Community discussions

MikroTik App
 
airsay
just joined
Topic Author
Posts: 3
Joined: Thu Oct 20, 2022 12:48 pm

password set incorrectly, admin access lost

Thu Oct 20, 2022 1:01 pm

Hello everyone.

So I created a new user with full rights using CLI. Command ran "successfully". I put successfully in quotes because while error message wasn't displayed, I may have gone and done something silly.

So I ran the following

/user add name=xxxxx password=X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr group=full

and got the following error message

expected end of command (line 1 column 48)

I figured this was because of the $ sign within the password.

So I ran the same command and this time enclosed the password in quotes

/user add name=xxxxx password="X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr" group=full

And got no error messages this time around.

I then went ahead to commit the greatest of all sins by deleting admin user without verifying that the new user login works.

I'm unable access the router using the new user(redacted in my CLI snippets above) and the password (actual password is as shown in the CLI snippet).

What have I done incorrectly? And how can I remedy the situation without a reset of the router.

PS: No backups were ever made. This was a fresh install that I was trying to "harden"
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: password set incorrectly, admin access lost

Thu Oct 20, 2022 1:43 pm

Your actual password is (with the space):
X90dFXV% tNMeialSk*w

It's a very bad idea use reserved characters to set password on any OS used.
Do not use on MikorTik \ ? " and $ on passwords...
The script can fail, also for other reasons, and if you do not verify new user first...
 
airsay
just joined
Topic Author
Posts: 3
Joined: Thu Oct 20, 2022 12:48 pm

Re: password set incorrectly, admin access lost

Thu Oct 20, 2022 3:07 pm

Your actual password is (with the space):
X90dFXV% tNMeialSk*w

It's a very bad idea use reserved characters to set password on any OS used.
Do not use on MikorTik \ ? " and $ on passwords...
The script can fail, also for other reasons, and if you do not verify new user first...
So I see you inferred that copy paste kind of mangled my password. It should have been "X90dFXV% tNMeial$k*w$bdkboc7Vri3iXotMZyKgr" (with a $ before the first uppercase K and another $ immediately after the lowercase b)

I had tried "X90dFXV% tNMeialSk*w " (without the quotes and a trailing space). I will try the new pass without the trailing space and come back with feedback. Thanks for your time.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: password set incorrectly, admin access lost

Thu Oct 20, 2022 3:37 pm

He wanted to say that you forgot about $ being used for variables. If you put the same string where you can see it later:
/ip address add interface=ether1 address=127.0.0.2 disabled=yes comment="X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr"
:global bdkboc7Vri3iXotMZyKgr "MEOW!"
/ip address add interface=ether1 address=127.0.0.3 disabled=yes comment="X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr"
/ip address add interface=ether1 address=127.0.0.4 disabled=yes comment="X90dFXV% tNMeialSk*w\$bdkboc7Vri3iXotMZyKgr"
Then export will give you:
/ip address
add address=127.0.0.2 comment="X90dFXV% tNMeialSk*w" disabled=yes interface=ether1 network=127.0.0.2
add address=127.0.0.3 comment="X90dFXV% tNMeialSk*wMEOW!" disabled=yes interface=ether1 network=127.0.0.3
add address=127.0.0.4 comment="X90dFXV% tNMeialSk*w\$bdkboc7Vri3iXotMZyKgr" disabled=yes interface=ether1 network=127.0.0.4
Edit: The last one is correct, you'll see it in WinBox/WebFig as "X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr", i.e. exactly what you wanted.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: password set incorrectly, admin access lost  [SOLVED]

Thu Oct 20, 2022 4:00 pm

So I see you inferred that copy paste kind of mangled my password. It should have been "X90dFXV% tNMeial$k*w$bdkboc7Vri3iXotMZyKgr" (with a $ before the first uppercase K and another $ immediately after the lowercase b)

I give your password based on what you write on forum.
If is pasted "X90dFXV% tNMeial$k*w$bdkboc7Vri3iXotMZyKgr" on terminal (but on your previous post the first $ is one S !!!),
without other surprises, your password is:
X90dFXV% tNMeial*w
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: password set incorrectly, admin access lost

Thu Oct 20, 2022 4:04 pm

@Sob
:global k ""
:global bdkboc7Vri3iXotMZyKgr ""
:put ">X90dFXV% tNMeial$k*w$bdkboc7Vri3iXotMZyKgr<"
 
airsay
just joined
Topic Author
Posts: 3
Joined: Thu Oct 20, 2022 12:48 pm

Re: password set incorrectly, admin access lost

Sun Oct 23, 2022 11:39 pm

This is now solved. Correct password was a slight variation of the one previously provided. Thank you all.

Blocked ssh and www access from outside the local network. I don't see anymore logs showing failed ssh login attempts.

Who is online

Users browsing this forum: No registered users and 47 guests