GET YOUR VULNERABILITY AND THREAT DATABASE SUBSCRIPTION
EKOLABS 2016


Network Security

Published on December 7th, 2013 | by NJ Ouchn

1

[New Tool] MKBrutus The Mikrotik RouterOS Bruteforce attacker tool v1.0.0 released

Mikrotik brand devices (www.mikrotik.com), which runs the RouterOS operative system, are worldwide known and popular with a high networking market penetration. Many companies choose them as they are a great combination of low-cost and good performance. RouterOS can be also installed on other devices such as PC.

This system can be managed by the following ways:

  • Telnet
  • SSH
  • Winbox (proprietary GUI of Mikrotik)
  • HTTP
  • API

Many network sysadmins choose to close Telnet, SSH and HTTP ports, leaving the Winbox port open for graphical management or to another client (developed by third parties) which uses the RouterOS API port, such as applications for Android (managing routers and Hotspots) or web front-ends. At this point, MKBRUTUS comes into play 😉

Both, Winbox and API ports uses a RouterOS proprietary protocol to “talk” with management clients.

It is possible that in the midst of a pentesting project, you can find the ports 8291/TCP (Winbox) and 8728/TCP (API) open and here we have a new attack vector.

Because the port 8291/TCP is only possible to authenticate using the Winbox tool (at least by now ;), we realized the need of develop a tool to perform dictionary-based attacks over the API port (8728/TCP), in order to allow the pentester to have another option to try to gain access.

DICTIONARY-BASED ATTACK

MKBRUTUS is a tool developed in Python 3 that performs bruteforce attacks (dictionary-based) systems against RouterOS (ver. 3.x or newer) which have the 8728/TCP port open. Currently has all the basic features of a tool to make dictionary-based attacks, but in the future we plan to incorporate other options. There are many sites from where you can download wordlists, here are some:
http://wiki.skullsecurity.org/Passwords
http://wordlist.sourceforge.net/

SCREENSHOTS

MKBRUTUS options

MKBRUTUS options

MKBRUTUS performing an attack!

MKBRUTUS performing an attack !

 

 

Submitted by our buddy Federico Massa from “that city i love” 😉

 

Tags: , , , ,


About the Author

Principal Founder & Maintainer - Freelancer ICS/SCADA Security Expert As part of my research, I'm focusing into maintaining many projects as the DPE (Default Password Enumeration), vFeed® the open source correlated & cross-linked vulnerability database and FireCAT the Firefox Catalog of Auditing exTensions. Today, I'm the co-organizer of the major event Blackhat Arsenal Tools (US and Europe) since 2011 and since 2014 co-organizer of Rooted Warfare in Spain. I'm going by the handle of @toolswatch on Twitter and always willing to help, share and drink with friends from far and wide.



One Response to [New Tool] MKBrutus The Mikrotik RouterOS Bruteforce attacker tool v1.0.0 released

  1. Pingback: Enlaces de la SECmana – 204

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