Hardening Mikrotik RouterOS

Posted on August 4, 2023 by admin

https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

Things to harden

Delete default admin user
Disable unused services and whitelist IP’s
Secure SSH
DNS

Delete default admin user

Before deleting the default admin user, create your own user account.

/user/add name=MyUsername group=full password=mylongsecurepassword

Note: running /user/add will prompt you for the rest of the options.

Delete the default admin user with

/user remove admin

We want to delete the default admin user for two reasons. 1. There is no default password for this user. 2. It is a default username which means it will be targeted for brute force attacks.

Consider using the /users/groups for more granular control.

Disable unused services

In the following, we disabled all services except SSH and Winbox. We also limit access to those services only from private “RFC 1918” IP addresses. Customize as needed.

/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl tls-version=only-1.2
set ssh address="set winbox address="192.168.0.0/16,172.16.0.0/12,10.0.0.0/8"
set api disabled=yes
set winbox address="set winbox address="192.168.0.0/16,172.16.0.0/12,10.0.0.0/8"
set api-ssl disabled=yes tls-version=only-1.2

for www-ssl and api-ssl, tls-version is not a required argument, but you may consider using it if you need the API or Webfig.

Secure SSH

/ip/ssh/set strong-crypto=yes allow-none-crypto=no always-allow-password-login=no host-key-size=4096

And regenerate the SSH host key. It will prompt for a [y/N], hit y to regenerate.

/ip/ssh/regenerate-host-key

Hardening SSH on Mikrotik Routers

DNS

Unless your device is being used as a DNS resolver, it is best to disable the “Allow Remote Request”

ip dns/set allow-remote-requests=no

If you do need it enabled, then be sure to add some firewall rules to keep your router from being used in amplification attacks.

add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=udp

You can configure interface lists in /interface/list or Interface -> Interface List in the gui

Or you can change to in-interface and specify the WAN interface directly. You could also set it to !LAN if you have a LAN interface list set up.

MikroTik RouterOS Privilege Escalation Exploit CVE-2023-37099

Posted on August 3, 2023 by admin

Mikrotik Recently patched CVE-2023-37099 which was a way someone with an admin account, could escalate to a “super admin”, or jail break a router.

It appears the technique has been around for about a year.

Affected versions: < 6.49.7

The good news is that someone would already have to have an account to elevate permissions. If your routers have been using strong passwords or SSH public/private keys and have internet management disabled, then you are probably fine.

https://github.com/MarginResearch/FOISted

https://vulncheck.com/blog/mikrotik-foisted-revisited

How to Undelete Files on XFS Filesystem

Posted on August 2, 2023 by admin

There are a couple different options for undeleting files for XFS filesystems.

TestDisk

TestDisk is a great command line recovery tool. Unfortunately, it can be slightly more difficult on systems using XFS compared to EXT4 systems. TestDisk does not support undeleting a file in place on XFS.

You can still recover files using TestDisk, you just need to recover the whole drive and dig through the recovery results to find the files you want.

xfs_undelete

There is also another utility that can be helpful. xfs_undelete

https://github.com/ianka/xfs_undelete

It allows for a little more flexibility in recovering files. For instance, you can specify to recover the files from the past hour to recover.

Download prerequisites

sudo dnf install tcllib
wget https://raw.githubusercontent.com/ianka/xfs_undelete/master/xfs_undelete
chmod u+x ./xfs_undelete

./xfs_undelete

Example of running xfs_undelete

./xfs_undelete -t -1hour ./dev/sda2

You will need a different filesystem to save the files to. Otherwise you will receive the following error.

Your output directory is  /home/bob/recovery/
That is within the filesystem  /  you want to recover files
from. This isn't feasible as it would overwrite the deleted files you wanted to
recover. Please specify the option -o /path/to/output_directory on another (rw
mounted) filesystem or run xfs_undelete from within a directory on that
filesystem so the recovered files could be written there. They cannot be
recovered in place.

It’s not the greatest idea to recover on the system while running. Ideally, shut the system down, plug the drive into another machine as read only, and copy the files off.

You could also boot up in single user mode or a live Linux iso/thumbdrive and mount another recovery drive. Should work for both physical and virtual environments.

Configure SNMPv3 on Cisco Router

Posted on July 31, 2023 by admin

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-16/snmp-xe-16-book/nm-snmp-cfg-snmp-support.html

How to configure SNMP v3 on Cisco Switch, Router, ASA, Nexus (bestmonitoringtools.com)

Enter configuration mode

enable
conf t

Everything in bold you should look at changing.

snmp-server view ViewDefault iso include
snmp-server group GroupName v3 priv read ViewDefault
snmp-server location address
snmp-server user MyUsername GroupName v3 auth sha AuthPass1 priv aes 128 PrivPass

Exit and save changes

exit
write

Now we can verify the snmp details with

show snmp

Log rotation for rsyslog using fixed size

Posted on July 31, 2023 by admin

We’ll follow the documentation from here.

Changes are made to the /etc/rsyslog.conf config file.

For this example, we will be configuring our named.log file to not exceed 50MiB, and then we’ll have a rotated log “.1” that is also 50MiB. Total it should not exceed 100BMiB.

First we need to create an out channel, and then we assign the out channel to a logging channel. We also need a script that rotates the logs.

