Webfig login hack

Dantealighieri · July 3, 2020, 8:23pm

I am dealing with this Mikrotik switch (RouterOS ver. 6.42.11) on which I would like to try to recover the password (12 characters long, random generated with numbers, symbols, ecc.) but primarily to study how certain things work, since I alrady have the password.

Here is what I have tried so far:

Attack on dictionary with MKBRUTUS (https ://github.com/mkbrutusproject/MKBRUTUS) without concluding anything.
Specially created nmap script (https ://nmap.org/nsedoc/scripts/mikrotik-routeros-brute.html)
which targets port 8728. The script seems to go on forever without concluding anything.
Tried various exploits from exploitdb, but it seems that this 6.42.11 is invulnerable.
Tried to listen with wireshark and arp poison with ettercap while typing the password since the login page is an http and not https, but it seems that webfig also encrypts non https connections, so noyhing to do here.

Now I ask you,
what else can I try before hitting the reset button?

I have a lot of open ports (http, 8728, and of course Winbox, SSH , FTP and telnet) …

Jotne · July 18, 2020, 4:12pm

No there are no simple way to hack this stupid router. Its very secure.

Hiji56 · July 18, 2020, 10:34pm

Interesting , does it legal to post any solution here? (i don’t have any)

Why don’t you just look at mikrotik change log update and find all patch with “CVE-” after 6.42.11?
I remember few loud news like “immediately update your microtik or it’s not safe!!!”

vecernik87 · July 19, 2020, 2:34am

OP is funny. On the one hand, he is aware of tenable’s exploits. On the other hand, he is unable to use them (despite the fact there is Proof of Concept script for every single exploit).

@OP:
Just reset the thing and live with it…
Nobody with consiousness will guide you how to hack a device.
Sincerely yours,
piece of shit

Pea · July 19, 2020, 7:03am

Troll Dantealighieri detected. Don’t feed the troll!

msatter · July 19, 2020, 9:36am

Maybe it eats pieces of shit. Trolls may like that to eat.

ps. only real, shit should be fed.

Jotne · July 20, 2020, 8:32pm

I guess you post will be reported and deleted. Who do you expect someone reply to your post using this type of language.
Starting by calling MT Routers a pieces of shit.

A better question would be:
I have a remote router (mine) that I have lost password to. Is there a way to enter it, maybe using a hack.
You could also post whats the version of RouterOS. There was some version with bad software that it was possible to hack Winbox interface (depening on version)
Normally you should never open winbox to internet, insted use VPN.

Travel to the router and reset it.

Sob · July 20, 2020, 8:49pm

To be fair, he did include “please” this time.

msatter · July 20, 2020, 9:06pm

No shit!

@Sob…spank me.

simplextech · July 20, 2020, 9:13pm

Is it wrong that I’m highly amused by this?

Pea · July 20, 2020, 9:28pm

Don’t feed the troll!

msatter · July 20, 2020, 9:42pm

That depends on your perspective.

anav · July 20, 2020, 10:49pm

Don’t anybody tell him the secret winbox port# !

simplextech · July 20, 2020, 10:51pm

The one on page 42 of the wiki?

Pea · July 21, 2020, 4:46am

Thank you, I didn’t know that page 42 describes the God mode universal password and secret port 666. But it has scary side effects when used by troll!