HACKING PART ALL top 10 part see..
đĄ️
Ethical Hacking āĻ¸িāĻ°িāĻ
āĻļুāĻ°ু āĻĨেāĻে āĻĒ্āĻ°্āĻ¯াāĻāĻিāĻাāĻ˛ āĻĒāĻ°্āĻ¯āĻ¨্āĻ¤—āĻāĻāĻ¨ āĻŽেāĻ¨ে, āĻ
āĻ¨ুāĻŽāĻ¤ি āĻ¨িāĻ¯়ে।
āĻĒাāĻ°্āĻ ā§§: Ethical Hacking āĻী? āĻেāĻ¨ āĻāĻ°ুāĻ°ি?
"āĻš্āĻ¯াāĻিং" āĻļāĻŦ্āĻĻāĻি āĻ¨িāĻ¯়ে āĻুāĻ˛ āĻ§াāĻ°āĻŖা āĻĻূāĻ° āĻāĻ°া āĻāĻ°ুāĻ°ি। Ethical Hacking āĻšāĻ˛ো āĻ āĻ¨ুāĻŽāĻ¤ি āĻ¨িāĻ¯়ে āĻ¸িāĻ¸্āĻেāĻŽ/āĻ¨েāĻāĻāĻ¯়াāĻ°্āĻ/āĻāĻ¯়েāĻŦ āĻ ্āĻ¯াāĻĒেāĻ° āĻĻুāĻ°্āĻŦāĻ˛āĻ¤া āĻুঁāĻে āĻŦেāĻ° āĻāĻ°ে āĻ°িāĻĒোāĻ°্āĻ āĻāĻ°া—āĻ¯াāĻ¤ে āĻ¸িāĻ¸্āĻেāĻŽ āĻāĻ°āĻ āĻ¨িāĻ°াāĻĒāĻĻ āĻšāĻ¯়।
✅ āĻ
āĻ¨ুāĻŽāĻ¤িāĻ¸āĻš āĻেāĻ¸্āĻ
𧞠āĻĻাāĻ¯়িāĻ¤্āĻŦāĻļীāĻ˛ āĻ°িāĻĒোāĻ°্āĻিং
đ āĻāĻāĻ¨েāĻ° āĻ
āĻ¨ুāĻāĻ¤
āĻ¯াāĻ° āĻ¯া āĻ˛াāĻāĻŦে: āĻŦেāĻ¸িāĻ āĻ¨েāĻāĻāĻ¯়াāĻ°্āĻিং, āĻĒ্āĻ°োāĻ্āĻ°াāĻŽিং (Python/Bash/JS), āĻāĻŦং āĻুāĻ˛āĻ¸ (Nmap, Wireshark, Metasploit āĻāĻ¤্āĻ¯াāĻĻি) āĻŦ্āĻ¯āĻŦāĻšাāĻ°েāĻ° āĻĻāĻ্āĻˇāĻ¤া।
āĻেāĻ¨ āĻļিāĻāĻŦে?
- đ āĻ¸াāĻāĻŦাāĻ° āĻ¨িāĻ°াāĻĒāĻ¤্āĻ¤া āĻŦাāĻĄ়াāĻ¤ে
- đŧ āĻাāĻ˛ো āĻ্āĻ¯াāĻ°িāĻ¯়াāĻ° āĻ¸ুāĻ¯োāĻ
- đ¯ āĻ¨িāĻেāĻ° āĻ ্āĻ¯াāĻাāĻāĻ¨্āĻ/āĻĄিāĻাāĻāĻ¸ āĻ¸ুāĻ°āĻ্āĻˇিāĻ¤ āĻ°াāĻāĻ¤ে
āĻĒাāĻ°্āĻ ā§¨: āĻĒāĻ°িāĻŦেāĻļ āĻĒ্āĻ°āĻ¸্āĻ¤ুāĻ¤ি — Termux & Pydroid3
# Termux āĻ¸্āĻোāĻ°েāĻ āĻĒাāĻ°āĻŽিāĻļāĻ¨
termux-setup-storage
āĻāĻĒāĻĄেāĻ/āĻāĻĒāĻ্āĻ°েāĻĄ
pkg update && pkg upgrade -y
āĻĒ্āĻ°াāĻĨāĻŽিāĻ āĻুāĻ˛āĻ¸
pkg install python git nano -y pip install --upgrade pip
āĻ
āĻ¤িāĻ°িāĻ্āĻ¤ āĻ°েāĻĒো (āĻĒ্āĻ°āĻ¯়োāĻāĻ¨ে)
pkg install root-repo unstable-repo
āĻাāĻ°্āĻ¸āĻ¨ āĻ¯াāĻাāĻ
python --version git --version āĻিāĻĒāĻ¸: āĻĒ্āĻ°āĻ¯়োāĻāĻ¨ে pkg clean āĻĻিāĻ¯়ে āĻ্āĻ¯াāĻļ āĻ্āĻ˛িāĻ¯়াāĻ° āĻāĻ°ুāĻ¨; Python āĻাāĻ°্āĻুāĻ¯়াāĻ˛ āĻāĻ¨āĻাāĻ¯়āĻ°āĻ¨āĻŽেāĻ¨্āĻ āĻŦ্āĻ¯āĻŦāĻšাāĻ° āĻāĻ°āĻ˛ে āĻĄিāĻĒেāĻ¨āĻĄেāĻ¨্āĻ¸ি āĻāĻ˛াāĻĻা āĻĨাāĻে।
āĻĒাāĻ°্āĻ ā§Š: Linux/Termux āĻāĻŽাāĻ¨্āĻĄ āĻŦেāĻ¸িāĻ
# āĻĢাāĻāĻ˛/āĻĄিāĻ°েāĻ্āĻāĻ°ি
ls -la cd storage/shared pwd mkdir recon_lab rm -r old_folder
āĻāĻĄিāĻāĻ°
nano script.py vim notes.txt
āĻĒাāĻ°āĻŽিāĻļāĻ¨/āĻ°াāĻ¨
ls -l chmod +x run.sh ./run.sh python3 script.py
