Hello Everyone,
We are facing a serious bug , there is big bug in the microtik system that will destroy it, which will stop our business, and SOLUTIONS must be found, hoping the R&D fix it immediately, and anyone has any idea how to solve it please contact me. Meanwhile, Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is

WTF

Hello Everyone,
We are facing a serious bug , there is big bug in the microtik system that will destroy it, which will stop our business, and SOLUTIONS must be found, hoping the R&D fix it immediately, and anyone has any idea how to solve it please contact me. Meanwhile, Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is

The Mikrotik version matters?

Post your version in use, and your external access to the router setup and your internal access to the router setup, otherwise all I see is hot air.

Probably related to this (known) topic: viewtopic.php?t=133533

But, if you think you found a new bug, please contact support directly with instructions and supout.

Please contact us at support@mikrotik.com with descriptions

Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is

Go for it:
demo.mt.lv
demo2.mt.lv

Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is

Go for it:
demo.mt.lv
demo2.mt.lv

username : admin
password :empty

Good, but now try for real with two existing real admin accounts.

Good, but now try for real with two existing real admin accounts.

change your user name and password for admin user and he will know it

Those routers have two admin accounts with full rights, and it's even easier, because you can see their names using the password-less "admin" account. It's two MikroTik's own demo routers, with supposedly secure RouterOS. And to be honest, I'm a little skeptic that you can get in (as full admin). But if you really can, keep the paswords for yourself, and if you want to impress us (and MikroTik too, no doubt), just make some small harmless change, e.g. /system note set note="some text".

Those routers have two admin accounts with full rights, and it's even easier, because you can see their names using the password-less "admin" account. It's two MikroTik's own demo routers, with supposedly secure RouterOS. And to be honest, I'm a little skeptic that you can get in (as full admin). But if you really can, keep the paswords for yourself, and if you want to impress us (and MikroTik too, no doubt), just make some small harmless change, e.g. /system note set note="some text".

Hi Sob
just sent me your own cloud or host name and I'll prove that to you and sent u you username and pass

Please contact us at support@mikrotik.com with descriptions

i did that and i hope them replay as soon as they can

116.15.139.78 mikrotik with public IP

116.15.139.78 mikrotik with public IP

at last open one port !!

public ip 80.249.83.171

Probably related to this (known) topic: viewtopic.php?t=133533

But, if you think you found a new bug, please contact support directly with instructions and supout.

ya seems like this but using port 80
and should to change the winbox port 8291

public ip 80.249.83.171

opean port www and winbox 8291 sir

public ip 80.249.83.171

opean port www and winbox 8291 sir

Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16

public ip 80.249.83.171

opean port www and winbox 8291 sir

Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16

its all close from my side sir

public ip 80.249.83.171

opean port www and winbox 8291 sir

Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16

its all close from my side sir

so, that means one of the next variants: 1) there are no program to get login and password; 2) this program exist, but doesn't work with new ROS versions. 3) it works in theory, but basic security rules (nothing extra ordinary) prevent from it.

public ip 80.249.83.171

opean port www and winbox 8291 sir

Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16

i search for all your rnage and i just give you sample
to systems i got them username and pass
1-
80.249.84.182 80 admin:turbo3*(+
admin:turbo3*(+
2-
80.249.83.125 80 admin:GfhjkmJnvbrhjnbrf91 MikroTik RouterOS v6.40.4

i hope you don't do anything to this systems sir
i just give u a samples to believe that

public ip 80.249.83.171

opean port www and winbox 8291 sir

Starting Nmap ( https://nmap.org ) at 2018-06-09 04:16 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 04:16
Scanning 80.249.83.171 [4 ports]
Completed Ping Scan at 04:16, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 04:16
Scanning mail.itbel.com (80.249.83.171) [6 ports]
Discovered open port 80/tcp on 80.249.83.171
Discovered open port 8729/tcp on 80.249.83.171
Discovered open port 8728/tcp on 80.249.83.171
Discovered open port 8291/tcp on 80.249.83.171
Completed SYN Stealth Scan at 04:16, 0.22s elapsed (6 total ports)
Initiating Service scan at 04:16

its all close from my side sir

so, that means one of the next variants: 1) there are no program to get login and password; 2) this program exist, but doesn't work with new ROS versions. 3) it works in theory, but basic security rules (nothing extra ordinary) prevent from it.

no you are wrong
this program its exist and work very excellent
its can got any password and username faster with any version unless 6.40.8 and 6.42.1 just
its also can get a lot other system but we are not care about it
the big problem its the mikrotik

this are not my routers, so i wouldn't check, but as i see in your post - they have old ROS. In 6.42.1 was fix for vulnerability in winbox

this are not my routers, so i wouldn't check, but as i see in your post - they have old ROS. In 6.42.1 was fix for vulnerability in winbox

yah not work with 6.42.1 you are right
after my post someone shear this post viewtopic.php?t=133533
and talks about this bug
That's great work from Mikrotik to slove it
but the big problems a lot systems around the world not upgraded and they not know about it and they trust mikrotik system
here the problem

this are not my routers, so i wouldn't check, but as i see in your post - they have old ROS. In 6.42.1 was fix for vulnerability in winbox

yah not work with 6.42.1 you are rigth
after my post someone shear this post viewtopic.php?t=133533
and talks about this bug
That's great work from Mikrotik to slove it
but the big problems a lot systems around the world not upgraded and they not know about it and they trust mikrotik system
here the problem

i don't see any problem in mikrotik, it is the problem of admins. It is so, because there is information in changelog, there were posts in mikrotik twitter, facebook with information about vulnerability and it's fix. also there was information in many other resources

