Hello everyone. Our 3011 device was hacked. Our users have been put in read mode. reset button is disabled. and I have no backup outside. we use Custom software for hotspot. configuration is important. how can I proceed. thanks.
Your device probably has reset jumpers, you may try it. Also, netinstall may help, if bootloader is not in protected mode, otherwise gg.
No point in resetting anything as you have no idea why this happened and thus it will happen again.
Do you a copy of the config prior to hacking to show…
Netinstall is the only viable method of putting a clean load, if the device is accessible.
netinstall does not see the device.
stay in there;
setting up elf image…
or
RouterBOOT backup booter 3.27
RouterBOARD 3011UiAS
CPU frequency: 1400 MHz
Memory size: 1024 MiB
NAND size: 128 MiB
Press any key within 2 seconds to enter setup
trying bootp protocol… OK
Got IP address: 192.168.88.2
resolved mac address BC:EC:A0:0A:49:D7
********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************falling back to small packet size
********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************kernel loading failed
I don’t have any configuration. I just saw a new user. He put me in read mode.
I’v had issues in the past with netinstall. Usually the device, or more specifically the ethernet port of the laptop/pc causing the netinstall trouble. Funnily enough, i’v used usb dongles on the same machine that had a fixed etherport tht didnt work, but the usb dongle allowed the netinstall process to work !.. I see you have serial port access.. theres a good start too..
Good luck
- What RouterOS version were you running?
- Did you have firewall on all ports that have unknown people connecting? Like your hotspot users, did they have access to SSH and WinBox ports on the router?
- You say you can see your user has read mode. It’s good - it means you can see all your config. Save it, so you can restore it on another router. Type “/export” in command line.
Yes, I can connect to the serial console.
My version is 7.13 booter version 3.27
I can’t export. No authorization.
I can print but the code is interrupted and not all is visible.
I’ve tried over and over. netinstall won’t progress.
thank you for the answers. still looking for a solution.
After a few failed attempts it logged in with the user named system. then read the existing users.
I don’t understand, what do you mean “no authorization”?
if you can login, you can use export
did you mean file export?
my user is not authorized to write to disk
A user can log in but have no rights to open terminal.
no, just type /export in command line (ssh) and you will see all config, and be able to copy from terminal screen
I am sorry, just edited my previous answer. User may have !local, !telnet, !ssh and thus can’t execute export, or I am missing something?
i understand you. there are more than 5000 hotspot users. and the codes are endless. it gets stuck somewhere. but i am trying with serial console. i will report the results.
Read users can use Winbox terminal. That’s not true.
thanks for answer. I got the codes piece by piece. How do I recover the device?
You have no permission to open terminal in Winbox even if you have winbox permission. As said: !local or !telnet prevents opening a terminal inside Winbox.
You should keep trying netinstall. One suggestion is to unplug everything else from your router and from your computer. Disable wifi if you are on a laptop.
Then connect the device like this:
[PC] ----- cable ---- [basic ethernet HUB or simple ethernet switch] ----- cable ----- [router boot port]
launch netinstall program as administrator.
unplug router power, press and hold the reset button on the router.
plug power, keep holding button
when you see device in Netinstall, release button
netistall hang point
RouterBOOT backup booter 3.27
RouterBOARD 3011UiAS
CPU frequency: 1400 MHz
Memory size: 1024 MiB
NAND size: 128 MiB
Press any key within 2 seconds to enter setup
Please, check ethernet cable…
trying bootp protocol… OK
Got IP address: 192.168.88.3
resolved mac address C0:25:A5:D3:32:17
transfer started … transfer ok, time=2.08s
setting up elf image…
Do you need a hub?
I’m connecting directly.