.

Bypassing Mikrotik hotspot login page

<<

software

Newbie
Newbie

Posts: 2

Joined: Sun Apr 06, 2008 2:07 am

Post Sun Apr 06, 2008 2:14 am

Bypassing Mikrotik hotspot login page

Hi guys, pls i will like to know how to bypass a mikrotik hotspot login page.. I understand a little about the technology.. the Radius server authentification and the redirection to the gateway bla bla bla.. my question is i need more clues to bypassing the login page..

I presently manage an ISP, and someone not registered is always on my network.. Using the network for free.. Pls guys i need yourt help. I really want to know how he byepass it then i can improvoe on my security also.

my email adress is adepetu2000@yahoo.co.uk

I await your response and assistance.

thanks
Engr Emmanuell
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Apr 06, 2008 3:32 am

Re: Bypassing Mikrotik hotspot login page

software,

Welcome to EH-Net.

As I run a system similar to the one you describe, I can offer very precise information for this kind of issue. Contact the Mikrotik technical divison and request their assistance. I'm sure that they will be just as keen to improve their security also, I always am.
Last edited by RoleReversal on Sun Apr 06, 2008 7:03 am, edited 1 time in total.
<<

software

Newbie
Newbie

Posts: 2

Joined: Sun Apr 06, 2008 2:07 am

Post Sun Apr 06, 2008 5:51 am

Re: Bypassing Mikrotik hotspot login page

RoleReversal wrote:software,

Welcome to EH-Net.

As I run a system similar to the one you describe, I can offer very precise information for this kind of issue. Contact the Mikrotik technical divison and request their assistance. I'm sure that they will be just as keen to improve their security also as I always am.




Hi role Reversal
Thanks so much for your quick reply..
I have contacted them, and i was adviced to go for some more professional courses to learn more about Security..

What i really need to know right now is how its been done... and so doing,g i will be able to know the faults.. presently, some ports are open on my network.. 21,22,23,80,53
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Apr 06, 2008 6:54 am

Re: Bypassing Mikrotik hotspot login page

Software,

looking at the port list, as I'm sure you're aware you've got FTP, Telnet, SSH, HTTP and DNS open to the source of your scan. I'm assuming the scan was actioned from an external source not local, if you performed the scan from the loca network then there may be false positives for services that are protected by firewalls etc.

Major advice would be to disable any services that you do not need. As you state that you are an ISP, all the services seem reasonable although I would question running all services from a single IP/server, although I know that this can be forced via budget/resource restraints etc.

First service that I would look at would be Telnet, as you are also running SSH then it is likely this service isn't needed for general administrative purposes. (Telnet transmits login/session details in cleartext whilst SSH is encrypted).

As your remote communication services (telnet/ssh) require valid credentials to access the server (I hope) then it is possible that an account on the server has been compromised, possibly through social engineering, or dictionary/bruteforce attempts. Only good staff awareness, training and policy can protect against the first, for the latter there are many tools designed to protect against brute-force attemtps, for example try breakinguard.

Next step would be to ensure that all software and services are up to date. I know it's a chore but keeping patch levels up to date can save you some big headaches.

You also stated that a third party hotspot service was the source of the unidentified individual using your network. As from your response they appear to be fairly unhelpful, I would recommend if possible and within your authority finding a different service provider. If this is not possible then you could try to segregate the wireless connection from the core of your network, on a DMZ for example. What evidence do you have that has lead you to believe that this is the entry point being used to access your network?

Once your server is locked down then you need to attempt to determine how the unknown party has gained access to your network and what damage has been done. For this you need to be looking at logs and any information you can get. How were you alerted to the individual bypassing your systems in the first place?

If incident response is new to you then the SANs Intrusion Detection FAQ can be a good place to start, HERE.

