19/4/2014 MDK3 Secret Destruction Mode
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode 1/8
Forum Kali Linux Forums Kali Linux General Use MDK3 Secret Destruction Mode
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register linkabove to proceed. To start viewing messages, select the forum that you want to visit from the selection below.
Thread: MDK3 Secret Destruction Mode
User Name Password Log in
Remember Me?
RegisterHelp
What's New?
New Posts FAQ Calendar Forum Actions Quick Links Advanced Search
Results 1 to 10 of 118 Page 1 of 12 1 2 3 11 ... Last
Thread Tools Search Thread Display
12-07-2013, 12:52 AM
How to Reset WPS Lockouts Using MDK3
Use at your own risk! Section 638:17 of the NewHampshire House Bill 495 highlights United Statesrules against wireless hacking. Attempting to and orgaining access to a network that you do not own orhave permission to is STRICTLY forbidden. I amNOT responsible for ANYTHING you do with thisinformation.
The purpose of this guide is to inform users abouthow a router can be exploited to temporarily resetWPS lockouts. This can be useful when using reaverto crack a WPS pin. Keep in mind that this does notwork with every router. It largely depends onhardware. This attack uses MDK3, a set of tools byASPj to overload the target AP with useless data,thus causing it to freeze and reset. Here is how itworks. (Each of these commands are run in aseparate terminal window) and I think you canfigure out the variables here.
#1
Join Date:
Posts:
Jul 2013
175
soxrok2212
Senior Member
Forum
19/4/2014 MDK3 Secret Destruction Mode
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode 2/8
Code:
mdk3 monX a -a xx:xx:xx:xx:xx:xx -m
This floods the target AP with fake clients.
Code:
mdk3 monX m -t xx:xx:xx:xx:xx:xx
This causes Michael failure, stopping all wirelesstraffic. However, this only works if the target APsupports TKIP. (Can be AES+TKIP)
Code:
mdk3 monX d -b blacklist -c X
This keeps a continuous deauth on the network. Ifthis attack does not start, make a blank textdocument in your root folder named blacklist. Leaveit empty as MDK3 automatically populates the list.
Code:
mdk3 monX b -t xx:xx:xx:xx:xx:xx -c X
This floods a bunch of fake APs to any clients inrange (only effective to windows clients and maybesome other devices, Macs are protected againstthis).
You will know when the AP has reset either bychecking with
19/4/2014 MDK3 Secret Destruction Mode
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode 3/8
Code:
wash -i monX -C
or if the target shows channel -1 and MB shows -1in airodump.
Please do NOT use this on a network that is notyours or that you do not have permission to. If theowner finds out that it is you who is attacking theirnetwork, you may end up in serious legal trouble.
Visit ASPj's site as mentioned above for moreinformation.
Preventing the attack
As of now, there is no way to prevent the attackexcept by disabling wireless, buying a high endrouter, or getting an AP that encrypts managementpackets. Deauthentication packets are managementframes which are sent UNENCRYPTED unless youpurchase an AP that supports MFP. You can readmore about this here.
Last edited by soxrok2212; 04-09-2014 at 08:33 PM.
Reply With Quote
12-07-2013, 11:28 AM
This is great!!! we have been looking for a way to reset WPS locked routers remotely and ourteam will be happy to write a script for you however a few questions.
1. You are running the mdk3 a b d and m command lines in four different windows all at the sametime - is this correct?
#2
Join Date:
Posts:
Jul 2013
133
mmusket33
Senior Member
19/4/2014 MDK3 Secret Destruction Mode
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode 4/8
2. Your comment "You can also add -m to the end of this so it uses real mac addresses insteadof 00:00:00:00:00:00."
Does that deal with the "a" attack above OR the "d" attack below
This should be easy to write just airodump-ng and four Eterm terminal windows. We already havea DDOS program written to use with pwnstar that runs the a and g and airodump-ng commands.We will drop all our other projects with easy-cred and focus on this. However be aware that areset WPS router is only going to give you ten keys before it locks up. Anyway we will run sometests and have something back to you in a few weeks. Anything this is better then trying tobrute force a long key.
Again THANKS!!!!!
Musket Team Alpha
Reply With Quote
12-07-2013, 11:41 AM
1- Yes, ultimately you should have a total of 5 windows open at the same time: 1- airodump2- mdk3 a3- mdk3 b4- mdk3 d5- mdk3 m
2- You can add -m after mdk3 a. This will authenticate real mac addresses instead of00:00:00:00:00:00. HOWEVER, with my Alfa AWUS036H, airodump stops working unless I closethe teminal window and rerun the command.
*I updated the tutorial to hopefully solve future questions*
I could also do some testing with you after you guys push out this tool; I'm excited to see whatwe can do!
#3
Join Date:
Posts:
Jul 2013
175
soxrok2212
Senior Member
Last edited by soxrok2212; 12-07-2013 at 01:48 PM.
