng ; check status with “iwconfig”

Aireplay-ng works perfect , The de-authetication is quick , you can choose how long to de-authenticate ( 0 for infinity ). But sending one de-authentication packets doesn’t work in most of the cases.

Aireplay simply won’t work for some AP and Client, since it only sends a de-authentication packet, unlike mdk3. This could lead to failure.

lets see what mdk3’s got.

2. Mdk3 

mdk3 which is a software using the osdep library from the aircrack-ng project can do the same thing, but with higher certainty. mdk3 sends both de-authentication as well as de-association packets which make it better at its job.

And mdk3 has lots of options too, good for advanced users.

Syntax : mdk3 <interface> <test_mode> [test_options]

Sample Example : mdk3 <monitor interface > d b <blacklist> -c <channel>

mdk3 wlan0mon d b blacklist.txt -c 6

Here:

  • Monitor Interface =  The Interface that you set to monitor mode using airmon-ng; check status with “iwconfig”
  • d = <Deauthentication / Disassociation Amok Mode> Kicks out everybody found from AP.
  • b = <Test Mode> Becon Flood Mode; Sends beacon frames to show fake APs at clients.
  • blacklist.txt = A file with BSSID of Target network ; simply create it with “echo 00:11:22:33:44:55 > blacklist.txt”
  • c = <Channel> Specify which channel is the AP on. It switches to the specified channel if the interface is on the other channel. (aireplay-ng gives an error if the channel is mismatched)

mdk3 is good, I personally feel mdk3 is better then aireplay-ng, though its de-authentication is slow. But as far as I have tested it on different networks, I have been able to get handshakes easier with mdk3 then aireplay-ng.

Here’s a video which will show you all of it:

Do comment here and share your thoughts.

Happy Hunting

-Invoron

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. God information friend, I have mdk3 but I never knew its use

  2. Thanks! I didn’t know about mdk3. Also, I must say, your computer interface is fascinating! hehe +10

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel