Community discussions

MUM Europe 2020
 
ahmedsalah
just joined
Topic Author
Posts: 3
Joined: Fri Apr 14, 2017 10:27 pm

Someone claimed that he hacked RouterOS

Fri Apr 14, 2017 10:37 pm

there is hundreds of Yemeni network administrators who serve thousands of clients in Yemen

and in these couple of days there is a hacker who's hacked today by this hacker who claimed he hacked the RouterOS by some Vulnerability in your system (many networks were hacked ) , can you give us a security update or any information about how this is happened , we are VERY VERY considered in yemen ! , and maybe not even using your products anymore ! , we need information today please !

this is the only video that the hacker uploaded :
https://www.youtube.com/watch?v=e19wz5GQ8V4

we are waiting !!
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Someone claimed that he hacked RouterOS

Fri Apr 14, 2017 11:27 pm

This is a community forum, and while some Mikrotik employees do monitor the forums, you should direct a request like this to support.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
soulflyhigh
Member Candidate
Member Candidate
Posts: 173
Joined: Wed Sep 08, 2010 11:20 am

Re: Someone claimed that he hacked RouterOS

Sat Apr 15, 2017 1:35 am

Could anyone translate from Arabic what it says in the youtube video?
Any hint what is the actual exploit?

I think that this is the same guy > https://www.facebook.com/groups/mikrotikman/
MTCRE, MTCTCE
 
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24315
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Someone claimed that he hacked RouterOS

Tue Apr 18, 2017 9:28 am

Could be just an animation. Some people make these and then ask for bounty. Would be nice to see actual tool, or at least proof by anybody else.
No answer to your question? How to write posts
 
User avatar
soulflyhigh
Member Candidate
Member Candidate
Posts: 173
Joined: Wed Sep 08, 2010 11:20 am

Re: Someone claimed that he hacked RouterOS

Tue Apr 18, 2017 2:00 pm

Could be just an animation. Some people make these and then ask for bounty. Would be nice to see actual tool, or at least proof by anybody else.
I did find "a tool" probably made by this guy >
Capture11.JPG
Capture22.JPG
Capture33.JPG
but I couldn't find login data for it (most of the menu options are not working and login window is popping up when I try to run them).

It might be all just a part of a scam but I don't like it - from what I can see in the video it seems that "hack" uses RouterOS web/hotspot service to gain access/read RouterOS credentials and that kind of vulnerability has been fixed just in the latest 6.37.5 and 6.38.5 ?

Translation of the menu options and youtube video from Arabic to English would be a helpful first step.
You do not have the required permissions to view the files attached to this post.
MTCRE, MTCTCE
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24315
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Someone claimed that he hacked RouterOS

Tue Apr 18, 2017 2:33 pm

There is no way to get the plaintext password like the video shows. I would guess this is a regular RouterOS API application that actually sets the router password, and then shows it, to make it appear he hacked something.
No answer to your question? How to write posts
 
Sob
Forum Guru
Forum Guru
Posts: 4855
Joined: Mon Apr 20, 2009 9:11 pm

Re: Someone claimed that he hacked RouterOS

Tue Apr 18, 2017 7:10 pm

There's RouterOS 6.37 in YT video. So if the CIA vulnerability allowed to execute custom code, it might be it. If the hacker shows another video with fixed RouterOS version, then I'll be worried.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Re: Someone claimed that he hacked RouterOS

Tue Apr 18, 2017 9:35 pm

Me too. But keep in mind that it is possible to show everything...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5970
Joined: Mon Jun 08, 2015 12:09 pm

Re: Someone claimed that he hacked RouterOS

Tue Apr 18, 2017 10:17 pm

Not really. When the passwords are only stored in hashed form inside the device, there is no way (CIA or other) to quickly
reveal them with an attack. Of course, when the hashes could be retrieved they could be looked up in a table, and when
the password is "weak" it could be found. But that would not be a generic hack that can be applied to every router.
 
Sob
Forum Guru
Forum Guru
Posts: 4855
Joined: Mon Apr 20, 2009 9:11 pm

Re: Someone claimed that he hacked RouterOS

Wed Apr 19, 2017 12:33 am

How much sure are you about hashed passwords? ;) Because if you create unencrypted backup (/system backup save name=test dont-encrypt=yes) and run it through old mtpass tool, you'll get even long passwords immediately, there's no bruteforcing involved. If they can be exported like this in backup, they must be in easily reversible form also in system.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
fathhi2022
just joined
Posts: 3
Joined: Sat Apr 15, 2017 4:55 am

Re: Someone claimed that he hacked RouterOS

Sun Apr 23, 2017 7:51 am

Could be just an animation. Some people make these and then ask for bounty. Would be nice to see actual tool, or at least proof by anybody else.
I did find "a tool" probably made by this guy >
Capture11.JPG
Capture22.JPG
Capture33.JPG

but I couldn't find login data for it (most of the menu options are not working and login window is popping up when I try to run them).

It might be all just a part of a scam but I don't like it - from what I can see in the video it seems that "hack" uses RouterOS web/hotspot service to gain access/read RouterOS credentials and that kind of vulnerability has been fixed just in the latest 6.37.5 and 6.38.5 ?

