Password Recovery Tool Note: It appears this script will no longer function on RouterOS v6.13 and above due to changes in the encryption system used (and the ability to define a password per backup).
Contents. Summary Winbox is a small utility that allows administration of Mikrotik RouterOS using a fast and simple GUI. It is a native Win32 binary, but can be run on Linux and Mac OSX using Wine. All Winbox interface functions are as close as possible to Console functions, that is why there are no Winbox sections in the manual.
Some of advanced and system critical configurations are not possible from winbox, like MAC address change on an interface. Starting the Winbox Winbox loader can be downloaded directly from the router or from the. When downloading from the router, open a web browser and enter router's IP address, RouterOS welcome page will be displayed. Click on the menu item that says Winbox to download winbox.exe.
Note: Neighbor discovery will show also devices which are not compatible with Winbox, like Cisco routers or any other device that uses CDP (Cisco Discovery Protocol) Description of buttons and fields of loader screen. discovers and shows MNDP (MikroTik Neighbor Discovery Protocol) or CDP (Cisco Discovery Protocol) devices. Connect - Connect to the router. Save - Save address, login, password and note. Saved entries are listed at the bottom of loader window. Remove - Remove selected entry from saved list. Tools.
Allows to run various tools: removes all items from the list, clears cache on the local disk, imports addresses from wbx file or exports them to wbx file. Connect To: - destination IP or MAC address of the router. Login - username used for authentication.
Password - password used for authentication. Keep Password - if unchecked, password is not saved to the list.
Secure Mode - if checked, winbox will use TLS encryption to secure session. Load Previous Session - if checked, winbox will try to restore all previously opened windows. Note - description of the router that will be saved to the list. Warning: Passwords are saved in plain text. Anyone with access to your file system will be able to retrieve passwords. It is possible to use command line to pass connect to user and password parameters automatically: winbox.exe For example (with no password): winbox.exe 10.5.101.1 admin ' Will connect to router 10.5.101.1 with username 'admin'without password.
IPv6 connectivity Starting from v5RC6 Winbox supports IPv6 connectivity. To connect to the routers IPv6 address, it must be placed in square braces the same as in web browsers when connecting to IPv6 server. MacOS It is possible to use Winbox in Apple MacOS (OSX) operating system by using to package the application together with Wine. We have provided a readymade Winbox package that you can simply download and run:. for OSX (Winebottler package) Interface Overview Winbox interface has been designed to be intuitive for most of the users. Interface consists of:.
Main toolbar at the top where users ca add various info fields, like CPU and memory usage. Menu bar on the left - list of all available menus and sub-menus. This list changes depending on what packages are installed. For example if IPv6 package is disabled, then IPv6 menu and all it's sub-menus will not be displayed.
Work area - area where all menu windows are opened. Title bar shows information to identify with which router Winbox session is opened. Information is displayed in following format: username@Router's IP or MAC ( RouterID ) - Winbox ROS version on RB model (platform) From screenshot above we can see that user admin is logged into router with IP address 10.1.101.18. Router's ID is MikroTik, currently installed RouterOS version is v5.0beta1, RouterBoard is RB800 and platform is PowerPC. On the Main toolbar's left side is located undo and redo buttons to quickly undo any changes made to configuration. On the right side is located:.
winbox traffic indicator displayed as a green bar,. indicator that shows whether winbox session uses TLS encryption. checkbox Hide password. This checkbox replaces all sensitive information (for example, ppp secret passwords) with '.'
asterisk symbols. Work Area and child windows Winbox has MDI interface meaning that all menu configuration (child) widows are attached to main (parent) Winbox window and are showed in work area. Child windows can not be dragged out of working area. Notice in screenshot above that Interface window is dragged out of visible working area and horizontal scroll bar appeared at the bottom. If any window is outside visible work area boundaries the vertical or/and horizontal scrollbars will appear.
Child window menu bar Each child window has its own toolbar. Most of the windows have the same set of toolbar buttons:. Add - add new item to the list. Remove - remove selected item from the list. Enable - enable selected item (the same as enable command from console). Disable - disable selected item (the same as disable command from console). Comment - add or edit comment.
Sort - allows to sort out items depending on various parameters. Almost all windows have quick search input field at the right side of the toolbar. Any text entered in this field is searched through all the items and highlighted as illustrated in screenshot below Notice that at the right side next to quick find input filed there is a dropdown box.
For currently opened (IP Route) window this dropdown box allows to quickly sort out items by routing tables. For example if main is selected, then only routes from main routing table will be listed. Similar dropdown box is also in all firewall windows to quickly sort out rules by chains.
Sorting out displayed items Almost every window has a Sort button. When clicking on this button several options appear as illustrated in screenshot below Example shows how to quickly filter out routes that are in 10.0.0.0/8 range. Press Sort button. Chose Dst.Address from the first dropdown box. Chose in form the second dropdown box. 'in' means that filter will check if dst address value is in range of specified network.
