I Tink i got hacked

FabFab10 · Wed Dec 27, 2023 11:17 am

Hello,
i found my admin user belongin to a new "admin" group and i can't any longer open a terminal window (telnet and SSH have been disabled for this group). I also found a new "Ssytem" user which has all privilegs.
Is there any way to recover full access without having to fully reset the router?

thanks

elbob2002 · Wed Dec 27, 2023 11:54 am

You should netinsall to factory reset the router. It's the only way to be certain that the compromise has been completely removed:

https://help.mikrotik.com/docs/display/ROS/Netinstall

That won't prevent you from future hacks though so likely you have an issue with your firewall rules or services open to the internet. You should resolve these too once it's reinstalled.

FabFab10 · Wed Dec 27, 2023 11:58 am

Thanks for your reply.
I'm pretty sure there was just a user modification, so if there is a way to regain group control of my user that will be fine.
I know Netinstall would replace everything but if there is a way to modify group belongin for my user that would fix it.
It happened with API service.

I'm running version 7.6 , also tried the Netwatch trick, but either not working or i'm doing something wrong

erlinden · Wed Dec 27, 2023 12:38 pm

Sounds like you know what happened...were you hacked or not? If this situation is caused by a known user (like yourself), you might want to resolve it. If it's not, you really really should use netinstall.

FabFab10 · Wed Dec 27, 2023 12:44 pm

Honestly i'd rather prefer trying to resolve it (if possible) and I have already disabled some unnecessary services.
But i need to regain full access to the system

infabo · Wed Dec 27, 2023 1:00 pm

If there was a legal and official way to gain admin privileges again.....lol? Then everyone could make themselves admin? to be honest: what answer did you expect to hear? "yes sure, just press the reset button according to the notes of Beethoven's 5th symphony and you have all privileges again"

FabFab10 · Wed Dec 27, 2023 4:20 pm

@infabo
some devices let you connect to a console port and make some recovery procedures.........
I hoped there was one using a different connection

anav · Wed Dec 27, 2023 4:37 pm

Why did you have unsecure API enabled and running.
Perhaps you need to take some courses before being allowed to setup a router?

Netinstall, stop arguing do it, you wont get any other advice, stop wasting our time.

infabo · Wed Dec 27, 2023 7:03 pm

There is the Woobm USB Stick that emulates a serial console port. but still you need to login with a valid user/password.

Wed Dec 27, 2023 7:57 pm

And... woobm has been discontinued.

infabo · Wed Dec 27, 2023 10:10 pm

And... woobm has been discontinued.

infabo · Wed Dec 27, 2023 11:23 pm

Thanks, I already have one myself. But to discontinue such a helpful device makes me sad

rextended · Thu Dec 28, 2023 11:29 am

"just press the reset button according to the notes of Beethoven's 5th symphony and you have all privileges again"

But what are you talking about? I tried and it didn't work...

Thu Dec 28, 2023 11:47 am

That was a joke which you may have missed.
(but your comment was one too

)

rextended · Thu Dec 28, 2023 1:06 pm

That was a joke which you may have missed.

(sure?)
ah, I thought I had choice the wrong timing 2/4 (is 3/8)

I Tink i got hacked

I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Re: I Tink i got hacked

Who is online