MikroTik Router's 200, 00 vulnerability hacker inject Crypto mining Malware



MikroTik Router's 200, 00 vulnerability hacker inject Crypto mining Malware
Security research proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847) found MikroTik routers more than 200,000 backdoor access to the device version. Malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider MikroTik across the world

What is MikroTik?
According to the official website, MikroTik is a Latvian company which was founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most of the countries around the world. RouterOS is the operating system of most MikroTik devices. The vulnerability affects all versions of RouterOS from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20)

The hacker easy exploiting a vulnerability in the Winbox application of MikroTik router that was discovered in April this year and patched within a day of its discoverySecurity flaw can potentially allow an attacker to gain unauthenticated, remote attacker administrative access to any vulnerable MikroTik router.



Malware campaigns that infected 25,500 and 16,000 MikroTik routers, mainly in Moldova, with malicious crypto currency mining code from infamous CoinHive service. 

Targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than MikroTik routers devices. MikroTik routers are targeted to spread malware. In March this year, a sophisticated APT hacking group exploited unknown vulnerabilities in MikroTik routers to covertly plant spyware into victims' computers.


MikroTik devices. However, the vulnerability which allowed the firm's routers to become crypto currency mining slaves was no zero-day; instead, it is CVE-2018-14847, a known security bug impacting Winbox for MikroTik RouterOS.
Through version 6.42 of the software, remote attackers are able to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID, according to the vulnerability description. 

Vulnerability MikroTik router exploiting PoC WinboxPoC.py ip address target and MAC address they can access to the device. The office github link WinboxPoC.py download python script pentesting os platform Linux os. All versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable. "WARNING EDUCATIONAL PURPOSE ONLY"





















How to use
Note that this script will NOT run with Python2.x. Use only Python 3+
Winbox (TCP/IP)
$ python3 WinboxExploit.py 172.17.17.17
User: admin
Pass: Th3P4ssWord

MAC server Winbox (Layer 2)
You can extract files even if the device doesn't have an IP address :-)
$ python3 MACServerDiscover.py

Looking for Mikrotik devices (MAC servers)
    aa:bb:cc:dd:ee:ff
    aa:bb:cc:dd:ee:aa
$ python3 MACServerExploit.py aa:bb:cc:dd:ee:ff
User: admin
Pass: Th3P4ssWord


















Mitigation Techniques
Update your RouterOS to the last version or Bugfix version
Do not use Winbox and disable it :| it's nothing just a GUI for NooBs ..
you may use some Filter Rules (ACL) to deny anonymous accesses to the Router
ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=drop
Surces page GitHub

Define LAN, MAN, WAN,IP ADDRESS



Define LAN, MAN, WAN,IP ADDRESS

What is IP address?
The internet address (IP address) is 32bits that uniquely and universally defines a host or router on the internet. The portion of the IP address that identifies the network is called net id. The portion of the IP address that identifies the host or router on the network is called host id.

What is Special Public IP?
ISP have provided a specific public IP for you, you have full rights to use and manage this public IP into your network, because this public IP specifically for you and no one can use it. You like given the address or name on the internet to your network. ISP will give you a special price for this.

What is Common Public IP?
ISP is not given special IP address or name to you on the internet, but you still use public IP to be connected to the internet. In this case you will use the public IP together with all clients of your ISP and this public IP fully managed by ISP itself. You like being under their clients network there is no special name for your network.

What is Static Public IP?
Public IP that is used will not be changed because it is not planned to be changed, this public IP can be Special Public IP or Common Public IP as our terms.

What is Dynamic Public IP?
Public IP that always be changed dynamically when you use connect to internet, the changes have ranges as the network mask of the public IP that used by ISP. Same like Static Public IP, it can be Special Public IP or Common

What is Local IP?
Local IP addresses both serve the same purpose, the difference is scope. An external or public IP address is used across the entire Internet to locate computer systems and devices. A local or internal IP address is used inside a private network to locate the computers and devices connected to it.

Define LAN, MAN and WAN.
LAN- A local area network (LAN) is a privately owned and links the devices in a single office, building or campus. It allows resources to be shared between personal computers and work stations. MAN- A metropolitan-area network (MAN) spreads over an entire city. It may be wholly owned and operated by a private company, example local telephone company. WAN – A wide area network (WAN) provides long distance transmission of data, voice, image and video information over large geographic areas that comprise a country, a continent or even whole world.

Nepal Telecom ISP Upgrade System use the FortiGATE firewall



Nepal Telecom ISP Upgrade System use the FortiGATE firewall  

 Just few months ago Nepal Telecom (ISP) internet Service Provider Company upgrade the system & security, use next generation Fort iGATE firewall and network security now is filter the internet using suffer internet. The internet user protect the connection safe the hacker anti phishing our network Communication system. Nepal Telecom maintained system of Nepalese organizations more & more cyber criminals are targeting Nepal cyberspace to get focus security system. 