Translation of the menu options and youtube video from Arabic to English would be a helpful first step.
you must connict to the RouterOS or winbox with out internet
 
User avatar
nichky
Long time Member
Long time Member
Posts: 535
Joined: Tue Jun 23, 2015 2:35 pm

Re: Someone claimed that he hacked RouterOS

Sun Apr 23, 2017 12:21 pm

As soon as Indonesia is quite about that, no one can hack MT.
Nikola Suminoski
MikroTik Consultan
MTCRE l MTCWE

!) Safe Mode is your friend;
 
User avatar
doneware
Trainer
Trainer
Posts: 540
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Someone claimed that he hacked RouterOS

Tue Apr 25, 2017 12:51 am

i'd call BS on that.
first of all, it shows a 951G and yet 11000+ hotspot users. for me it is kind of unlikely that one buys a $80 box and spends like extra $250 to get a license to support this amazing amount of hostpot users. but maybe that's the case.
hck2.png
the other thing is that the guy is connected to the system via WiFi. The screenshot in winbox shows almost no traffic on the box (951G) and the wireless interface is down (not running). ok, it is possible that there are other APs also connected, but all other ethernet ports are in "not running" state, so assume, there is a switch that takes care the L2 connectivity between the APs. The whole setup suggests a "default" configuration: ports 2-5 are bridged together with wlan, and ether1 (renamed to in) is the outside connectivity.

look, we've been showed lots of stuff, unnecessary things, but no
- route table
- ip address list
- no firewall configuration
- no arp table
not anything that would shed some light on details.

and in the neighbor list only displayed for 2-3 seconds we find 2 interesting entries:
nlist.png
10.0.0.1 - the router itself? with no mac address information, hostname, whatsoever mikrotik specific? uptime is 00:00:00?
10.11.9.2 - ok, so even the PC the guy is using is displayed here, with all info blank. how?

wait. MNDP & CDP is non-routeable. so they must be in the same L2 BD. yet they cannot access it via mac-address. but indeed they get through hotspot and can reach winbox port over IP w/o authenticating on the captive portal? strange.

also note the change of windows inside winbox between 11:07 and 11:13
- 2 entries suddenly disappear from neighbor list (10 was there previously, now only 8 ).
- terminal just appears out of thin air, without user interaction
the video is obviously was cut there.

so OpenMikrotik(32bit) is also able to "crash down" nanostations as we see.
but i don't think that nmap can figure out ROS version and product code. the only place it may come is from MNDP metadata.

and don't you think, that putting your admin password and admin username as hostname for some APs that broadcast it as CDP everywhere, might not be the brightest idea?

for the record: credentials on flash are not encrypted. boot the router with the linux distro that supports reading the onboard flash, and you can get the passwords. been there, done that. but this would require netboot and physical access - none of them can be pulled off over wifi.
You do not have the required permissions to view the files attached to this post.
#TR0359
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24315
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Someone claimed that he hacked RouterOS

Tue Apr 25, 2017 9:41 am

Some good analysis there, doneware. By the way, if you use protected routerboot, there is no way to boot anything else on the device and your password is safe:
https://wiki.mikrotik.com/wiki/Manual:R ... bootloader
No answer to your question? How to write posts
 
ivicask
Member Candidate
Member Candidate
Posts: 243
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Someone claimed that he hacked RouterOS

Tue Apr 25, 2017 10:25 am

http://mig4vip.3abber.com/post/339997

From what i see this is not even a hacking tool, its just a alternative management software for mikrotik devices and printing some kind of cards as much i can understand from google translate

Think someone just over-hyped this because they dont understand whats going on due language barrier..

Here is also screen of hes facebook google translated.
You do not have the required permissions to view the files attached to this post.
 
p3rad0x
Long time Member
Long time Member
Posts: 603
Joined: Fri Sep 18, 2015 5:42 pm
Location: South Africa
Contact:

Re: Someone claimed that he hacked RouterOS

Tue Apr 25, 2017 1:21 pm

Use the IP services list to only allow a specific ip to be able to access the router.

Even if someone has your password they wont be able to login.

Also disable the mac server to the client facing side if your entire network is bridged.
There you go then you touched something ;-) : it only takes a change in wind direction to screw with your nat :-)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24315
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Someone claimed that he hacked RouterOS

Tue Apr 25, 2017 1:59 pm

http://mig4vip.3abber.com/post/339997

From what i see this is not even a hacking tool, its just a alternative management software
Just like I said above, judging from the dropdown menus where you see all kinds of generic controls, it is an API configurator. No hacking.
But I love how the guy in the video has to set up "proper hacking soundtrack" before he can work.
No answer to your question? How to write posts
 
sakhr
just joined
Posts: 1
Joined: Tue Apr 25, 2017 9:24 pm

Re: Someone claimed that he hacked RouterOS

Tue Apr 25, 2017 9:38 pm

Could anyone translate from Arabic what it says in the youtube video?
Any hint what is the actual exploit?

I think that this is the same guy > https://www.facebook.com/groups/mikrotikman/
He said nothing , silent video , he wrote that he will hack a network and mentioned the names of owners of the networks and the reasons for hacking ...... etc. All information wrote in the notepad is not important .
 
User avatar
doneware
Trainer
Trainer
Posts: 540
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Someone claimed that he hacked RouterOS

Wed Apr 26, 2017 1:02 am

set up "proper hacking soundtrack" before he can work.
and i have the feeling that "rewinding" is done manually, as if repeat wan't invented before :-)
i've been thinking why the guy shows VLC playing the song, fiddling with the controls using his mouse. probably it was meant to be some sort of proof that things happen in real time... which doesn't quite seem to be so.
#TR0359

Who is online

Users browsing this forum: No registered users and 34 guests