5/3/2023 0 Comments Wireshark tzsp![]() Welcome TaZmen Sniffer Protocol (TZSP)įrom Wikipedia, TZSP is an encapsulation protocol used to wrap other protocols. On further research, I noticed that one could do remote packet streaming, to a remote host running wireshark. ![]() Yeah using this hypothesis, I was able to discover an inbuilt packet sniffer integrated in Mikrotik, worked fine except for one disadvantage, the router's memory is not big enough so it has got size limitation on the size of the pcap file. Now think about this, imagine if we could be in a position to obtain every traffic going through the gateway, couldn't it be amazing, no need of ARP spoofing for we are listening capturing all traffic going through the router. RADIUS server and secret key RADIUS Server and Secret Key Post Exploitation - Packet Sniffing We can now successfully authenticate to the Mikrotik router.Īnd now we can obtain information such as, SSID & WiFi passwords. For more information on this vulnerability you can read the advisory Ī working PoC for this vulnerability can be found in, contains the compilation and usage instructions.Īt that time, my then ISP was impacted by this particular vulnerability and bingo, I was able to obtain admin credentials. Post exploitation the attacker can connect to Telnet or SSH using the root user "devel" with the admin's password. The exploit leverages the path traversal vulnerability CVE-2018-14847 to extract the admin password and create an "option" package to enable the developer backdoor. The vulnerability allowed an attacker to achieve remote code execution on vulnerable versions. A tale of how it all started.īeing an enthusiastic security researcher, the whole story started months ago, when I came across an vulnerability impacting Mikrotik running RouterOS versions: This blog post is my special RIP for my grandmother (Nyachula), written on the day of her send-off.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |