Mikrotik RouterOS WinBox Credentials Leakage Exploit (Download now – 2018)

This module extracts Mikrotik‘s RouterOS Administration Credentials and stores username and passwords in database. Even deleted or disabled users and passwords get dumped.

This module extracts winbox credentials in winbox releases prior to 04/20/2018

What is Mikrotik:
MikroTik is a Latvian company which was founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most of the countries around the world.

What to do
Simply put, don’t use Mikrotik in an enterprise environment. Not only in poses a security concern for an organization, it will put IT manager’s computer at a great risk because of all the external DLLs the winbox.exe binary downloads and executes on the computer (for more info on that check out Slingshot malware). In addition to all this, Mikrotik saves your passwords in easily decryptable ciphers.

References:

  • exploit-db.com/exploits/45170/
  • github.com/BigNerd95/WinboxExploit
  • n0p.me/winbox-bug-dissection/