关于DIAG3的详细情况

214度的心

    各位，如果有对DIAG3感兴趣的请加我QQ2897152692，我这有点详细情况，想帮助一下野战军兄弟。
+ V9 b% I9 P$ J! H

Rx___

想(shou)帮(fei)一(mai)下(zi)兄(liao)弟

Rockyw

没资料分享一下吗？

tapandoshi533

Question 1  
' T3 R0 q+ J( R' M; r: p+ Z(Shows a PCAP)
Whats happening in the network?(chose 4)
a. tcp session from A to B
b. tcp session from B to A———————————3
  k; ^/ Q, m3 c; V" F, z6 lc. http session from A to B———————————1
d. http session from B to A
) S( D* c! X2 T5 w, v, d& d3 Te. ransomware installed by backdoor———————————4
f. backdoor installed by ransomware
1 m- _6 y$ M1 U8 F: m5 dg. tcl script downloaded from A
h. tcl script downloaded from B———————————2
: S6 r. I: `4 A: ]————
# \4 d9 J% ]+ \0 F' P% YAnswers
4 L% X6 n; z& e1. HTTP session from A to B
8 T* F% [& h/ a' Y3 n2. TCL script download from A
( m' x/ Y. O* ~$ X, y. m4 h; H$ J3. TCP session from B to A
4. ransomware installed by backdoor

For Understanding.
2 \- j; q5 n, q5 Y8 j1 X1. HTTP session from A to B (A clicks a link that it shouldn't and goes to B's fishing website.)
4 U+ Q/ w3 }! M2. TCL script downloaded from B (A is the one running 'get' command, and downloads tcl from :cool:
3. TCP session from B to A (After A runs tcl, it creates a backdoor port on itself and B connects to A using this newly created backdoor.)
4. ransomware installed by backdoor (B installs a ransomware to A using backdoor previously created)
0 t. a1 `4 @3 N* e% B7 O1 l7 q7 `
-========
3 K+ Y- G, _6 B: F% ^( J, X" HQuestion 2
9 b' K/ b, ^7 H& p0 B5 zWhich command use to execute the attack?
( T8 j) l# P1 i' P  Ya. sherkfest
b. sudo poweroff
c.  tclsh:/ copy flash via http

  t, e1 H6 }0 E. kQuestion 3
Which command if issued from the hacker end can bring down the complete system?
a. sudo poweroff
, F- V, W( f) T/ }* A. k
Question 4
7 \8 t$ ]: i8 y2 JHow to quickly fix this problem?
8 r* G3 v" P) ^a. e kill,  kill the process.

checkyang

是不是还有一题？

yjp59

ip need in, thank you

yjp59

ip need in, thank you

hidehide

hidehide