Scribd Logo
Upload

Welcome to Scribd!

  • Microtik Xploit

    Uploaded by

    Antonio Otero
    40 views1 page
    The document describes a remote heap corruption vulnerability in the sshd component of Mikrotik RouterOS that allows full access to the router device. It provides instructions for obtaining developer access to Mikrotik RouterOS using a modified NPK file to log in as the "devel" user and drop to a busybox shell. This allows further research on the sshd vulnerability using debugging tools. It notes over 290,000 Mikrotik routers exposed on Shodan and provides download links for a package with research materials.

    Original Description:

    xploit microtik os

    Original Title

    Microtik xploit

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes a remote heap corruption vulnerability in the sshd component of Mikrotik RouterOS that allows full access to the router device. It provides instructions for obtaining developer access to Mikrotik RouterOS using a modified NPK file to log in as the "devel" user and drop to a busybox shell. This allows further research on the sshd vulnerability using debugging tools. It notes over 290,000 Mikrotik routers exposed on Shodan and provides download links for a package with research materials.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    40 views1 page

    Microtik Xploit

    Uploaded by

    Antonio Otero
    The document describes a remote heap corruption vulnerability in the sshd component of Mikrotik RouterOS that allows full access to the router device. It provides instructions for obtaining developer access to Mikrotik RouterOS using a modified NPK file to log in as the "devel" user and drop to a busybox shell. This allows further research on the sshd vulnerability using debugging tools. It notes over 290,000 Mikrotik routers exposed on Shodan and provides download links for a package with research materials.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have

    a remote previous to authentication heap corruption in its sshd component.


    Exploitation of this vulnerability will allow full access to the router device.
    This analysis describes the bug and includes a way to get developer access to re
    cent versions of Mikrotik RouterOS
    using the /etc/devel-login file. This is done by forging a modified NPK file usi
    ng a correct signature and logging
    into the device with username devel
    and the password of the administrator. This will d
    rop into a busybox shell for
    further researching the sshd vulnerability using gdb and strace tools that have
    been compiled for the Mikrotik busybox
    platform.
    Shodanhq.com shows >290.000 entries for the ROSSSH search term.
    The 50 megs Mikrotik package including the all research items can be downloaded
    here:
    http://www.farlight.org/mikropackage.zip
    https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sp
    loits/28056.zip

    You might also like