āĻĒ্āĻ¯াāĻেāĻ āĻŽ্āĻ¯াāĻ¨েāĻাāĻ°
pkg install nmap pkg update && pkg upgrade pip install requests beautifulsoup4 pip list āĻĒাāĻ°্āĻ ā§Ē: Footprinting & Reconnaissance
Passive OSINT āĻĨেāĻে āĻļুāĻ°ু āĻāĻ°ে Active āĻ¸্āĻ্āĻ¯াāĻ¨—āĻ¸āĻŦāĻিāĻুāĻ āĻļুāĻ§ু āĻ āĻ¨ুāĻŽোāĻĻিāĻ¤ āĻাāĻ°্āĻেāĻে!
# WHOIS
whois example.com
DNS āĻ°েāĻāĻ°্āĻĄāĻ¸ (āĻĒ্āĻ°āĻĨāĻŽে dnsutils āĻāĻ¨āĻ¸্āĻāĻ˛)
pkg install dnsutils dig example.com ANY +noall +answer
theHarvester (āĻāĻŽেāĻāĻ˛/āĻ¸াāĻŦāĻĄোāĻŽেāĻāĻ¨)
pip install theharvester theharvester -d example.com -b google -l 200
Sublist3r / Amass
pip install sublist3r sublist3r -d example.com -o subs.txt pkg install amass amass enum --passive -d example.com -o amass_subs.txt
Active Recon
nmap -sn 192.168.1.0/24 pkg install inetutils traceroute example.com nmap -sV -p 80,443 example.com āĻĒাāĻ°্āĻ ā§Ģ: Scanning & Enumeration
# Nmap āĻŦেāĻ¸িāĻ
nmap -p- target.com nmap -sC -sV target.com nmap -A target.com nmap -p 22,80,443,3306 target.com
NSE
ls /data/data/com.termux/files/usr/share/nmap/scripts/ nmap --script http-vuln* -p80,443 target.com nmap --script smb-enum* -p445 target.com
Enumeration āĻুāĻ˛āĻ¸
pkg install enum4linux enum4linux -a 192.168.1.10 pkg install snmp snmpwalk -v1 -c public 192.168.1.10 rpcclient -U "" 192.168.1.10 āĻĒাāĻ°্āĻ ā§Ŧ: Vulnerability Analysis
āĻ āĻোāĻŽেāĻļāĻ¨ + āĻŽ্āĻ¯াāĻ¨ুāĻ¯়াāĻ˛ āĻেāĻ¸্āĻ = āĻļāĻ্āĻ¤িāĻļাāĻ˛ী āĻāĻ˛āĻ¨াāĻ°েāĻŦিāĻ˛িāĻি āĻ ্āĻ¯াāĻ¸েāĻ¸āĻŽেāĻ¨্āĻ।
# Nikto (āĻāĻ¯়েāĻŦ āĻ¸াāĻ°্āĻাāĻ° āĻ¸্āĻ্āĻ¯াāĻ¨)
pkg install nikto nikto -h http://target.com -o nikto_report.txt
wfuzz (āĻĄিāĻ°েāĻ্āĻāĻ°ি āĻĢাāĻিং)
pip install wfuzz wfuzz -c -z file,/usr/share/wordlists/dirb/common.txt --hc 404
http://target.com/FUZZ | tee wfuzz_report.txt āĻ¨িāĻ°্āĻĻেāĻļāĻ¨া: CVE/NVD āĻĻেāĻে āĻুঁāĻিāĻ° āĻŽাāĻ¤্āĻ°া (CVSS) āĻŦোāĻো āĻāĻŦং āĻ°িāĻŽেāĻĄিāĻ¯়েāĻļāĻ¨ āĻ˛িāĻে āĻ°াāĻো।
āĻĒাāĻ°্āĻ ā§: āĻ¸েāĻĢ āĻ˛্āĻ¯াāĻŦ (āĻ¨িāĻ°াāĻĒāĻĻ āĻŦিāĻāĻ˛্āĻĒ)
