Open briantopping opened 2 years ago
Hey! Good suggestion.
I will probably prepare a better readme later down the line. On that note - what would be other things that might be missing outside of that?
Thanks.
Hi again, when I tried to run it last night, came across an auth file that presumably needed a password. I gave up, I think I bought my Mikrotik after they had patched the problem anyway.
At the very least, take a fresh machine and do a screen capture video of how to set it up and run it. If the screen is readable, it doesn't matter if your voice is intelligible or not, though it helps.
Thank you for this tool.
I would make this as explicit and as easy as possible. The easier it is, the more people will use it.
Spell out the command line for installing the python dependencies.
Spell out the steps for cloning the routeros repo, swapping in the correct .cpp file, building, and renaming the execuatble to the right name and place.
To help you understand how Dummies™* think, here's what I just tried to get this working:
.cpp
files and figured I needed to compile something. Started to get a bit nervous./meris_checker.py
:The file './meris_checker.py' is not executable by this user
chmod +x meris_checker.py
and ried to run it again with ./meris_checker.py
:
Received a bunch of weird ImageMagick errors (because it was treating it like a shell script and import
is an ImageMagick command)python meris_checker.py
File "meris_checker.py", line 22
def make_binary_executable(name: str):
^
SyntaxError: invalid syntax
python --version
→ 2.7.18python3 meris_checker.py
Traceback (most recent call last):
File "<snip>/meris_checker.py", line 9, in <module>
import routeros_api
ModuleNotFoundError: No module named 'routeros_api'
pip install routeros_api
→ Unknown command: pip
pip3 install routeros_api
→ Success (with a bunch of scary homebrew warnings)python3 meris_checker.py
→ `ModuleNotFoundError: No module named 'paramiko'pip3 install paramiko
→ Success (with a bunch of scary homebrew warnings)python3 meris_checker.py
→
usage: meris_checker.py [-h] (--ip IP [IP ...] | --ipfile IPFILE) [--threads THREADS]
meris_checker.py: error: one of the arguments --ip --ipfile is required
python3 meris_checker.py --ip 10.10.99.254
→
Traceback (most recent call last):
File "<snip>/meris_checker.py", line 212, in <module>
make_binary_executable('btw')
File "<snip>/meris_checker.py", line 23, in make_binary_executable
st = os.stat(name)
FileNotFoundError: [Errno 2] No such file or directory: 'btw'
* I'm using Dummies self-deprecatingly and I suspect the OP was too. I hope I haven't offended anyone by using the term. I find it best not to assume people are dumb, but to remember that they probably lack my context and experience and so they think differently to how I do. Due to the Curse of Knowledge, it's probably blindingly obvious to the author how to use this tool but as a harried ICT Manager with only a passing familiarity with Python (and no experience with C++) I have no idea where to even begin.
Reviewing this blog post from Mikrotik about the Meris botnet may help address some issues. https://blog.mikrotik.com/security/meris-botnet.html
I read that blog and got some idea of what was going on. That's when I gave up.
Can only offer what I know: Create instructions that can be pasted to the command line or at least create a video that covers the steps. If it's easier to live with Meris on my router because I can't get this code working, that's likely to be the result.
Apologies for the cold water on your work. You've done the most of it, it's worth doing just a bit more to get it across the line.
Cheers
Don't worry. This is actually good feedback. I will come back to this next week.
The following worked for me on Ubuntu 20.04.3
I may have ended up including a couple of extra libraries than strictly needed, but no real harm in this case
Hmm, well I have Ubuntu 20.04.3 and tried Thomax-thomasj's instructions, got to the gcc compiling line and it freaked on me with a zillion "stray ‘\302’ in program" errors like below:
In file included from stage1_main.cpp:36:
winbox_session.hpp:107:48: error: stray ‘\302’ in program
107 | <title>routeros/winbox_session.hpp at master · tenable/routeros · GitHub</title>
| ^
I've never used gcc before... what am I doing wrong?
Thanks
Some more details (Ubuntu 20.04.4 LTS):
sudo apt update
sudo apt install git python3 python3-pip gcc build-essential libboost-all-dev -y
pip3 install RouterOS-api paramiko
git clone https://github.com/eclypsium/mikrotik_meris_checker.git
cd mikrotik_meris_checker
curl https://codeload.github.com/tenable/routeros/tar.gz/master | tar -xz --strip=2 routeros-master/common
gcc stage1_main.cpp winbox_session.cpp winbox_message.cpp md5.cpp session.cpp -lboost_thread -lboost_system -lboost_program_options -lpthread -lstdc++ -o btw
gcc stage2_main.cpp winbox_session.cpp winbox_message.cpp md5.cpp session.cpp -lboost_thread -lboost_system -lboost_program_options -lpthread -lstdc++ -o btw_stage2
python3 meris_checker.py --ip my.ip.to.test
cat exploited.csv
Hi thanks for creating this! 👍
Could you include some instructions for people that might understand that
req.txt
has some importance, but not exactly know what to do without googling it?Thanks!