Tenable Research revealed the new findings at the Derb圜on 8.0, held in Louisville, Kentucky, on Sunday. Needless to say, it poses yet another serious threat to the MikroTik router family, which is already exposed to a variety of other issues including cryptojacking and network snooping. The new attack identified by Jacon Baines works on MikroTik’s edge and consumer routers. However, later it was categorized as critical because of the identification of new hacking technique that allowed attackers to carry out remote code execution on affected devices to obtain a root shell. RouterOS software powers the company’s business-grade RouterBOARD brand and ISP/carrier-grade gear. Initially, the vulnerability was rated as of medium severity and researchers believed it affected Winbox management component and a GUI application for Windows in the RouterOS software for MikroTik devices. It is being touted as a much more dangerous flaw than it is being perceived. The vulnerability, identified as CVE-2018-14847, is an old directory traversal flaw, which was patched the same day it was detected in April, 2018. The authors are not responsible for any damages you use this tool.Tenable Research’s cybersecurity researcher has released “By The way,” which is a new PoC (proof-of-concept) RCE attack after identifying a new attack method to exploit an already discovered vulnerability in MikroTik routers. This tool is intended only for testing Mikrotik devices security in ethical pentest or audits process. Testing against a box at 192.168.1.1 using dictionary rockyou.txt but the API port is running in other port $ python3 mkbrutus.py -t 192.168.1.1 -d rockyou.txt -u admin Testing against a box at 192.168.1.1 using dictionary rockyou.txt It was successfully tested in KALI LINUX, previous P圓 installation (apt-get install python3). It is necessary to have Python 3.x installed in order to run this tool. The project is available here in GitHub, and you can install just by typing: There are many sites from where you can download wordlists, here are some: 3.x or newer) which have the 8728/TCP port open.Ĭurrently has all the basic features of a tool to make dictionary-based attacks, but in the future we plan to incorporate other options. MKBRUTUS is a tool developed in Python 3 that performs bruteforce attacks (dictionary-based) systems against RouterOS (ver. It is possible that in the midst of a pentesting project, you can find the ports 8291/TCP (Winbox) and 8728/TCP (API) open and here we have a new attack vector.īecause the port 8291/TCP is only possible to authenticate using the Winbox tool (at least by now ), we realized the need of develop a tool to perform dictionary-based attacks over the API port (8728/TCP), in order to allow the pentester to have another option to try to gain access. Many network sysadmins choose to close Telnet, SSH and HTTP ports, leaving the Winbox port open for graphical management or to another client (developed by third parties) which uses the RouterOS API port, such as applications for Android (managing routers and Hotspots) or web front-ends.Īt this point, MKBRUTUS comes into play )īoth, Winbox and API ports uses a RouterOS proprietary protocol to "talk" with management clients. This system can be managed by the following ways: RouterOS can be also installed on other devices such as PC. Many companies choose them as they are a great combination of low-cost and good performance. Mikrotik brand devices ( which runs the RouterOS operative system, are worldwide known and popular with a high networking market penetration. Ramiro Caire - email: / Twitter: Massa - email: / Twitter: MOTIVATION & SCENARIO
0 Comments
Leave a Reply. |