āĻāĻĒāĻ¨াāĻ° āĻĻেāĻ¯়া "Sample Virus Creation" āĻ āĻ¨ুāĻ°োāĻ§āĻি āĻুঁāĻিāĻĒূāĻ°্āĻŖ āĻšāĻāĻ¯়াāĻ¯় āĻāĻাāĻ¨ে āĻāĻāĻি āĻ¨িāĻ°াāĻĒāĻĻ āĻŦিāĻāĻ˛্āĻĒ āĻ¯োāĻ āĻāĻ°া āĻšāĻ¯়েāĻে—āĻ¯াāĻ¤ে āĻোāĻ¨ো āĻ্āĻˇāĻ¤ি āĻ¨া āĻāĻ°ে āĻļেāĻা āĻ¯াāĻ¯়।
- ✔️ File Monitoring: āĻāĻāĻি āĻĄিāĻ°েāĻ্āĻāĻ°িāĻ¤ে āĻ¨āĻ¤ুāĻ¨/āĻĒāĻ°িāĻŦāĻ°্āĻ¤িāĻ¤ āĻĢাāĻāĻ˛ āĻ˛োāĻ āĻāĻ°া
- ✔️ Backup & Restore: āĻĢাāĻāĻ˛ āĻāĻĒি, āĻš্āĻ¯াāĻļ āĻ¯াāĻাāĻ, āĻ্āĻ˛িāĻ¨āĻāĻĒ
- ✔️ Startup Message (Local App Only): āĻāĻ¨āĻ¸োāĻ˛ে āĻ¸্āĻŦাāĻāĻ¤āĻŽ āĻŦাāĻ°্āĻ¤া (āĻ¸িāĻ¸্āĻেāĻŽ āĻāĻ¨āĻĢিāĻ āĻ¨া āĻুঁāĻ¯়ে)
"""
āĻ¸েāĻĢ āĻ˛্āĻ¯াāĻŦ āĻ¸্āĻ্āĻ°িāĻĒ্āĻ: āĻোāĻ¨ো āĻ¸িāĻ¸্āĻেāĻŽ-āĻĢাāĻāĻ˛ āĻĒāĻ°িāĻŦāĻ°্āĻ¤āĻ¨ āĻāĻ°ে āĻ¨া। āĻļুāĻ§ু āĻāĻāĻি āĻ˛্āĻ¯াāĻŦ āĻĢোāĻ˛্āĻĄাāĻ°ে āĻাāĻ āĻāĻ°ে āĻāĻŦং āĻ°িāĻŽুāĻেāĻŦāĻ˛। """ import hashlib, os, shutil, time
LAB = "safe_lab" os.makedirs(LAB, exist_ok=True)
1) Backup & Verify
def sha256(p): h = hashlib.sha256() with open(p,'rb') as f: for ch in iter(lambda: f.read(8192), b''): h.update(ch) return h.hexdigest()
src = os.path.join(LAB, "sample.txt") with open(src, 'w', encoding='utf-8') as f: f.write("demo data\n")
bkp = os.path.join(LAB, "sample.txt.bak") shutil.copy(src, bkp) print("✓ āĻŦ্āĻ¯াāĻāĻāĻĒ āĻ¤ৈāĻ°ি:", bkp) print("✓ āĻš্āĻ¯াāĻļ āĻ¯াāĻাāĻ:", sha256(src) == sha256(bkp))
2) Directory Monitor (polling)
print("Watching for changes in:", LAB) base = {f: os.path.getmtime(os.path.join(LAB,f)) for f in os.listdir(LAB)} for _ in range(3): # āĻোāĻ āĻĄেāĻŽো time.sleep(1) now = {f: os.path.getmtime(os.path.join(LAB,f)) for f in os.listdir(LAB)} added = set(now) - set(base) changed = {f for f in now if f in base and now[f] != base[f]} for f in added: print("+ added:", f) for f in changed: print("~ changed:", f) base = now
3) Cleanup (optional)
os.remove(bkp) print("✓ āĻ্āĻ˛িāĻ¨āĻāĻĒ āĻ¸āĻŽ্āĻĒāĻ¨্āĻ¨") āĻেāĻ¨ āĻāĻ āĻŦিāĻāĻ˛্āĻĒ? āĻ¸িāĻিāĻāĻ°িāĻি āĻļেāĻা āĻŽাāĻ¨ে āĻ¸িāĻ¸্āĻেāĻŽেāĻ° āĻāĻĒāĻ° āĻĻাāĻ¯়িāĻ¤্āĻŦāĻļীāĻ˛ āĻĒāĻ°ীāĻ্āĻˇা—āĻ্āĻˇāĻ¤ি āĻাāĻĄ়া āĻĢāĻ˛াāĻĢāĻ˛ āĻ
