An open API service indexing awesome lists of open source software.

https://github.com/mrmtwoj/0day-mikrotik

0day-mikrotik is a security tool designed to identify and exploit vulnerabilities in MikroTik routers, enabling security researchers to assess the resilience of their network infrastructure.
https://github.com/mrmtwoj/0day-mikrotik

0day-mikrotik-security-exploitation

Last synced: about 1 year ago
JSON representation

0day-mikrotik is a security tool designed to identify and exploit vulnerabilities in MikroTik routers, enabling security researchers to assess the resilience of their network infrastructure.

Awesome Lists containing this project

README

          

# Project Information

Name Project :
0day Mikrotik | Mikrotik WinBox Exploit


CVE :CVE-2018-14847


Last version :1.0.0


Last updated : 25/07/2018


Defective version: Mikrotik WinBox 6.42


Programming language : Python


youtube : https://youtu.be/h6JSNFhQUN8


Company name : acyber (IT Security Lab Iran)


Mikrotik



MikroTik is a Latvian company which was founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most of the countries around the world. Our experience in using industry standard PC hardware and complete routing systems allowed us in 1997 to create the RouterOS software system that provides extensive stability, controls, and flexibility for all kinds of data interfaces and routing. In 2002 we decided to make our own hardware, and the RouterBOARD brand was born. We have resellers in most parts of the world, and customers in probably every country on the planet. Our company is located in Riga, the capital city of Latvia and has more than 140 employees.


From Winbox v3.14, the following security features are used:

Winbox.exe is signed with an Extended Validation certificate, issued by SIA Mikrotīkls (MikroTik).

WinBox uses ECSRP for key exchange and authentication (requires new winbox version).

Both sides verify that other side knows password (no man in the middle attack is possible).

Winbox in RoMON mode requires that agent is the latest version to be able to connect to latest version routers.

Winbox uses AES128-CBC-SHA as encryption algorithm (requires winbox version 3.14 or above).

# Contacts


  • Author : Mohamamd javad Joshani Disfani (mr.mtwoj)

  • Linkedin : https://ir.linkedin.com/in/joshani

  • E-Mail : mr.mtwoj@gmail.com

  • Website : www.acyber.ir

  • Twitter : @mrmtwoj

  • Github : https://github.com/mrmtwoj/0day-mikrotik