MKBRUTUS - A Password Bruteforcer For MikroTik Devices or Boxes Running RouterOS

MKBRUTUS Bruteforce Tool

MKBRUTUS is a password bruteforcer for MikroTik devices or boxes running RouterOS.

Mikrotik brand devices, which runs the RouterOS operative system, are worldwide known and popular with a high networking market penetration. Many companies choose them as they are a great combination of low-cost and good performance. RouterOS can be also installed on other devices such as PC.

This system can be managed by the following ways:
  • Telnet
  • SSH
  • Winbox (proprietary GUI of Mikrotik)
  • HTTP
  • API

Many network sysadmins choose to close Telnet, SSH and HTTP ports, leaving the Winbox port open for graphical management or to another client (developed by third parties) which uses the RouterOS API port, such as applications for Android (managing routers and Hotspots) or web front-ends. At this point, MKBRUTUS comes into play ;)

Both Winbox and API ports use a RouterOS proprietary protocol to "talk" with management clients.

It is possible that in the midst of a pentesting project, you can find the ports 8291/TCP (Winbox) and 8728/TCP (API) open and here we have a new attack vector.

You can use MKBRUTUS to perform bruteforce attacks (dictionary-based) against RouterOS (ver. 3.x or newer) which have the 8728/TCP port open. 

Note: It is necessary to have Python 3.x installed in order to run this tool.

          _   _   _   _  _____  ____ _   _  ____ _   _ _____
| \/ || | / /| ___ \ ___ \ | | |_ _| | | / ___|
| . . || |/ / | |_/ / |_/ / | | | | | | | | \ `--.
| |\/| || \ | ___ \ /| | | | | | | | | |`--. \
| | | || |\ \| |_/ / |\ \| |_| | | | | |_| /\__/ /
\_| |_/\_| \_/\____/\_| \_|\___/ \_/ \___/\____/

Mikrotik RouterOS Bruteforce Tool 1.0.2
Ramiro Caire (@rcaire) & Federico Massa (@fgmassa)
http://mkbrutusproject.github.io/MKBRUTUS


NAME
MKBRUTUS.py - Password bruteforcer for MikroTik devices or boxes running
RouterOS

USAGE
python mkbrutus.py [-t] [-p] [-u] [-d] [-s] [-q]

OPTIONS
-t, --target RouterOS target
-p, --port RouterOS port (default 8728)
-u, --user User name (default admin)
-h, --help This help
-d, --dictionary Password dictionary
-s, --seconds Delay seconds between retry attempts (default 1)
-q, --quiet Quiet mode




Source: www.effecthacking.com
MKBRUTUS - A Password Bruteforcer For MikroTik Devices or Boxes Running RouterOS MKBRUTUS - A Password Bruteforcer For MikroTik Devices or Boxes Running RouterOS Reviewed by Anonymous on 9:58 PM Rating: 5