Page 1 of 1

progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Thu Jun 07, 2018 10:57 pm
by AliALBedwi
Hello Everyone,
We are facing a serious bug , there is big bug in the microtik system that will destroy it, which will stop our business, and SOLUTIONS must be found, hoping the R&D fix it immediately, and anyone has any idea how to solve it please contact me. Meanwhile, Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Fri Jun 08, 2018 1:34 pm
by Anumrak
WTF

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Fri Jun 08, 2018 2:05 pm
by JB172
Hello Everyone,
We are facing a serious bug , there is big bug in the microtik system that will destroy it, which will stop our business, and SOLUTIONS must be found, hoping the R&D fix it immediately, and anyone has any idea how to solve it please contact me. Meanwhile, Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is
The Mikrotik version matters?

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Fri Jun 08, 2018 2:22 pm
by anav
Post your version in use, and your external access to the router setup and your internal access to the router setup, otherwise all I see is hot air.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Fri Jun 08, 2018 2:29 pm
by nescafe2002
Probably related to this (known) topic: viewtopic.php?t=133533

But, if you think you found a new bug, please contact support directly with instructions and supout.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Fri Jun 08, 2018 3:08 pm
by Lifz
Please contact us at support@mikrotik.com with descriptions

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Fri Jun 08, 2018 3:30 pm
by Sob
Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is
Go for it:
demo.mt.lv
demo2.mt.lv

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Fri Jun 08, 2018 11:36 pm
by AliALBedwi
Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is
Go for it:
demo.mt.lv
demo2.mt.lv
username : admin
password :empty

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 1:47 am
by Sob
Good, but now try for real with two existing real admin accounts. :)

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 1:55 am
by ahmedalmi
Good, but now try for real with two existing real admin accounts. :)
change your user name and password for admin user and he will know it

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 2:39 am
by Sob
Those routers have two admin accounts with full rights, and it's even easier, because you can see their names using the password-less "admin" account. It's two MikroTik's own demo routers, with supposedly secure RouterOS. And to be honest, I'm a little skeptic that you can get in (as full admin). But if you really can, keep the paswords for yourself, and if you want to impress us (and MikroTik too, no doubt), just make some small harmless change, e.g. /system note set note="some text".

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 4:22 am
by AliALBedwi
Those routers have two admin accounts with full rights, and it's even easier, because you can see their names using the password-less "admin" account. It's two MikroTik's own demo routers, with supposedly secure RouterOS. And to be honest, I'm a little skeptic that you can get in (as full admin). But if you really can, keep the paswords for yourself, and if you want to impress us (and MikroTik too, no doubt), just make some small harmless change, e.g. /system note set note="some text".
Hi Sob
just sent me your own cloud or host name and I'll prove that to you and sent u you username and pass

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 4:24 am
by AliALBedwi
Please contact us at support@mikrotik.com with descriptions
i did that and i hope them replay as soon as they can

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 5:57 am
by sguox
116.15.139.78 mikrotik with public IP

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 6:26 am
by AliALBedwi
116.15.139.78 mikrotik with public IP
at last open one port !!

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 6:53 am
by Shadeofspirit
public ip 80.249.83.171

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 7:02 am
by AliALBedwi
Probably related to this (known) topic: viewtopic.php?t=133533

But, if you think you found a new bug, please contact support directly with instructions and supout.
ya seems like this but using port 80
and should to change the winbox port 8291

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 7:06 am
by AliALBedwi
public ip 80.249.83.171
opean port www and winbox 8291 sir

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 7:19 am
by Shadeofspirit
public ip 80.249.83.171
opean port www and winbox 8291 sir
Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 7:45 am
by AliALBedwi
public ip 80.249.83.171
opean port www and winbox 8291 sir
Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16
its all close from my side sir

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 7:56 am
by Shadeofspirit
public ip 80.249.83.171
opean port www and winbox 8291 sir
Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16
its all close from my side sir
so, that means one of the next variants: 1) there are no program to get login and password; 2) this program exist, but doesn't work with new ROS versions. 3) it works in theory, but basic security rules (nothing extra ordinary) prevent from it.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 8:04 am
by AliALBedwi
public ip 80.249.83.171
opean port www and winbox 8291 sir
Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16
i search for all your rnage and i just give you sample
to systems i got them username and pass
1-
80.249.84.182 80 admin:turbo3*(+
admin:turbo3*(+
2-
80.249.83.125 80 admin:GfhjkmJnvbrhjnbrf91 MikroTik RouterOS v6.40.4

i hope you don't do anything to this systems sir
i just give u a samples to believe that

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 8:17 am
by AliALBedwi
public ip 80.249.83.171
opean port www and winbox 8291 sir
Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16
its all close from my side sir
so, that means one of the next variants: 1) there are no program to get login and password; 2) this program exist, but doesn't work with new ROS versions. 3) it works in theory, but basic security rules (nothing extra ordinary) prevent from it.
no you are wrong
this program its exist and work very excellent
its can got any password and username faster with any version unless 6.40.8 and 6.42.1 just
its also can get a lot other system but we are not care about it
the big problem its the mikrotik

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 8:18 am
by Shadeofspirit
this are not my routers, so i wouldn't check, but as i see in your post - they have old ROS. In 6.42.1 was fix for vulnerability in winbox

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 8:27 am
by AliALBedwi
this are not my routers, so i wouldn't check, but as i see in your post - they have old ROS. In 6.42.1 was fix for vulnerability in winbox
yah not work with 6.42.1 you are right
after my post someone shear this post viewtopic.php?t=133533
and talks about this bug
That's great work from Mikrotik to slove it
but the big problems a lot systems around the world not upgraded and they not know about it and they trust mikrotik system
here the problem

