Download >>> https://byltly.com/283dkl
Whoa, lost? Here's what you need to know about MikroTik before reading this blog post: 1. It's a wireline broadband service provider; 2. It has the 2nd largest wireless network in Lithuania; 3. They're part of an international conglomerate full of wizards who are always looking for ways to shrink our carbon footprints. Did I pique your interest? If so, read on. Background on the Crack: MikroTik is a company that makes router and switch hardware and software (the company is actually an international conglomerate of more than 20 companies). MikroTik was founded by Arun Gupta, who currently serves as CEO. The Crack Team consists of the following people: Sean Cribbs (President), Dave Griffiths (Board of Directors/COO), David Jackson (CTO). Mikrotik is headquartered in Waterloo, Ontario, Canada. They also have offices in London, UK; Vilnius, Lithuania; and Singapore. Mikrotik is known for making relatively small network interface cards with big processing power. Their hardware is used by Internet Service Providers (ISPs) to manage their networks, businesses looking to create wireless networks, and people just looking for flexible networking solutions. Part of the Mikrotik package is Winbox, an application that runs on Windows that allows you to configure your NIC by entering commands into a terminal. A strange thing about the Winbox software is that Mikrotik doesn't recommend using it on Mikrotik's own website. The strange nature of this practice led me to question what type of security measures they've implemented, so I decided to write this blog post if for no other reason than self-satisfaction. I started with the most straightforward attack, which was to see if I could inject commands straight into the Winbox application. Turns out, it's pretty easy to do, especially if you are using an older version of Winbox. I've included a video below showing my exploits. Word of warning! If you are using an older version of Winbox, you are probably better off just patching your system rather than trying this on your own. The old versions of Winbox will allow me to execute commands on any computer that is running the vulnerable versions of the software at any time I want. That means that I can open up ports on their router and even lock them out completely. The one caveat to this exploit is that the vulnerable versions of Winbox don't allow me to execute any commands as root, but it's still a pretty serious vulnerability nonetheless. I found my first vulnerable box by scanning for open ports on Shodan. After I found my target, I used a tool called Watcher to discover whether they were running a vulnerable version of Mikrotik Winbox or not. After discovering that they were indeed using a vulnerable version, I wrote a Ruby script that allows me to scan for other versions of Winbox running on the same home network as my target. The script opens up 1000 threads and scans 1000 IPs each iteration. cfa1e77820
Comments