Make sure you have binwalk installed
sudo apt install binwalk
Download the firmware from Ubiquiti’s website
https://ui.com/download/software/uap-ac-lite
We’ll need to extract the images a couple of times
binwalk -e 6.5.54.bin cd ./_6.5.54.bin.extracted binwalk -e 50FEE cd _50FEE.extracted/ binwalk -e 3C7CC4
The last binwalk will extract the actual file system.
cd _3C7CC4.extracted/cpio-root
There are at least 3 different ways to loop over arrays in JavaScript. The three we will go over in this article are the
The forEach takes a callback function that is executed for element of the array. The callback function’s first argument is the element of the array.
const myArray = ["First", "Second", "Third"]
myArray.forEach(function(myElement, index, array) {
console.log(`My Element is ${myElement}, index is ${index}, and array is {$array}`
}Couple things to note about forEach
Using the for of loop, we can loop through the array with
const myArray = ["First", "Second", "Third"]
for (const [i, myElement] of myArray) {
console.log(`My Element is ${myElement}, index is ${i}`)
}And using just a simple for loop, we can do
const myArray = ["First", "Second", "Third"]
for (let i = 0; i < myArray.length; i++) {
console.log(`My Element is ${myarray[i]}, index is ${i}`)
}If we take the following code, we call the Log function without the (). This calls the Log function every time the buttonObject is clicked.
// Find object id myButton
let buttonObject = document.getElementById('myButton')
// Add an event listener, and run Log function when clicked.
buttonObject.addEventListener('click', Log)
// If we call Log(), it will immediately trigger the function
function Log () {
console.log("Hello World!")
}But what if we want to pass in a variable to the Log function? We can’t run Log('some text') as the function will run before we click the object.
We can however wrap the Log function inside of an anonymous function like so
let buttonObject = document.getElementById('myButton')
// Now Log() function will be run with the variable getting passed.
buttonObject.addEventListener('click', () => {
Log('Hello World!')
})
function Log (textVariable) {
console.log(textVariable)
}Our Log function gets triggered when the object is clicked, and the variable is passed properly. You can swap out thy arrow function with a nameless function ()
https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router
Things to harden
Before deleting the default admin user, create your own user account.
/user/add name=MyUsername group=full password=mylongsecurepassword
Note: running /user/add will prompt you for the rest of the options.
Delete the default admin user with
/user remove admin
We want to delete the default admin user for two reasons. 1. There is no default password for this user. 2. It is a default username which means it will be targeted for brute force attacks.
Consider using the /users/groups for more granular control.
In the following, we disabled all services except SSH and Winbox. We also limit access to those services only from private “RFC 1918” IP addresses. Customize as needed.
/ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set www-ssl tls-version=only-1.2 set ssh address="set winbox address="192.168.0.0/16,172.16.0.0/12,10.0.0.0/8" set api disabled=yes set winbox address="set winbox address="192.168.0.0/16,172.16.0.0/12,10.0.0.0/8" set api-ssl disabled=yes tls-version=only-1.2
for www-ssl and api-ssl, tls-version is not a required argument, but you may consider using it if you need the API or Webfig.
/ip/ssh/set strong-crypto=yes allow-none-crypto=no always-allow-password-login=no host-key-size=4096
And regenerate the SSH host key. It will prompt for a [y/N], hit y to regenerate.
/ip/ssh/regenerate-host-key
Unless your device is being used as a DNS resolver, it is best to disable the “Allow Remote Request”
ip dns/set allow-remote-requests=no
If you do need it enabled, then be sure to add some firewall rules to keep your router from being used in amplification attacks.
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=udp
You can configure interface lists in /interface/list or Interface -> Interface List in the gui
Or you can change to in-interface and specify the WAN interface directly. You could also set it to !LAN if you have a LAN interface list set up.
Mikrotik Recently patched CVE-2023-37099 which was a way someone with an admin account, could escalate to a “super admin”, or jail break a router.
It appears the technique has been around for about a year.
Affected versions: < 6.49.7
The good news is that someone would already have to have an account to elevate permissions. If your routers have been using strong passwords or SSH public/private keys and have internet management disabled, then you are probably fine.
There are a couple different options for undeleting files for XFS filesystems.
TestDisk is a great command line recovery tool. Unfortunately, it can be slightly more difficult on systems using XFS compared to EXT4 systems. TestDisk does not support undeleting a file in place on XFS.
You can still recover files using TestDisk, you just need to recover the whole drive and dig through the recovery results to find the files you want.
There is also another utility that can be helpful. xfs_undelete
https://github.com/ianka/xfs_undelete
It allows for a little more flexibility in recovering files. For instance, you can specify to recover the files from the past hour to recover.
Download prerequisites
sudo dnf install tcllib wget https://raw.githubusercontent.com/ianka/xfs_undelete/master/xfs_undelete chmod u+x ./xfs_undelete ./xfs_undelete
Example of running xfs_undelete
./xfs_undelete -t -1hour ./dev/sda2
You will need a different filesystem to save the files to. Otherwise you will receive the following error.
Your output directory is /home/bob/recovery/ That is within the filesystem / you want to recover files from. This isn't feasible as it would overwrite the deleted files you wanted to recover. Please specify the option -o /path/to/output_directory on another (rw mounted) filesystem or run xfs_undelete from within a directory on that filesystem so the recovered files could be written there. They cannot be recovered in place.
It’s not the greatest idea to recover on the system while running. Ideally, shut the system down, plug the drive into another machine as read only, and copy the files off.
You could also boot up in single user mode or a live Linux iso/thumbdrive and mount another recovery drive. Should work for both physical and virtual environments.
How to configure SNMP v3 on Cisco Switch, Router, ASA, Nexus (bestmonitoringtools.com)
Enter configuration mode
enable conf t
Everything in bold you should look at changing.
snmp-server view ViewDefault iso include snmp-server group GroupName v3 priv read ViewDefault snmp-server location address snmp-server user MyUsername GroupName v3 auth sha AuthPass1 priv aes 128 PrivPass
Exit and save changes
exit write
Now we can verify the snmp details with
show snmp
We’ll follow the documentation from here.
Changes are made to the /etc/rsyslog.conf config file.
For this example, we will be configuring our named.log file to not exceed 50MiB, and then we’ll have a rotated log “.1” that is also 50MiB. Total it should not exceed 100BMiB.
First we need to create an out channel, and then we assign the out channel to a logging channel. We also need a script that rotates the logs.
$outchannel log_rotation,/var/log/named.log, 52428800,/home/user/log_rotation.sh
On our line that is logging named, at the end add :$log_rotation
Example:
local0.* /var/log/named.log:$log_rotation
Somewhere on the system, create a rotate.sh script. Name it whatever you want, just be sure the path and name in the rsyslog.conf is the same.
Add the following one line to move the current log to a rotate log.
mv -f /var/log/named.log /var/log/named.log.1
As the log fills up and hits ~50MiB, the named.sh script will run which rotates(moves) the log file to logfile.log.1. This will keep our usage for named.log to 100MiB.
Make sure Bubbles is on in the system settings. When you receive a message that supports bubbles, there should be a little button on the notification. Tap it to pop the message out into a bubble.
Unbubbling a conversation is the exact same steps. When you receive a notification, tap the unbubble button. That conversation will now not bubble.