 Nepal Telecom last few years ago dozen of the attack the anonymous hacker group has claimed to have breach the Nepal Telecom ADSL server, and have gained access to user's Wi-Fi SSID and password more than 43700 router is vulnerability found NTC's server was hacked last months, a group called Anonymous opnep gained access to all the details of NTC user that include username, citizenship name, father's name as well as other private information which you have to fill up during new SIM card registration.
The Fort iGATE firewall feature consolidated security platforms deliver unmatched performance and protection while simplifying your network. Fortinet offers models to satisfy any deployment requirement from the FortiGate-30 series for small offices to the FortiGate-5000 series for very large enterprises, service providers and carriers.
Fort iGATE platforms combine the FortiOS security operating system with Forti AISIC processors and latest-generation CPUs to other hardware to provide a comprehensive, high-performance security. Each Fort iGATE includes the widest range of security and networking functions on the market, including:

Firewall, VPN, and Traffic shaping
Intrusion Prevention (IPS)
Antivirus/Antispyware/Antimalware
Integrated wireless controller
Application Control
IPv6 Support
Data Leak Prevention
Secure WI-FI
Web Filtering
Antispam
VoIP Support
Layer 2/3 routing
WAN Optimization & Web Caching
 This example describes how to improve the reliability of a network connection using two ISPs. The example includes the configuration of equal cost multi-path load balancing, which efficiently distributes sessions to both Internet connections without overloading either connection
Create a security policy for the primary interface connecting to the ISPs and the internal network. Create a security policy for each interface connecting to the ISPs and the internal network


How to know RJ-45 jack color codes Female port clamping network tips



How to know RJ-45 jack color codes Female port clamping network tips

Network router and switch are female port diagram may be the four cable working our network note this one, another cable not using ports. Registered Jack 45 (RJ45) is a standard type of physical connector for network cables. 
(RJ45) connectors are most commonly seen with Ethernet cables and networks. Modern Ethernet cables feature small plastic plugs on each end that are inserted into the( RJ45) jacks of Ethernet devices
Layout the (RJ-45) format console port male pin out showing down below tables:

RTS 1 PIN
Request to Send
DTR 2 PIN
Ready Out
TXD 3 PIN
Data Out
GND 4 PIN
Ground
GND 5 PIN
Ground
RXD 6 PIN
Data in
DCD 7 PIN
Carrier Detect
CTS 8 PIN
Clear to Send

The table's string-Through cable and crossover cable show down below:
 (RJ-45) jack male color codes two tables and Figure example network tester device:



String- Through cable
Crossover Cable
1. White/Orange
1. White/Green
2. Orange
2. Green
3. White/Green
3. White/Orange
4. Blue
4. Blue
5. White/Blue
5. White/Blue
6. Green
6. Orange
7. White/Brown
7. White/Brown
8. Brown
8. Brown

Second step crossover cable & Straight-Through Cable to the tables down below this topology to the network stranded networking straight-Through cable and Crossover Cable 

Straight-Through Cable

Crossover Cable
Switch + Router

Switch + Switch
Switch + PC

Switch + Hub
Switch + Server

Hub + Hub
Hub + PC

Router + Router
Hub + Server

Router + PC
Hub + Router

PC + PC

When I check network tester RJ-45 & RJ-11 remote and master tips its easy find out fault to the wire Straight-Through LED light indication diagram down below

Maximum length 10/100/1000BASE-T, the maximum allowed length of a CAT-6 cable is100 meters or 328 feet. This consists of 90 meters (300 ft) of solid "horizontal" cabling between the patch panel and the wall jack, plus 10 meters (33 ft) of stranded patch cable between each jack and the attached device
Maximum length a CAT-5 cable can have is 100 meters. In the case you require a cable longer than 100 meters, you need to install a simple repeater I.E. a hub, or a switch, which will allow you to extend the total length.

How to remove KMSpico Malware from your computer



How to remove KMSpico Malware from your computer?

KMSPico Description (Malware)

KMSPico is any malicious computer program created by cyber hacker to hack into a computer through misleading users. It spread by some form of social engineering, alike e-mail attachment, bundled with third party application or lurks inside PC through sharing data in open network. Do lots of malicious activities into targeted as:

Although KMSPico malware is not destructive itself, the majority of websites which provide its download link are untrustworthy and seek to spread malware. However, there is nothing more to expect from sites that present an illegal program.

That is not a commendable behavior; however, cyber criminals aim to exploit users who seek to obtain paid software for free. Therefore, they infect most requested computer programs with harmful components, such as Trojans or worms, or less-harmful threats like adware. It was noticed that KMSPico virus frequently promotes adware programs, and that is why some security researchers name this dangerous program as KMSPico adware





Normally, the network administrators would contact KMS servers through the Remote Procedure Call and then activate the desired services. The KMSpico creators offer to replace the existing key with a new volume license key and activate the services without having to connect to this KMS server.