Create the Output Channel

$outchannel log_rotation,/var/log/named.log, 52428800,/home/user/log_rotation.sh

Assign Output Channel to Logging Channel

On our line that is logging named, at the end add :$log_rotation

Example:

local0.*                   /var/log/named.log:$log_rotation

Script to Rotate Log

Somewhere on the system, create a rotate.sh script. Name it whatever you want, just be sure the path and name in the rsyslog.conf is the same.

Add the following one line to move the current log to a rotate log.

mv -f /var/log/named.log /var/log/named.log.1

As the log fills up and hits ~50MiB, the named.sh script will run which rotates(moves) the log file to logfile.log.1. This will keep our usage for named.log to 100MiB.

Protected: A story on IAAAA

Posted on July 29, 2023 by admin

How to Bubble and Unbubble Conversations on Android

Posted on July 29, 2023 by admin

How to Bubble a conversation

Make sure Bubbles is on in the system settings. When you receive a message that supports bubbles, there should be a little button on the notification. Tap it to pop the message out into a bubble.

How to pop the bubbled “Unbubble” conversation

Unbubbling a conversation is the exact same steps. When you receive a notification, tap the unbubble button. That conversation will now not bubble.

How To Hack Your Bank Account “$1 Million” using Kali Linux

Posted on July 29, 2023 by admin

Disclaimer. Okay, we are not actually going to “hack” your bank account. But we are going to quickly use the developer tools to manipulate text on our browser.

Log into your bank account.
Find your bank and the current amount.
Open up the Developer Tools ( Menu Option > More tools > Web Developer Tools
In the top left of the developer window, select the mouse. This should let you go to the web page, click on your “account balance”.
Double click and change your “account balance” to $1 Million.

Congratulations! You are a millionaire. At least on paper.

*If you honestly were looking for a way to hack your bank account for 1 million dollars… Stop…

17 Must Know Git Commands

Posted on July 26, 2023 by admin

Quick and dirty cheat sheet for using git

Configure user

git config --global user.name "Username"

git config --global user.email "email@email.com"

Initialize git

git init

Check log of commits

git log

Check status

git status

Add all files to staging to be committed

git add -A

Setup .gitignore, to ignore files and directories

Example to add .DS_Store files to the ignore file.

echo ".DS_Store" >> .gitignore

Undo commits

git reset --hard

https://stackoverflow.com/questions/927358/how-do-i-undo-the-most-recent-local-commits-in-git

Branches

Setup a branch

git branch branch_name

Switch to a branch

git checkout branch_name

Merge branch to master

git checkout master
git merge branch_name

Remote Repository (GitHub)

https://docs.github.com/en/get-started/getting-started-with-git/managing-remote-repositories

You’ll can setup SSH keys to connect to GitHub.

https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account

git remote add origin git@github.com:OWNER/REPO.git

Setup origin

git push --set-upstream origin master

Upload files to GitHub

git push origin master

Verify remote origin

git remote -v

Set origin URL (Helpful if it has already been added)

git remote set-url origin git@github.com:OWNER/REPO.git

Install Guide for Pangolin Whisper Web Interface on Linux

Posted on July 22, 2023 by admin

Pangolin is a simple web interface for OpenAI’s Whisper system. Very easy and simple to use.

https://github.com/incredig33k/pangolin/

Add User

We’ll setup a new unprivileged user called pangolin.

sudo useradd -m pangolin
sudo passwd pangolin

su pangolin
cd
pip3 install whisper-ctranslate2
  or 
pip3.9 install whisper-ctranslate2

npm install https formidable@2.1.1 fs path url

wget https://github.com/incredig33k/pangolin/releases/download/pre-release/pangolin-web.zip

unzip ./pangolin_web.zip
cd pangolin_web
mkdir uploads

Change default port to 8443. It is possible to use 443, but we would need to run privileged

sed -i "s/443/8443/g" ./pangolin_server.js

Setup SSL Certificate

This assumes you already have Let’s Encrypt setup. We’ll create a certificate directory for Pangolin to use and then copy the certs there.

mkdir /home/pangolin/ssl
sudo cp /etc/letsencrypt/live/DOMAINNAME.COM/fullchain.pem /home/pangolin/ssl/
sudo cp /etc/letsencrypt/live/DOMAINNAME.COM/privkey.pem /home/pangolin/ssl/
sudo chown pangolin:pangolin /home/pangolin/ssl/fullchain.pem
sudo chown pangolin:pangolin /home/pangolin/ssl/privkey.pem

Now back in our web directory we can update the vars.js file like the following.
Note that we do need the full file path. Can’t use ~/

module.exports = {
key: '/home/pangolin/ssl/privkey.pem',
cert: '/home/pangolin/ssl/fullchain.pem'
}

Firewall rules

We can change the port Pangolin runs on by editing the listen port at the bottom of the pangolin_server.js file.

sudo firewall-cmd --add-port=443/tcp

Setting up systemd Service

Now we need to copy our service file and enable the Pangolin service.

sudo cp /home/pangolin/pangolin_web/pangolin.service /usr/lib/systemd/system/pangolin.service

sudo systemctl enable pangolin.service

Start the service

sudo systemctl start pangolin