Mikrotik Routers are some of the most popular routing devices on the internet, especially in Eastern nations. Today in my lab environment I will show you an easy Metasploit option to own these devices.
Mikrotik routers are made by a Lithuanian Company and their source code is proprietary, thus making exploiting them relativly easy. In this exploit we will be utilizing Metasploit, in order to get the device to leak its credentials to us.
Start by scanning your vulnerable Mikrotik with Nmap to see what is open!
Note: This is not the IP address of public-facing Mikrotiks, and all exploits were done in a private lab environment with virtual machines.
As we can see from the output of this basic scan FTP, ssh, telnet are open, along with their proprietary bandwidth test port (2000). The other port that we are keenly interested in is 8291 which is their proprietary winbox port. Thus, finding devices with 22, and 8291 open is a must.
From a simple searchsploit command (the offline version of exploit-db), we can see quite a few potential vulnerabilities. Let's give the second to last exploit a go and see where it leads us.