Bring modification into Windows registry.
Help Spammers via opening system backdoor etc.
KMSPico Intrusion Methods
As malicious attachment via Spam emails.
By drive-by download.
Sharing data in open network.
Visits to infected websites, torrents.
Clicks to suspicious ads, offers and text-links.
Other social engineering scam etc.
Harmful Impacts of KMSPico  
Crashing the computer or device
Spreading other malware across the network.
Use computer as part of a botnet.
Able to format disks, destroying all contents.
Degraded PC performance and internet speed.
Opens backdoor of cyber crook to access PC.
Spy you’re online activates to record information.

Step By step guide to remove Trojan so hold shift key while choosing option. Restart the windows system. After the system reboot a blue screen papers, now choose troubleshoot option.

Now click on advanced option next from available options of advance option menu, go for startup setting. Now list will appear title restart to change windows options, click on restart button at bottom right corner. 
Take help keys form F1 to F9 you select your desired option of startup settings, once advanced boot options appear go to the safe mode with networking. Press enter key when open safe mode interface then kill malicious KMSPico processes from task manager press Ctrl+ Alt + Del keys together on your keyboard. Now in the processes tab look for any suspicious running process and click on it. Further click end task terminate the malicious process.

Next step clean malicious registry entries made by KMSPico Trojan and tap and hold windows + R keys together search suspicious entries related related with KMSPico. Right click on it > select delete option from there, once startup appear press F6 key to choose safe Mode along with command prompt option.
It is the easiest and fastest way to clean your computer from threats and potentially unwanted programs. In case you just want to remove KMSPico, delete the following files and folders from your computer:
§  AutoPico.exe
§  Service_KMS.exe
§  unins000.exe
§  KMSELDI.exe
§  UninsHs.exe
§  tap-windows-9.21.0.exe

You can also perform Clean Boot. You need to turn off all the startup programs that may be the reason why the program won’t uninstall.
  • Press Windows + R;
  • In the Run window type msconfig;
  • Choose Services section;
  • Find Hide all Microsoft services line, tick the box;
  • The click Disable all;
  • Return back to General section;
  • Find the line Selective startup and untick the box Load startup items;
  • Select Apply, then OK;
  • Reboot your PC;
  • Remove KMSpico from Control Panel.




Nepal Telecom running a SIM card today is 12 hours every day to give everyone a 500 bonus


Nepal Telecom running a SIM card today is 12 hours every day to give everyone a 500 bonus

Kathmandu, Dec. 6 - Nepal Telecom has provided various types of 'Winter Offers' for the winter season. The aforementioned statement has been made from Friday till it has been held till 21st. The Company has also provided data streaming packages with various types of data packages and bonuses. Data streaming packages can be used to watch TV via YouTube and Watch time apps.
1. Winter all time data packs can be used on the JESM prepaid & postpaid and Sydney prepaid and postpaid mobile.
25 MB Data Stripping Pack has been provided as a bonus for 25 hours for consuming 24 hours for consuming three hours and one consecutive day for 12 days under the event of Al-Qaeda's data. In the same way, 150 MB data stripping pack has been provided as a bonus for 150 megawatts and to be consumed for 3 days for 14 days for consumption of 14 days.
500 MB stripping packs have been provided as a bonus for consuming 500 MB data and 5 days for the purpose of consuming a maximum of 120 hours in 120 rupees. To take this pack, you must send SMS in WIN25MB, WIN150MB or WIN500MB by 1415.
2. Winter Night Data Packs can be used on the Geos map Prepaid & postpaid and prepaid and postpaid mobile phone data pack. This pack can only be used just before 6:00 pm at 6pm. Data stripping packs provided as bonuses can also be used at this time.
120 MB Data Strengthening Pack has been provided as a bonus for consuming 120 MB data and one day for consuming three days under Win Night Pack.
Similarly, 700 MB data streaming packages have been provided as bonuses for consuming 700 MB data and 3 days for consuming up to 60 days. 1600 to be available for 120 days in 120 rupees
1600 MB Data Strengthening Pack has been provided as a bonus for consuming MB data and up to 7 days. To send this pack, you must send WN120MB, WN700MB or WN1600MB to SMS in 1415.
3. Winter Facebook, Instagram Packaging JSM prepaid / postpaid and prepaid / postpaid mobile on-line Facebook and Instagram data packet can be used.
Within Facebook, Instagram data packs, 50 MB data streaming packages have been provided for consuming 50 MB data and one day for one day for three hours in three rupees for three days.
Likewise, 275 MB data streaming pack has been provided as a bonus for 274 MB data and one day to consume it for four hours for four hours in four days.
600 MB data stripping pack has been provided as a bonus, which can be used to consume 600 MB data and 5 days for the purpose of consuming four hours a day in 120 rupees.
To take this pack, you must send SMS in W15, WF275MB or WF600MB by writing 1415.
4. SMS packs can be used on SMS Pack JISM prepaid / postpaid and Sydneya prepaid postpaid mobile phone. Under this pack, 50 SMSs and 50 bonus SMSs have been made available for consuming up to 10 days for 5 days. In this way, 100 sms can be made in 10 rupees. SMS should be sent by SMS100 to send SMS to 1415.