That guy just found in first time (in)famous RouterScan and shocked about security in net.
Just upgrade your devices if it's a MT routers, or use OpenWRT if these devices are shitty home routers abandoded by their manufacturers

Just wonder what he say when he see 3wifi database

So it's just the recent WinBox vulnerability? It's good then. I mean, not good, obviously. That was major screwup on MikroTik's side, and blaming it on "unsecured routers" in changelog wasn't fair either, people usually don't think about fifty-characters passwords as "unsecured". But it's good there isn't another one.

Hello,

Just for testing purpose I just created a VM with IP 201.217.241.120
Try getting password. Clue: password starts with "test" word.
Port: winbox 8291

Regards.

That was major screwup on MikroTik's side, and blaming it on "unsecured routers" in changelog wasn't fair either, people usually don't think about fifty-characters passwords as "unsecured". But it's good there isn't another one.

Nope. If you use old system and set up it to connect to the internet via nude ass - just don't wonder if some kiddies hijack your device.
To succesfully exploit you need not only old firmware but also open winbox port for direct access from wan. Default config do not allow this. If you config router like these manually... well, don't cry about "Russian hackers".

Funny how people are so quick to post an issue without bothering to check to see if its already been discussed.
Anyone exposing management ports to the public facing Internet deserves whatever comes their way.
Attacks from LAN to router and from WAN to router are easily prevented by only allowing trusted IP's or networks access to management ports. Never rely on others to secure your network.

I'd like to slightly disagree with last two posters. Now, when fixed version is available, it's on anyone who keeps the old vulnerable one. But the main problem was, to quote official explanation:

The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file.

You're right that when you block connections to WinBox port, it's safe. But you can't block everything. What if the vulnerability wasn't in WinBox server, but in SSTP server? They both depend only on strong passwords (SSTP's non-standard option to require client certificate doesn't count, because it's not compatible with regular clients). If I got hacked because of such vulnerability in SSTP, would you tell me that it's my fault for leaving SSTP port open to whole world? But it's the idea of VPNs, to allow users to connect from everywhere. I agree that it doesn't apply to WinBox, but it's exactly the same principle.

No hard feelings from me (after all, nothing of mine got hacked), but MikroTik is #1 to blame here. And regarding the "unsecured routers" explanation, only being almost a fanboy prevents me from using "bullshit" as reply.

Sob.
In general, all of our enviroinment in this world require some knowledge about "what you doing".
If I buy microwave oven and it will be hacked - well, manufacturer never told me about "main goal of our microvave oven is security system."
If MT make his own proprietary vpn, say "main goal is security, blah-blah" and after that it have a vulnerability - shame on MT. But winbox is just a config tool, nothing about security here and MT never say about that's super-secured, moreover - winbox denied in defconf firewall.

Well, let's try to see from different point of view.

I buy 20$ cheap tp-link or dlink router. Then open telnet from wan - by default, of course, telnet closed.
And when someone hack into, post "this is shit %manufscturer_name% in facebook. But telnet is nothing about security, it,s just config tool.

Are you saying that if it's "just a config tool", it's allowed to give passwords to anyone who asks? It's just wrong, no matter what it is, if I have password like "QWnXSS_bX8p8er&C$d?:ZwPMdv" I expect it to be secure enough. It should be, bruteforcing over the net would take a lifetime. And if there's some other way, it must be horrible mistake done by whoever implemented it.

What if the vulnerability wasn't in WinBox server, but in SSTP server? They both depend only on strong passwords (SSTP's non-standard option to require client certificate doesn't count, because it's not compatible with regular clients). If I got hacked because of such vulnerability in SSTP, would you tell me that it's my fault for leaving SSTP port open to whole world? But it's the idea of VPNs, to allow users to connect from everywhere. I agree that it doesn't apply to WinBox, but it's exactly the same principle.

Then the comment would be different. SSTP is not the same as administration access to your device. There are zero reasons to leave winbox access open to all, especially with default port.

I agree that while SSTP port is supposed to be open, WinBox port should rather not be. But on technical level it's Service A with its security depending only on strong passwords and bug-free implementation, and Service B with its security depending only on strong passwords and bug-free implementation => exactly the same thing. I don't plan to beat it to death, what's done is done. And how to say it, I understand that "but you shouldn't have had that port open!" is something I would probably also want to say, if I managed to create such nice bug as this.

Hello Everyone,
We are facing a serious bug , there is big bug in the microtik system that will destroy it, which will stop our business, and SOLUTIONS must be found, hoping the R&D fix it immediately, and anyone has any idea how to solve it please contact me. Meanwhile, Anyone who wants the username and password of his Mikrotik System , only send me your cloud ip or host name and i will give you it , no matter how long and complicated it is

Go For It:
IP: 103.120.166.42

Hi please help me
I have deleted my admin user and icant remember the username i created.
Ip : 5.160.78.150