Enter network against which values will be compared (in our example enter '10.0.0.0/8'). These buttons are to add or remove another filter to the stack. Press Filter button to apply our filter. As you can see from screenshot winbox sorted out only routes that are within 10.0.0.0/8 range. Comparison operators (Number 3 in screenshot) may be different for each window. For example 'Ip Route' window has only two is and in.
Other windows may have operators such as 'is not', 'contains', 'contains not'. Winbox allows to build stack of filters. For example if there is a need to filter by destination address and gateway, then. set first filter as described in example above,. press + button to add another filter bar in stack. set up seconf filter to filter by gateway. press Filter button to apply filters.
You can also remove unnecessary filter from the stack by pressing - button. Customizing list of displayed columns By default winbox shows most commonly used parameters. However sometimes it is needed to see another parameters, for example 'BGP AS Path' or other BGP attributes to monitor if routes are selected properly. Winbox allows to customize displayed columns for each individual window. For example to add BGP AS path column:. Click on little arrow button ( 1) on the right side of the column titles or right mouse click on the route list.
From popped up menu move to Show Columns ( 2) and from the sub-menu pick desired column, in our case click on BGP AS Path ( 3) Changes made to window layout are saved and next time when winbox is opened the same column order and size is applied. Detail mode It is also possible to enable Detail mode. In this mode all parameters are displayed in columns, first column is parameter name, second column is parameter's value.
To enable detail mode right mouse click on the item list and from the popupmenu pick Detail mode Category view It is possible to list items by categories. In tis mode all items will be grouped alphabetically or by other category. For example items may be categorized alphabetically if sorted by name, items can also be categorized by type like in screenshot below. To enable Category view, right mouse click on the item list and from the popupmenu pick Show Categories Drag & Drop It is possible to upload and download files to/from router using winbox drag & drop functionality. Note: Drag & Drop does not work if winbox is running on Linux using wine. This is not a winbox problem, wine does not support drag & drop. Traffic monitoring Winbox can be used as a tool to monitor traffic of every interface, queue or firewall rule in real-time.
Screenshot below shows ethernet traffic monitoring graphs. Item copy This shows how easy it is to copy an item in Winbox. In this example, we will use the COPY button to make a Dynamic WDS interface into a Static interface. This image shows us the initial state, as you see DRA indicates 'D' which means Dynamic:.
Double-Click on the interface and click on COPY:. A new interface window will appear, a new name will be created automatically (in this case WDS2). You can see that the new interface status has changed:.
Transferring Settings On Windows Vista/7 Winbox settings are stored in:%USERPROFILE% AppData Roaming Mikrotik Winbox winbox.cfg Simply copy this file to the same location on the new host. Troubleshooting Winbox cannot connect to router's IP address Make sure that Windows firewall is set to allow Winbox connections or disable windows firewall. I get an error '(port 20561) timed out' when connecting to routers mac address Windows (7/8) does not allow mac connection if file and print sharing is disabled.
A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year. The vulnerability, identified as CVE-2018-14847, was initially rated as medium in severity but should now be rated critical because the new hacking technique used against vulnerable MikroTik routers allows attackers to remotely execute code on affected devices and gain a root shell. The vulnerability impacts Winbox—a management component for administrators to set up their routers using a Web-based interface—and a Windows GUI application for the RouterOS software used by the MikroTik devices.
The vulnerability allows 'remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID.' New Hack Turned 'Medium' MikroTik Vulnerability Into 'Critical' However, the new attack method found by Tenable Research exploits the same vulnerability and takes it to one step ahead. A PoC exploit, called ',' released by Tenable Research Jacob Baines, first uses directory traversal vulnerability to steal administrator login credentials from user database file and the then writes another file on the system to gain root shell access remotely. In other words, the new exploit could allow unauthorized attackers to hack MikroTik's RouterOS system, deploy malware payloads or bypass router firewall protections. The technique is yet another security blow, which was previously targeted by the and used in an extensive uncovered a few months ago. New MikroTik Router Vulnerabilities Besides this, Tenable Research also additional MikroTik RouterOS vulnerabilities, including:. CVE-2018-1156—A stack buffer overflow flaw that could allow an authenticated remote code execution, allowing attackers to gain full system access and access to any internal system that uses the router.
CVE-2018-1157—A file upload memory exhaustion flaw that allows an authenticated remote attacker to crash the HTTP server. CVE-2018-1159—A www memory corruption flaw that could crash the HTTP server by rapidly authenticating and disconnecting. CVE-2018-1158—A recursive parsing stack exhaustion issue that could crash the HTTP server via recursive parsing of JSON. The vulnerabilities impact Mikrotik RouterOS firmware versions before 6.42.7 and 6.40.9. Tenable Research reported the issues to MikroTik in May, and the company addressed the vulnerabilities by releasing its RouterOS versions 6.40.9, 6.42.7 and 6.43 in August.
While all the vulnerabilities were patched over a month ago, a recent scan by Tenable Research revealed that 70 percent of routers (which equals to 200,000) are still vulnerable to attack. The bottom line: If you own a MikroTik router and you have not updated its RouterOS, you should do it right now. Also, if you are still using default credentials on your router, it is high time to change the default password and keep a unique, long and complex password.