Jump to content

terembura

Members
  • Content Count

    13
  • Joined

  • Last visited

  • Days Won

    4

terembura last won the day on May 10 2019

terembura had the most liked content!

Community Reputation

103 Excellent

About terembura

  • Rank
    Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

72 profile views
  1. would be interested as well knowing if any of these are still valid. I did put up a GB to get latest not sure if there's interest. If anyone has taken it recently please do share feedback.
  2. updated original post with updated link
  3. Because the script is downloading from attackers server. you are executing the command on victims device which is downloading the script from attackers device
  4. my feedback when i took the exam First found out Router(victim) and Attacker IPs. Filters used: a. http.request.method==GET (source IP in GET request is Victim's IP) In my case: Victim: 10.1.1.2, Attacker: 10.1.1.1 Q1: Select 4 options: Selected these options: 1. TCP connection from router to 10.1.1.1 2. TCP connection from remote host to router's IP 10.1.1.2 on port 1337. 3. Download of script in memory via HTTP 4. Installment of ransomware via backdoor. Q2. Select command which can cause system meltdown: In my case answer was "r" letter (not sudo poweroff) Method to check the command: 1. IN packet capture, use filter tcp.port==1337 2. select first SYN packet and select option 'follow stream' in analysis tab in top right corner in cloudshark (not using right click option like wireshark ) 3. In the stream, select flow from 10.1.1.1 to 10.1.1.2 --> multiple commands were seen (c,r,q). Note this keywords. 4. Now again changed filter in capture to http.request.method==GET and followed the tcp stream like step 2. 5. In the GET response from 10.1.1.1 to 10.1.1.2, there was a script having above keywords with description (or banner message) next to each keyword) 6. In this script, r keyword had some description like this (dont remember exact description): Your router is compromised. you had your chance to Pay 100 bitcoins to get back your access now you face meltdown hope you saved your config 7. Hence selected "r" keyword/command for second question. Q3. Command used by attacker to run script ? --> tclsh [Hidden Content] Note: name of script is bd2.tcl which can be seen in GET request packet.
  5. i've cracked the R&S C4C image before, its not hard. If it has the labs already then can easily get them. Gdrive download limit has reached for this can't download it atm.. Any one has link for the SP C4C also? i' can crack these and share.
  6. C4C doesn't provide any new videos, these are same you will get. There's nothing changed still same H3. THere's no need for new VM someone already posted a cracked VM use that one, nothing is changed.
  7. anyone taken exam in the the last week can verify if this is really valid?
  8. im interested sent a PM. Looking to take SP written ASAP
  9. Sorry i cannot, maybe someone else can help you with this.
  10. CCIE R&S C4C VIDEOS Here are all of the videos from C4C i've decrypted them so they CAN be played with any media player such as VLC. Enjoy! will share the cracked c4c eve VM soon also when uploaded. [hide][Hidden Content]]
  11. Congrats bro!! For MPLS section, since exam has preconfig if "no bgp default ipv4-unicast" did you activate IPv4 and VPNV4 both or just VPNV4 address family?
  12. Yes those are correct and can be found in the sharing files section of this forums.
  13. This is a amazing post, thanks for putting this together. looking for more details on the lan to lan ip sec. Why are we needing double nat
  14. Thanks for putting this together, although it was while back however I think the combinations are still true as i see others feedback.
  15. Thanks jahe for putting these into VCE. i'll update my post with these.
×
×
  • Create New...