19/4/2014 MDK3 Secret Destruction Mode
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode 5/8
Reply With Quote
12-09-2013, 07:21 PM
Reference your comment about airodump-ng we know there is an issue with airodump-ng in akali-linux install as airodump-ng will freeze randomly in all our computers occassionally. But theissue is so random we do not know how to even approach the problem.
WE will send you a working copy so you can check the command lines and make suggestions. WEran some tests yesterday but they were inconclusive as it was against a CCMP encrypted router.
#4
Join Date:
Posts:
Jul 2013
133
mmusket33
Senior Member
Reply With Quote
12-09-2013, 07:30 PM
If you would like to send me what you have now, I can run some tests against TKIP...
#5
Join Date:
Posts:
Jul 2013
175
soxrok2212
Senior Member
Last edited by soxrok2212; 12-09-2013 at 07:35 PM.
Reply With Quote
12-10-2013, 02:41 AM
We do not see a way to send you the script. We do not want to post an incompleted script forgeneral use.
#6
Join Date:
Posts:
Jul 2013
133
mmusket33
Senior Member
Reply With Quote
12-10-2013, 12:28 PM
To soxrok2212
The mdk3 part of the script is completed and ready for you to test and correct. We have run itagainst CCMP WPS locked routers. We first turned on the WPS locking by requesting pins. After
#7
Join Date: Jul 2013
mmusket33
Senior Member
19/4/2014 MDK3 Secret Destruction Mode
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode 6/8
ten pins recieved the router locked. We then gave the router a quad blast with mdk3 in fourEterm windows as you suggested. It seems to freeze the router BUT if it reset, the WPS lockingdid not reset with the router. We know that after a power failure all the WPS locking resets tooff in our area.
The airodump-ng problem seems to be related to computer speed. On the same computer usingHD install of kali-linux, airodump-ng would freeze within a minute or two. If reset it would run andthen eventually freeze again. With a 16gb usb persistent install of kali-linux airodump-ng frozewithin seconds.
Your comments concerning the -r command may have merit BUT against the routers in our areasof operation time between pin request and mac codes requesting these pins has no relationshipto the locking. The locking occurs after ten successful pin requests from any source.
The varmacreaver.sh program available for download in these forums was originally developed toexplore time between pin request versus mac codes requesting said pins. We explored thisapproach extensively. However our targets are only one make of router. The program sat on theshelf for six month until we discovered a use for it.
MTA/MTB
Posts: 133
Reply With Quote
12-10-2013, 06:23 PM #8
Join Date:
Posts:
Jul 2013
175
soxrok2212
Senior Member
Originally Posted by mmusket33
To soxrok2212
The mdk3 part of the script is completed and ready for you to test and correct. We have run itagainst CCMP WPS locked routers. We first turned on the WPS locking by requesting pins. After tenpins recieved the router locked. We then gave the router a quad blast with mdk3 in four Etermwindows as you suggested. It seems to freeze the router BUT if it reset, the WPS locking did notreset with the router. We know that after a power failure all the WPS locking resets to off in ourarea.
The airodump-ng problem seems to be related to computer speed. On the same computer usingHD install of kali-linux, airodump-ng would freeze within a minute or two. If reset it would run andthen eventually freeze again. With a 16gb usb persistent install of kali-linux airodump-ng frozewithin seconds.
19/4/2014 MDK3 Secret Destruction Mode
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode 7/8
Ok, send me a private message sometime and I'll give you an email to send the beta to. Goodwork by the way and I'll do some testing.
Your comments concerning the -r command may have merit BUT against the routers in our areasof operation time between pin request and mac codes requesting these pins has no relationship tothe locking. The locking occurs after ten successful pin requests from any source.
The varmacreaver.sh program available for download in these forums was originally developed toexplore time between pin request versus mac codes requesting said pins. We explored thisapproach extensively. However our targets are only one make of router. The program sat on theshelf for six month until we discovered a use for it.
MTA/MTB
Reply With Quote
12-11-2013, 01:09 AM
To soxrok2212We have spent two hours trying to send you the link where you can access the file. We havegiven up. We keep getting error messages. Maybe if you send me a message I can reply back toyou with the link.
#9
Join Date:
Posts:
Jul 2013
133
mmusket33
Senior Member
Reply With Quote
12-11-2013, 02:04 PM
Heres my old e-mail: [email protected]
You can send it there if you'd like.
#10
Join Date:
Posts:
Jul 2013
175
soxrok2212
Senior Member
Originally Posted by mmusket33
To soxrok2212We have spent two hours trying to send you the link where you can access the file. We have givenup. We keep getting error messages. Maybe if you send me a message I can reply back to youwith the link.
19/4/2014 MDK3 Secret Destruction Mode
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode 8/8
-- Default Style
Previous Thread | Next Thread
Contact Us Kali Linux Forums Archive Top
All times are GMT. The time now is 06:00 AM.
*I don't care if it gets spammed because I don't use it*
Last edited by soxrok2212; 12-11-2013 at 02:42 PM.
Reply With Quote
Page 1 of 12 1 2 3 11 ... Last
Quick Navigation Kali Linux General Use Top
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Posting Permissions
BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off
Forum Rules
Top Related