Community discussions

MikroTik App
 
emptech
just joined
Topic Author
Posts: 8
Joined: Wed Aug 13, 2014 8:59 am

lost admin password

Tue Oct 13, 2020 11:33 pm

Through the years, I never put a password on the admin acct. I have been able to log in via the web to my ip address and was able to use winbox.
I needed to look at some settings, tried to get in, and it wants a password, which I never gave it one. I don't know if somebody got into the system and set a password.

The question is, if I return the unit to factory, I will loose all my settings. I found some old backups, .rsc files that may not have the latest settings I have screen prints of some of the settings. What are my alternatives to getting in?

At this point I'm not in a hurry, but the time will come, I'll have to get back in.

Jim
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: lost admin password

Wed Oct 14, 2020 3:07 am

Did you have such relaxed approach also with upgrades? If you did, and your RouterOS is the "right" version, you can use this security hole to get the password:

https://blog.mikrotik.com/security/winb ... ility.html
 
emptech
just joined
Topic Author
Posts: 8
Joined: Wed Aug 13, 2014 8:59 am

Re: lost admin password

Sat Nov 21, 2020 3:57 am

I don't check this forum often, I just assumed it would send me a message when there was a response, well, it didn't.

Yes, I was laxed, have not updated the firmware, so I probably have that vulnerability. What I don't have is the "tool" that would allow me to access the database file. Where do I find it?

The worse case is for me to do a factory reset on the router and rebuild it from screen shots I've saved but don't have the hours to sit around with a non-working router. There is a reason for passwords, the system is just trying to do it's job, but I need to find that back door. The box has a touch screen lcd on the top, anything I can do while it is booting to get in?

Jim emptech@surewest.net
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: lost admin password

Sat Nov 21, 2020 5:36 am

https://github.com/BigNerd95/WinboxExploit.git

I don't know if there's anything better. I mean, there's nothing wrong with this, it's just that I'm not the biggest fan of Python. But it works, even on Windows.
 
emptech
just joined
Topic Author
Posts: 8
Joined: Wed Aug 13, 2014 8:59 am

Re: lost admin password

Mon Nov 23, 2020 7:14 am

Thanks for the response. I downloaded the files, next I need to install python on my win7 box. I've never used python before, so many things to learn, so little time.

I will advise as to the progress.

Jim
 
pe1chl
Forum Guru
Forum Guru
Posts: 10551
Joined: Mon Jun 08, 2015 12:09 pm

Re: lost admin password

Mon Nov 23, 2020 12:11 pm

In any case, make that /export of the current config and then netinstall the router to the current version (6.47.7) (including format of the flash) and start again from default config.
DO NOT just import the exported config but just keep it as a note to know what you have to configure again in the new setup.
DO NOT set the firewall the same as it was on the old version, but work from the default you get from the new version and only add what you really need.
(and that will be less than what was in the old firewall setup)

When you ignore this, your router will just be hacked again. Its setup was vulnerable due to errors in the firewall.