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 8:31 am
by Shadeofspirit
this are not my routers, so i wouldn't check, but as i see in your post - they have old ROS. In 6.42.1 was fix for vulnerability in winbox
yah not work with 6.42.1 you are rigth
after my post someone shear this post viewtopic.php?t=133533
and talks about this bug
That's great work from Mikrotik to slove it
but the big problems a lot systems around the world not upgraded and they not know about it and they trust mikrotik system
here the problem
i don't see any problem in mikrotik, it is the problem of admins. It is so, because there is information in changelog, there were posts in mikrotik twitter, facebook with information about vulnerability and it's fix. also there was information in many other resources

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 9:49 am
by avacha
That guy just found in first time (in)famous RouterScan and shocked about security in net. :)
Just upgrade your devices if it's a MT routers, or use OpenWRT if these devices are shitty home routers abandoded by their manufacturers :lol:

Just wonder what he say when he see 3wifi database :lol:

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 4:28 pm
by Sob
So it's just the recent WinBox vulnerability? It's good then. I mean, not good, obviously. That was major screwup on MikroTik's side, and blaming it on "unsecured routers" in changelog wasn't fair either, people usually don't think about fifty-characters passwords as "unsecured". But it's good there isn't another one.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 7:01 pm
by apteixeira
Hello,

Just for testing purpose I just created a VM with IP 201.217.241.120
Try getting password. Clue: password starts with "test" word.
Port: winbox 8291

Regards.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 9:16 pm
by avacha
That was major screwup on MikroTik's side, and blaming it on "unsecured routers" in changelog wasn't fair either, people usually don't think about fifty-characters passwords as "unsecured". But it's good there isn't another one.
Nope. If you use old system and set up it to connect to the internet via nude ass - just don't wonder if some kiddies hijack your device.
To succesfully exploit you need not only old firmware but also open winbox port for direct access from wan. Default config do not allow this. If you config router like these manually... well, don't cry about "Russian hackers".

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sat Jun 09, 2018 10:36 pm
by jspool
Funny how people are so quick to post an issue without bothering to check to see if its already been discussed.
Anyone exposing management ports to the public facing Internet deserves whatever comes their way.
Attacks from LAN to router and from WAN to router are easily prevented by only allowing trusted IP's or networks access to management ports. Never rely on others to secure your network.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Sun Jun 10, 2018 2:59 am
by Sob
I'd like to slightly disagree with last two posters. Now, when fixed version is available, it's on anyone who keeps the old vulnerable one. But the main problem was, to quote official explanation:
The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file.
You're right that when you block connections to WinBox port, it's safe. But you can't block everything. What if the vulnerability wasn't in WinBox server, but in SSTP server? They both depend only on strong passwords (SSTP's non-standard option to require client certificate doesn't count, because it's not compatible with regular clients). If I got hacked because of such vulnerability in SSTP, would you tell me that it's my fault for leaving SSTP port open to whole world? But it's the idea of VPNs, to allow users to connect from everywhere. I agree that it doesn't apply to WinBox, but it's exactly the same principle.

No hard feelings from me (after all, nothing of mine got hacked), but MikroTik is #1 to blame here. And regarding the "unsecured routers" explanation, only being almost a fanboy prevents me from using "bullshit" as reply. ;)

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Tue Jun 12, 2018 1:30 am
by avacha
Sob.
In general, all of our enviroinment in this world require some knowledge about "what you doing".
If I buy microwave oven and it will be hacked - well, manufacturer never told me about "main goal of our microvave oven is security system."
If MT make his own proprietary vpn, say "main goal is security, blah-blah" and after that it have a vulnerability - shame on MT. But winbox is just a config tool, nothing about security here and MT never say about that's super-secured, moreover - winbox denied in defconf firewall.

Well, let's try to see from different point of view.

I buy 20$ cheap tp-link or dlink router. Then open telnet from wan - by default, of course, telnet closed.
And when someone hack into, post "this is shit %manufscturer_name% in facebook. But telnet is nothing about security, it,s just config tool.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Tue Jun 12, 2018 5:54 am
by Sob
Are you saying that if it's "just a config tool", it's allowed to give passwords to anyone who asks? :) It's just wrong, no matter what it is, if I have password like "QWnXSS_bX8p8er&C$d?:ZwPMdv" I expect it to be secure enough. It should be, bruteforcing over the net would take a lifetime. And if there's some other way, it must be horrible mistake done by whoever implemented it.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Wed Jul 18, 2018 7:45 am
by normis
What if the vulnerability wasn't in WinBox server, but in SSTP server? They both depend only on strong passwords (SSTP's non-standard option to require client certificate doesn't count, because it's not compatible with regular clients). If I got hacked because of such vulnerability in SSTP, would you tell me that it's my fault for leaving SSTP port open to whole world? But it's the idea of VPNs, to allow users to connect from everywhere. I agree that it doesn't apply to WinBox, but it's exactly the same principle.
Then the comment would be different. SSTP is not the same as administration access to your device. There are zero reasons to leave winbox access open to all, especially with default port.

Re: progaram get any mikrotik system usernam and passowrd in 3 second

Posted: Wed Jul 18, 2018 4:41 pm
by Sob
I agree that while SSTP port is supposed to be open, WinBox port should rather not be. But on technical level it's Service A with its security depending only on strong passwords and bug-free implementation, and Service B with its security depending only on strong passwords and bug-free implementation => exactly the same thing. I don't plan to beat it to death, what's done is done. And how to say it, I understand that "but you shouldn't have had that port open!" is something I would probably also want to say, if I managed to create such nice bug as this. ;)