āĻ¨ুāĻļীāĻ˛āĻ¨।
āĻĒাāĻ°্āĻ ā§Ž: Web Architecture & HTTP/HTTPS āĻĢ্āĻ˛ো
# curl āĻĻিāĻ¯়ে GET/POST
curl -i http://127.0.0.1:5000/hello curl -i -X POST -d "user=Md&msg=Hi" http://127.0.0.1:5000/hello
mitmproxy (āĻļুāĻ§ু āĻ¨িāĻেāĻ° āĻ˛্āĻ¯াāĻŦ āĻ্āĻ°াāĻĢিāĻেāĻ° āĻāĻ¨্āĻ¯)
pip install mitmproxy mitmproxy --showhost Simple Flask āĻĄেāĻŽো (āĻļিāĻ্āĻˇাāĻŽূāĻ˛āĻ)
from flask import Flask, request, make_response app = Flask(name)
@app.route('/hello', methods=['GET','POST']) def hello(): user = request.values.get('user','Guest') resp = make_response(f"Hello, {user}!") resp.set_cookie('sessionid','abc123', httponly=True) return resp
if name == 'main': app.run(host='0.0.0.0', port=5000) āĻĒাāĻ°্āĻ ā§¯: OWASP Top 10 āĻĒāĻ°িāĻিāĻ¤ি
āĻ¸āĻŦāĻেāĻ¯়ে āĻĒ্āĻ°āĻāĻ˛িāĻ¤ ā§§ā§ĻāĻি āĻāĻ¯়েāĻŦ āĻĻুāĻ°্āĻŦāĻ˛āĻ¤া—āĻāĻĻাāĻšāĻ°āĻŖ, āĻĒ্āĻ°āĻাāĻŦ āĻ āĻĒ্āĻ°āĻ¤িāĻাāĻ° āĻ¸ংāĻ্āĻˇিāĻĒ্āĻ¤āĻাāĻŦে:
- Injection → Prepared Statements, Input Validation
- Broken Authentication → MFA, āĻ¸েāĻļāĻ¨ āĻŽ্āĻ¯াāĻ¨েāĻāĻŽেāĻ¨্āĻ
- Sensitive Data Exposure → HTTPS/TLS, At-Rest Encryption
- XXE → āĻ¨িāĻ°াāĻĒāĻĻ XML Parsers
- Broken Access Control → RBAC, Server-side Checks
- Security Misconfiguration → Hardened Config, Audit
- XSS → Output Encoding, CSP
- Insecure Deserialization → Integrity Checks
- Known Vulns → āĻ¨িāĻ¯়āĻŽিāĻ¤ āĻāĻĒāĻĄেāĻ
- Insufficient Logging → Centralized Logging & Alerting
āĻĒ্āĻ°্āĻ¯াāĻāĻিāĻ¸েāĻ° āĻāĻ¨্āĻ¯: OWASP Juice Shop (āĻ¨িāĻ āĻ˛্āĻ¯াāĻŦ āĻĒāĻ°িāĻŦেāĻļে)।
āĻĒাāĻ°্āĻ ā§§ā§Ļ: SQL Injection (āĻļিāĻ্āĻˇাāĻŽূāĻ˛āĻ)
āĻ§āĻ°āĻ¨: Error/Union, Blind (Boolean/Time), Out-of-band। āĻĒ্āĻ°āĻ¤িāĻাāĻ°: Parameterized Query, ORM, Input Validation, WAF।
# SQLMap (āĻ
āĻ¨ুāĻŽোāĻĻিāĻ¤ āĻ˛্āĻ¯াāĻŦ āĻাāĻ°্āĻেāĻে)
sqlmap -u "http://target.local/vuln.php?id=1" --batch --dbs āĻ¸āĻ¤āĻ°্āĻāĻ¤া: āĻ¸āĻ°্āĻŦāĻĻা āĻেāĻŦāĻ˛āĻŽাāĻ¤্āĻ° āĻāĻĒāĻ¨াāĻ° āĻ
āĻ¨ুāĻŽোāĻĻিāĻ¤ āĻ¸্āĻোāĻĒে āĻেāĻ¸্āĻ āĻāĻ°ুāĻ¨।
Comments
Post a Comment