Hopefully this should set you on your way to both determining what has occured and improving your systems security. Knowing the industry I appreciate that some of this information you may not want it public view, this being the case feel free to PM me if necessary. Good luck...
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Mon Apr 07, 2008 9:32 am

Re: Bypassing Mikrotik hotspot login page

If you are managing an ISP, you should inform your management that you have security issues and suggest they employ a security professional to secure the network. This is the first time I have heard of ANY ISP that does not have a dedicated security team although I have not dealt with small ISPs.
Are you sure you work for the ISP and you're not just trying to break in to their network?
CISSP, C|EH, C|HFI
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Mon Apr 07, 2008 10:02 am

Re: Bypassing Mikrotik hotspot login page

Bogwitch wrote:Are you sure you work for the ISP and you're not just trying to break in to their network?


Good question,

looks like EH-net-ers are friendlier than TechRepublic though
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Mon Apr 07, 2008 11:05 am

Re: Bypassing Mikrotik hotspot login page

several years ago I used to work for an ISP, actually it was a visp, where the modem banks are managed by the teleco, not us. I was the system admin, the accounting the security team, support line, and the kitchen sink.

ISP does not always mean big teams, nor big hardware. RR answer was spot on first time, and the Guy wanted to know more about securing a system, not attacking a system, give him a break. people with better defenseive skills are the best ethical hackers as they are preventing the attack from happening in first place.
RHCE, GIAC GCIH.
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Mon Apr 07, 2008 1:55 pm

Re: Bypassing Mikrotik hotspot login page

I do work for an ISP (I see tons of phishing calls for help to the Abuse@myisp.com) and I would like to see an e-mail address from the real domain before offering too much help as Yahoo e-mail addresses are free. If you truly need help with security you might want to post a real e-mail address you can post it like bob.smith (at) Mikrotik (dot) com to avoid spam. But till you show a way to prove you do work for the ISP it would be hard for most of the members here to help you ethically.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Mon Apr 07, 2008 2:19 pm

Re: Bypassing Mikrotik hotspot login page

SlimJim100,
The last thing this guy wants is to tell the whole internet world which isp have a wide open hole.  that they can not close right now.

Asking in an open public forum regarding an issue  that is currently active and exploited now by one may be not that harmless abuser! didn't we learn  that the first step of attacks are gathering information from public forums. it is enough that he gave his yahoo email if it is the true one, one can correlate from his internet presence lots of information that can be used against him.


software,

google for system hardening, and invest some money in a security consultant to harden, and audit your systems, if you are making money of it , its only fair to your users to spend thier money wisely and protect thier privacy as you do not know the extent of the compromise most probably.
RHCE, GIAC GCIH.
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Mon Apr 07, 2008 3:34 pm

Re: Bypassing Mikrotik hotspot login page

Well the long and the short of it is that you aren't going to get much more then general help from an open forum about an active security issue that you can't disclose details about (for obvious reasons).  If you do work for the ISP and need fix this security breach then your best bet is to tell management to pony up some cash and hire a security professional to take a look at your network.  Now if you need help finding a security professional you came to the right place!  Post your geographical location and ask for someone in your general area to send you a Private Message so you can make arrangements.  Good Luck!  ;D
CISSP, CEH, GPEN, GCIH, GCFA
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Apr 07, 2008 4:53 pm

Re: Bypassing Mikrotik hotspot login page

shawal does make a good point in regards to posting the ISP in a public forum.

I personally choose not to respond to posts like this when they are not very well written (like the original post above). I would expect that a network administrator have a little more competence (as someone else mentioned too). Plus, in this case, he's not specific enough for me to believe that he's actually trying to protect something instead of break through it. Especially since he works for an ISP that offers this service, I'd expect him to have some  more knowledge than "a little bit" on how his own system works.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Mon Apr 07, 2008 5:37 pm

Re: Bypassing Mikrotik hotspot login page

I tend to agree with Bill V on this and this does not seem like the kind of question an admin would be asking.  The only way to bypass the Mikrotic login is if you have admin access. Its actually a simple technique.  If someone is able to do this then it suggests they have owned the box and have admin access. If this is true then you have a serious issue that requires more immediate attention that trying to figure out how to bypass the login page remotely.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Apr 07, 2008 7:04 pm

Re: Bypassing Mikrotik hotspot login page

This thread has pretty much run its course.

Closed.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software