MkCheck is used to check MikroTik Routers for:

• winbox_auth_bypass_creds_disclosure - Affected Versions: 6.29 to 6.42
• routeros_jailbreak - Affected Versions: 2.9.8 to 6.41rc56
• ByTheWay (CVE-2018-14847) - Affected Versions: * Longterm: 6.30.1 to 6.40.7 * Stable: 6.29 to 6.42.0 * Beta: 6.29rc1 to 6.43rc3

MkCheck matches IP address to WiFi Access Point Names

If routersploit module confirms if the Mikrotik device is vulnerable and if found - displays login credentials

Which must be entered into scripts/miko.py for MkCheck's auto search module to correctly work.

ByTheWay Root Shell Check The exploit leverages the path traversal vulnerability CVE-2018-14847 to extract the admin password and create an "option" package

to enable the developer backdoor. Post exploitation the attacker can connect to Telnet or SSH using the root user "devel" with the admin's password.

The main function auto spawns ssh sessions on the compromised targets to enumerate the Network Access Point name from IP

This is done through command = "/system identity print"

The logs are then automatically cleaned via "/console clear-history" command.

You can change the command value in order to enumerate different data.

Chaning the command to "/system default-configuration print" will print out the default configuration

Once the Network AP Name has been found the attacker can use the IP and login credentials to work with Mikrotik Routers config from a web-session.

Results are automatically saved in organised in their respective folders

• Vulns (MikroTik AP Name Search)
• RSF (Routersploit Scan Info)
• btw (ByTheWay Exploit Check)

Github Repo