*This thread is under construction*- Be responsible with whatever is cooked up in this thread. Nobody here is going to be responsible for any trouble you get into if you choose to be stupid with this stuff.
Hello friends. Chef soxrok2212 is in the kitchen again, looking to cook up a new way to force an AP to reboot remotely. Over the course of the past few months, following all the Pixie Dust developments, I figured finding a new way to remotely reboot APs would be a huge improvement over the depreciated MDK3, as it is not very effective on newer hardware. Here are some of the proposed ideas (from myself and a few other members).
1- Invalid SSID Character Attack
-Thanks to a Musket Developer, the community now has a modified version of MDK3! This version features a new test mode "t" where it sends a user specified amount of invalid probe requests to an AP.
-The hope here is that the AP will get confused and use those "Self Healing" features and just do a reboot. I have tested briefly on some newer hardware, and while I wasn't able to completely crash anything, it pretty much killed everything. On older hardware, I suspect that this will work.
-You can download mdk3-master here
Install Instructions
UsageCode:cd /mdk3-master make sudo make install
-All other stranded MDK3 options are included as wellCode:t - Probe Request Tests (mod-musket) mdk3 <mon> t <channel> <bssid AP> <frames/sec>
-Please leave a comment if you are successful!
*Strangely enough, after I had suggested this idea a few weeks ago, a new flaw was found in P2P devices which does essentially what I was thinking of (though it is used for a different application)*
2- WPS M2 Exploit
-Datahead has been testing this new method, where we basically send a bunch of M2 messages (yes, the M2 messages in a WPS exchange.)
-What needs to be done, is we need to associate with the AP, (either through Reaver or aireplay-ng, etc) and then generate and flood M2 packets that can even be made with random data.
3- QOS-TKIP Inject
-There has been a lot of stir over semi-recent WPA-TKIP attacks, specifically the Beck-Tews, or the newer Ohigashi-Morii attack. Basically, we are able to recover the MIC key and some other small components which allows up to inject arbitrary data into a network supporting TKIP, and I'm wondering if we can trigger the network to reset with that data. It seems promising since simply trying 2 invalid MIC keys within 60 seconds locks all wireless traffic on the AP for 60? seconds, so maybe we can incorporate something new. I'm not 100% familiar with the attack in details, but I'm looking into it.
4- The Infamous MDK3 Secret Destruction Mode Attack
-This method has been depreciated since most newer hardware is invulnerable. Check it out here
