Hello,
i found my admin user belongin to a new “admin” group and i can’t any longer open a terminal window (telnet and SSH have been disabled for this group). I also found a new “Ssytem” user which has all privilegs.
Is there any way to recover full access without having to fully reset the router?
thanks
You should netinsall to factory reset the router. It’s the only way to be certain that the compromise has been completely removed:
https://help.mikrotik.com/docs/display/ROS/Netinstall
That won’t prevent you from future hacks though so likely you have an issue with your firewall rules or services open to the internet. You should resolve these too once it’s reinstalled.
Thanks for your reply.
I’m pretty sure there was just a user modification, so if there is a way to regain group control of my user that will be fine.
I know Netinstall would replace everything but if there is a way to modify group belongin for my user that would fix it.
It happened with API service.
I’m running version 7.6 , also tried the Netwatch trick, but either not working or i’m doing something wrong
Sounds like you know what happened…were you hacked or not? If this situation is caused by a known user (like yourself), you might want to resolve it. If it’s not, you really really should use netinstall.
Honestly i’d rather prefer trying to resolve it (if possible) and I have already disabled some unnecessary services.
But i need to regain full access to the system
If there was a legal and official way to gain admin privileges again…lol? Then everyone could make themselves admin? to be honest: what answer did you expect to hear? “yes sure, just press the reset button according to the notes of Beethoven’s 5th symphony and you have all privileges again”
@infabo
some devices let you connect to a console port and make some recovery procedures…
I hoped there was one using a different connection
Why did you have unsecure API enabled and running.
Perhaps you need to take some courses before being allowed to setup a router?
Netinstall, stop arguing do it, you wont get any other advice, stop wasting our time.
There is the Woobm USB Stick that emulates a serial console port. but still you need to login with a valid user/password.
And… woobm has been discontinued.
Thanks, I already have one myself. But to discontinue such a helpful device makes me sad
But what are you talking about? I tried and it didn’t work…
That was a joke which you may have missed.
(but your comment was one too 
)
(sure?)
ah, I thought I had choice the wrong timing 2/4 (is 3/8)
