Home 0P3N Blog MDK3 Option B method - Beacon Flood (With proof of working too)
Ready to Start Your Career?
Create Free Account
Kevin Marks profile image
By: Kevin Mark
July 24, 2015

MDK3 Option B method - Beacon Flood (With proof of working too)

By: Kevin Mark
July 24, 2015
Kevin Marks profile image
By: Kevin Mark
July 24, 2015
MDK3 Option B.Option -b means it's a beacon flood, it will send to a target a lots of fake APs, which can crash scanners, drivers and make more harm to a target then you imagine, and can suprise you a lot if you don't take any cauction with this attack.1. airmon-ng start wlan0 ->>>> Should say this " (monitor mode enabled on mon0) " to make sure it's enabled write: airmon-ng2. Type now airodump-ng mon0( You will now see a list with stations, bssid and continued. - You will know about this also if you know about aircrack-ng )3. We are looking for our target under "station" it means it's the computer you want to attack on the network.Make sure you are not taking the BSSID then you have to use the option -a (So make sure you pick the ESSID)4. Now to the attacking part you will be typing following: mdk3 mon0 b -t station/bssid -c channelYou can also choose to send packets each second by typing following: mdk3 mon0 b -t station/bssid -s 360(360 is the packets you want to send each second, you can change that.)And same as always you can stop the attack to ctrl + c(Beside your attack are running -  open a new TAB and write airodump-ng mon0and you see that beacon is growing and data.. )Fake APs: https://i.imgur.com/e7Xkcf4.png - growing beacon and data: http://i.imgur.com/JgCas9Q.jpgUnderstanding beacon flood: https://forums.kali.org/archive/index.php/t-19498.htmlLittle extra.Understanding of options...b   - Beacon Flood ModeSends beacon frames to show fake APs at clients.This can sometimes crash network scanners and even drivers!a   - Authentication DoS modeSends authentication frames to all APs found in range.Too much clients freeze or reset some APs.p   - Basic probing and ESSID Bruteforce modeProbes AP and check for answer, useful for checking if SSID hasbeen correctly decloaked or if AP is in your adaptors sending rangeSSID Bruteforcing is also possible with this test mode.d   - Deauthentication / Disassociation Amok ModeKicks everybody found from APm   - Michael shutdown exploitation (TKIP)Cancels all traffic continuouslyx   - 802.1X testsw   - WIDS/WIPS ConfusionConfuse/Abuse Intrusion Detection and Prevention Systemsf   - MAC filter bruteforce modeThis test uses a list of known client MAC Adresses and tries toauthenticate them to the given AP while dynamically changingits response timeout for best performance. It currently works onlyon APs who deny an open authentication request properlyg   - WPA Downgrade testdeauthenticates Stations and APs sending WPA encrypted packets.With this test you can check if the sysadmin will try setting hisnetwork to WEP or disable encryption.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry