13Riggs Posted March 30, 2021 Share Posted March 30, 2021 Ok I have looked and not found anything so far. I am trying to run a targeted DMK4 Deauthentication and Disassociation attach on only my SSID/MAC. I can run Recon and locate my SSID/MAC and see my associated devices connected to it. I can then deauth each momentarily but they just connect back. I downloaded the DMK4 module and added the SSID/MAC to PineAP SSID Pool. I have PineAP Suite set to active. I then run a DMK4 Deauthentication and Disassociation attack targeting my SSID. However when I run this attack it is hitting other MACs that are not the one I selected. I have checked my network settings and and using to radios that are not in use WLAN0 for input and WLAN2 for output. I obviously have something messed up in this set up or the process I am using. What am I doing wrong? Link to comment Share on other sites More sharing options...
Sgt.Foose Posted March 31, 2021 Share Posted March 31, 2021 I’m also curious how to work with the webend of mdk4 on the pineapple. Any links to videos? running MDK4 from the console works fine but the keyboard on a iPad lacks CTRL-X, arrow keys and more so sucks a bit. Does anybody know how to add multiple MAC addresses in the whitelist? Are these comma separated? Link to comment Share on other sites More sharing options...
chrizree Posted April 1, 2021 Share Posted April 1, 2021 Enable PineAP to get a monitor mode interface. Set the attack mode (using "d" here). Specify input and output interface. The "d" attack mode shouldn't really need two interfaces to be specified, but the module won't start mdk4 unless both are set, use wlan1mon for both. Using a blacklist = just make sure it's in the Mk7 file system somewhere and that it contains relevant MAC addresses for AP(s) to "attack". Add the path to the blacklist on the line in the module GUI. Specify channels to operate on. The Command line in the module GUI "grows" as parameters are set, for example a "full" line could look like: mdk4 wlan1mon wlan1mon d -b /root/mdk4_temp/blacklist.lst -c 1 Then hit "Start" and the "attack" should begin (the Output box at the bottom of the module page will update every 5 seconds). If running ps ax you can see that the mdk4 process has been started in the background. Adding multiple MACs? Not sure, just try different variants. One on each line perhaps... or comma, or semicolon... The SSID list files on the MDK4 GitHub are specified with one SSID per line at least, so perhaps a hint on how to handle MACs as well. Link to comment Share on other sites More sharing options...
Sgt.Foose Posted April 1, 2021 Share Posted April 1, 2021 8 hours ago, chrizree said: Enable PineAP to get a monitor mode interface. Set the attack mode (using "d" here). Specify input and output interface. The "d" attack mode shouldn't really need two interfaces to be specified, but the module won't start mdk4 unless both are set, use wlan1mon for both. Using a blacklist = just make sure it's in the Mk7 file system somewhere and that it contains relevant MAC addresses for AP(s) to "attack". Add the path to the blacklist on the line in the module GUI. Specify channels to operate on. The Command line in the module GUI "grows" as parameters are set, for example a "full" line could look like: mdk4 wlan1mon wlan1mon d -b /root/mdk4_temp/blacklist.lst -c 1 Then hit "Start" and the "attack" should begin (the Output box at the bottom of the module page will update every 5 seconds). If running ps ax you can see that the mdk4 process has been started in the background. Adding multiple MACs? Not sure, just try different variants. One on each line perhaps... or comma, or semicolon... The SSID list files on the MDK4 GitHub are specified with one SSID per line at least, so perhaps a hint on how to handle MACs as well. Very well explained thank you! my Blacklist.txt only contains one Mac but the console output is very weird. Using bssid filtering (-e) the result looks better. Is this a bug? Link to comment Share on other sites More sharing options...
chrizree Posted April 1, 2021 Share Posted April 1, 2021 BSSID isn't -e, is it?! For attack mode "d" it should be -B. What version of mdk4 are you running? Link to comment Share on other sites More sharing options...
Sgt.Foose Posted April 2, 2021 Share Posted April 2, 2021 8 hours ago, chrizree said: BSSID isn't -e, is it?! For attack mode "d" it should be -B. What version of mdk4 are you running? I’m running MDK4.0 v1. MDK4 —help d says -e is valid for mode “d”. Link to comment Share on other sites More sharing options...
chrizree Posted April 2, 2021 Share Posted April 2, 2021 -E, yes, but not -e and with -E you should use an ESSID, i.e. an AP name, not a MAC address Look at this thread on how to "upgrade" mdk4 on the Mk7, it may helphttps://forums.hak5.org/topic/54576-mdk4-on-mark-vii-from-terminal/ Link to comment Share on other sites More sharing options...
Sgt.Foose Posted April 12, 2021 Share Posted April 12, 2021 On 4/2/2021 at 10:55 AM, chrizree said: -E, yes, but not -e and with -E you should use an ESSID, i.e. an AP name, not a MAC address Look at this thread on how to "upgrade" mdk4 on the Mk7, it may helphttps://forums.hak5.org/topic/54576-mdk4-on-mark-vii-from-terminal/ There is also the -S (see picture above). Do you know the difference between -B and -S? I tried: mdk4 wlan1mon wlan1mon d -E SenS But it also throws away my iPhone connected to the Open Wifi of the MK7 and that SSID is "Amadore Guest" (not SenS with MAC 98:9B:CB:F0:39:0B)? (I can see this because my PineAP is in advanced mode (for monitor mode) and has Client Connected and Disconnected notifications enabled. Photo Link to comment Share on other sites More sharing options...
chrizree Posted April 12, 2021 Share Posted April 12, 2021 -S is in the help text of MDK4, it's for attacking a station Link to comment Share on other sites More sharing options...
Sgt.Foose Posted April 13, 2021 Share Posted April 13, 2021 18 hours ago, chrizree said: -S is in the help text of MDK4, it's for attacking a station Thank you for your help. I updated my MDK4 on my MKVIII successful. I also tried mdk4 wlan1mon wlan1mon d -S 00:00:00:00:00:00 (Mac of my AP) and it works perfect. From a noob point of view, can you explain the difference between -B (BSSID) and -S (Station)? Aren't both the same since they both are MAC? Link to comment Share on other sites More sharing options...
chrizree Posted April 13, 2021 Share Posted April 13, 2021 I don't know what the developers of MDK use as reference, but most likely (based on "logic" about how the MDK syntax looks like when -S is used) they probably refer to "wireless clients" in the station perspective. STA (station) could really be an access point as well though in broader terms. Things do not need to be the same just because they all have a MAC address. Everything that is a part of a network today has a MAC address (at least the things we normally interact with, there might be some other types of networks out there still though). Just study the OSI model to see the relation to other "components"/layers when it comes to networking. Info about SSID/ESSID/BSSID can be found in several places, I would advise to base knowledge on known big "actors" in the field (or go for the standards/RFCs) that have relevant information available, such as... https://www.juniper.net/documentation/en_US/junos-space-apps/network-director3.5/topics/concept/wireless-ssid-bssid-essid.html Link to comment Share on other sites More sharing options...
Sgt.Foose Posted April 21, 2021 Share Posted April 21, 2021 I made a simple video for those interested. EDIT: I will update this video a.s.a.p. Link to comment Share on other sites More sharing options...
chrizree Posted April 21, 2021 Share Posted April 21, 2021 At about 19 minutes into the video where the deauth starts it shows another MAC address than the one that the actual AP has. You were commenting on channel hopping or channels at that point, but it's not hopping channels, it's still on channel 8. The thing is that you need to specify the BSSID of the AP as well with the parameter/option -B to only deauthenticate the specified station from the desired AP, for example: mdk4 wlan1mon d -c 8 -B <MAC address of the AP> -S <MAC address of the station/client> Then, at about 21 minutes where you run the mdk command from the Pineapple console, you are going berserk on all APs that uses channel 8, deauthenticating clients on networks where you probably don't have permission to deauthenticate client equipment. Link to comment Share on other sites More sharing options...
Sgt.Foose Posted April 22, 2021 Share Posted April 22, 2021 13 hours ago, chrizree said: At about 19 minutes into the video where the deauth starts it shows another MAC address than the one that the actual AP has. You were commenting on channel hopping or channels at that point, but it's not hopping channels, it's still on channel 8. The thing is that you need to specify the BSSID of the AP as well with the parameter/option -B to only deauthenticate the specified station from the desired AP, for example: mdk4 wlan1mon d -c 8 -B <MAC address of the AP> -S <MAC address of the station/client> Then, at about 21 minutes where you run the mdk command from the Pineapple console, you are going berserk on all APs that uses channel 8, deauthenticating clients on networks where you probably don't have permission to deauthenticate client equipment. Good hint on the -B, I didn't know that. Unfortunately Youtube Editor has no way to make a comment on that afterwards. About the berserk, you are right, I thought I'd copied my original line with the -S and realized it didn't when I seen it all going bad. I will update the video once more with your suggestions in it, thanks for your support! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.