Hi!
I would like to know if anyone can tell me if it is possible to recover router configuration if you do not have (winbox, ssh…) password but you do have SNMP read-only password and router access?
Thank you,
Luka
You can walk the SNMP tree using any SNMP Tool to export the data. Then reset the router using the pin-hole, and use the saved SNMP data to rebuild the router’s config by hand. In theory, you could re-enable, with write accesss, SNMP to import the saved data. But I doubt that be simple, since order would matter, but maybe not.
SNMP walk is what I did but I am not completely sure there is everything - I was thinking if there is any other way to somehow use this SNMP read-only community string to get to full config… Thank you for your answer!
I don’t know of any SNMP variable that has the config itself. Mikrotik maps their config into the more standard MIB names in a lot of cases. So it very well maybe lossy. Assuming you have physical access, you might able to use RouterBOOT to access the config, not my area of expertise, but see: https://wiki.mikrotik.com/wiki/Manual:RouterBOOT
If for “and router access” you mean that you can query by SNMP the device,
simply, not.
So you think that I need to find things out by checking the output of snmp walk and that's all I can get? 
From SNMPwalk and similar programs, some parameters can be deduced, but certainly not all of the internal configuration.
@Amm0 is right, but I’m not going to provide details (maybe already available on the internet or not) on how to break into a device,
which could favor thieves and hackers.
If you’ve lost access, you might have thought about making a backup sooner…
But if you did, simply reload the backup.
If you’ve never had it (the access), it means that the peripheral belongs to someone else, and you shouldn’t have access to it.
Well, it can be even more complicated - that you need to help a company where someone left and there is no documentation but yes, I understand what you intended to say. It is quite a basic thing so I think I will be able to resolve most of the things by snmp walk output.
Thank you colleagues for your help!
Luka
I have to apologize, seriously, I just realized I answered your question wrong,
I don’t like it either when they tell me “I know how to do it but I won’t tell you”,
forgive me,
it’s d–head behavior, it was better if I didn’t write it at all.
Sorry…
No, it is completely fine - I also think that revealing such information could lead to bigger problems. Do not worry, my first thought was that maybe anyone knows if I do not know maybe by going through SNMP with DUDE can give any better results… All good! Thank you! Tutto bene! 
Luka
No. There are some things you can infer from SNMP such as IP addresses, routes, etc. but there is no way to determine others including firewall rules, IPsec/PPP secrets, etc.
Dude might help with mapping SNMP OIDs to friendly names, automatically, since the Dude already has the standard MIBs – but ain’t going to get more data than any other SNMP tool could from read-only access. You need a “real user” to for the Dude to fetch the config information since it uses winbox protocol (and it’s authentication), which is what you don’t have…
Agree with @rextended re “documenting hacking”, but sure Google has suggestions. But I’ll offer that even that those be limited, depending on hardware and if protected boot mode was active, and other variables…so even trying to hacking it may leave you short a method to get the config, even with physical access.