I am dealing with this Mikrotik switch (RouterOS ver. 6.42.11) on which I would like to try to recover the password (12 characters long, random generated with numbers, symbols, ecc.) but primarily to study how certain things work, since I alrady have the password.
Here is what I have tried so far:
- Attack on dictionary with MKBRUTUS (https ://github.com/mkbrutusproject/MKBRUTUS) without concluding anything.
- Specially created nmap script (https ://nmap.org/nsedoc/scripts/mikrotik-routeros-brute.html)
which targets port 8728. The script seems to go on forever without concluding anything.
- Tried various exploits from exploitdb, but it seems that this 6.42.11 is invulnerable.
- Tried to listen with wireshark and arp poison with ettercap while typing the password since the login page is an http and not https, but it seems that webfig also encrypts non https connections, so noyhing to do here.
Now I ask you,
what else can I try before hitting the reset button?
I have a lot of open ports (http, 8728, and of course Winbox, SSH , FTP and telnet) ...