How To Crack Mikrotik Router Password

Wrong username or password displayed when trying to access a Mikrotik router could mean your login credentials have been entered wrongly or your Mikrotik router has been compromised. In this post, we are concerned with what happens when the latter occurs.

Just as an example let's say the model has a default 8 digit pin. Definitely worth trying to crack. Before you begin cracking make sure to find out if this is a company hotspot and get permission from the hiring company to try and break the password. We wouldn't want to crack the encryption on anyone's personal device. That is illegal. Jul 21, 2019 MikroTik Crack is so good operating system that mostly worked for Intel PCs and routers. This RouterOS is a necessary operating system of RouterBoard in the whole world. You need to utilize this instrument for going by reflect joins that are confined by proprietors.

Users of Mikrotik routerOS have experienced unprecedented attacks recently. Many of my readers have complained about seeing ‘wrong username or password’ displayed when trying to access their routers via the WAN port. These same users are able to access same routers from the LAN using the same login credentials. What then could be wrong? If you are reading this post and you are experiencing same issue on your mikrotik router, your device has been hacked!

What they do to affected Mikrotik routers

The hackers will configure access-class filters on hacked devices to permit a few source IPs from accessing the router. In the filter, they include the LAN subnets configured on the router and a host of their (attackers’) IP addresses. Users who try to access the affected router using source IPs not listed in the access-class will see the ‘wrong username of password’ message displayed.

When trying to access your router from outside your network, using the public IP configured on the router, access will be denied and a message saying ‘wrong username or password’ will be displayed. This happens because your source IP is not listed in the access-class configured by the hackers.

How to resolve Mikrotik wrong username or password issue

If you can access the router from within your internal network, follow the steps below to resolve the issues otherwise, I recommend you reset the router.

Step 1: Change username and password

Change all configured usernames and passwords on the router. Click on system>users. Select a user and change the name.
After changing your username on the Mikrotik router, logout of the router and login with the new username and old password. Click on system>password to set a new password.

Step 2: Remove configured source IPs from access-class

Once logged into your router from the internal network, click on IP>Users to see all configured users on the router. If you find any user not configured by you, remove it. Then, double on all configured users, including the admin and remove all source IPs configured by the attackers. Having no source IPs configured on users means device can be accessed from any IP as long as the correct username and password are entered.

If you want to limit remote login to a known IP used by you, enter such IP alone in the allowed address field.

Step 3: Update routerOS

Mikrotik is usually aware of bug in routerOs that hackers leverage on to have unauthorized access to devices on the internet. In response, they create fixes that are pushed out to devices via system updates. System updates are highly recommended to Mikrotik users with devices on the internet.

To update your router, click on system>packages>Check for updates. If your router is unable to resolve hostname, it means you do not have a functional dns server address assigned. Click on IP>dns and assign a dns IP (8.8.8.8) to your router. After that, go back and check for updates. Click on download and install update. The router will download and install system updates on your router.

Read: How to remove Mikrotik router ports from slave mode

Step 4: Remove scripts and schedulers created by hackers.

The attackers often create scripts on affected routers. The scripts, among other things, will reboot your router, change the admin password, and install files in the file menu of your router. Click on system>scripts and remove these scripts.

Because they want the scripts to continue running without human intervention, thy will automate the scripts’ execution using system schedulers. Click on system scheduler and remove all schedulers not configured by you.

How to protect the router from further attacks

After cleaning up your router, you will need to protect it from further attacks by disabling access to the router from the internet on selected ports. Access an be granted for selected IP addresses. Read: How to secure Mikrotik routers by blocking port access from the internet

If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscibe to my YouTube channel, like my Facebook page and follow me on Twitter.

MikroTik Wiki and Forum say that there is no way to recover MikroTik user password without losing MikroTik configuration. But if you have an unencrypted configuration file backup taken before, you will be able to recover your user password using MikroTik password recovery tools. How to Backup and Restore MikroTik configuration file manually was discussed in my previous article. I also discussed how to backup MikroTik configuration file automatically via Mail in another article and in this article I will show how to recover forgotten user password using MikroTik configuration file backup.

Recover MikroTik User Password using Configuration File Backup

If you have a practice to store MikroTik configuration file backup regularly, you will be able to recover your MikroTik user password if you forget unfortunately. There are two methods to recover MikroTik user password from unencrypted configuration file backup.

Recover MikroTik password using online password recovery tool
Recover MikroTik password using Linux password recovery tool

Recover MikroTik Password using Online Password Recovery Tool

If you have an unencrypted backup file, you can easily recover your user password using MikroTik Password Recovery Online Tool. The following steps will show how to recover MikroTik user password using online password recovery tool.

Go to MikroTik Password Recovery Online Tool [mikrotikpasswordrecovery.net].
Upload your unencrypted backup file using Choose File button.
Put provided captcha for security purpose.
Click on Upload and show me passwords button and you will find your username and password list within a textarea.

Recover MikroTik Password using Linux Password Recovery Tool

If you face any problem to use Online Password Recovery Tool or like to use Linux command rather than online tool, you can use MikroTik Password Recovery Tool in Linux. If you are a new Linux user, follow my article about how to setup CentOS Linux and how to configure CentOS network and then continue this article. The following steps will show how to use Linux password recovery tool to recover MikroTik’s forgotten user password.

Login to your CentOS Linux operating system with root user using Putty or SSH Secure Shell Client.
Install wget and openssl-devel packages if not installed before with yum command [yum install wget openssl-devel -y]. It will be also better to update your operating system with update command [yum update] if you face any problem to run Linux password recovery tool.
Create a temporary folder [mkdir /temp] in root directory and go to this directory with cd command [cd /temp].
Go to [manio.skyboo.net/mikrotik] and download latest mtpass released package and store this package in temp folder. Alternately, you can run wget command to download this package [wget http://manio.skyboo.net/mikrotik/mtpass-0.9.tar.bz2].
Extract this downloaded package with tar command [tar jxvf mtpass-0.9.tar.bz2].
Now go to mtpass extracted folder [cd mtpass-0.9] and then run make command [make] to compile this package.
Now upload your unencrypted backup file (MikroTikBackup.backup) into temp folder and run this command [./mtpass /temp/MikroTikBackup.backup]. If everything is OK, you will find your MikroTik user name and password.

Complete CentOS Linux command to recover MikroTik user password with password recovery tool.

[root@localhost ~]# yum install wget openssl-devel –y

[root@localhost ~]# mkdir /temp

[root@localhost ~]# cd /temp

[root@localhost temp]# wget http://manio.skyboo.net/mikrotik/mtpass-0.9.tar.bz2

[root@localhost temp]# tar jxvf mtpass-0.9.tar.bz2

Mikrotik Router Password Reset

[root@localhost temp]# cd mtpass-0.9

[root@localhost mtpass-0.9]# make

[root@localhost mtpass-0.9]# ./mtpass /temp/MikroTikBackup.backup

If you face any confusion to follow above steps properly, watch my video about How to Recover MikroTik User Password using password recovery tool. I hope it will reduce your any confusion.