I am pretty sure anyone who has ever tried to hack wireless network should have come across aireplay-ng (one among aircrack-ng suite), very few may have heard about mdk3. Similar to aireplay-ng, mdk3 can be used to Jam a wireless network exploiting IEEE 802.11 protocol weakness. In this article lets talk on how to use them and jump to some conclusions.1. Aireplay-ngsyntax : aireplay-ng <options><replay interface>Sample Example: aireplay-ng --deauth n -a <MAC of AP> -e <ESSID of AP> -c <Client MAC><Monitor Interface>aireplay-ng --deauth 5 -a 00:11:22:33:44:55 -e HackThis -c 1c:65:9d:9e:02:07 wlan0monHere :
- --deauth = <For Attack Mode> In this case for de-authentication ; equivalent to -0
- n = <Number Of Attack Packets> Here 5 is selected. Sends 5 de-authentication packets.
- -a = <BSSID or MAC of Access Point> Here lets just say 00:11:22:33:44:55 is the MAC of AP.
- -e = <ESSID of MAC > Optional ; Lets just say WiFi name is "HackThis".
- -c = <MAC of Client connected> Optional ; Works better if you indicate a client with the command.
- Monitor Interface = The Interface that you set to monitor mode using airmon-ng ; check status with "iwconfig"
Aireplay-ng works perfect , The de-authetication is quick , you can choose how long to de-authenticate ( 0 for infinity ). But sending one de-authentication packets doesn't work in most of the cases.Aireplay simply won't work for some AP and Client, since it only sends a de-authentication packet, unlike mdk3. This could lead to failure.lets see what mdk3's got.2. Mdk3 mdk3 which is a software using the osdep library from the aircrack-ng project can do the same thing, but with higher certainty. mdk3 sends both de-authentication as well as de-association packets which make it better at its job.And mdk3 has lots of options too, good for advanced users.Syntax : mdk3 <interface><test_mode> [test_options]Sample Example : mdk3 <monitor interface > d b <blacklist> -c <channel>mdk3 wlan0mon d b blacklist.txt -c 6Here:
- Monitor Interface = The Interface that you set to monitor mode using airmon-ng; check status with "iwconfig"
- d = <Deauthentication / Disassociation Amok Mode> Kicks out everybody found from AP.
- b = <Test Mode> Becon Flood Mode; Sends beacon frames to show fake APs at clients.
- blacklist.txt = A file with BSSID of Target network ; simply create it with "echo 00:11:22:33:44:55 > blacklist.txt"
- c = <Channel> Specify which channel is the AP on. It switches to the specified channel if the interface is on the other channel. (aireplay-ng gives an error if the channel is mismatched)
mdk3 is good, I personally feel mdk3 is better then aireplay-ng, though its de-authentication is slow. But as far as I have tested it on different networks, I have been able to get handshakes easier with mdk3 then aireplay-ng.Here's a video which will show you all of it:
Do comment here and share your thoughts.Happy Hunting-Invoron