That’s insane.
I also wonder, if the architecture is switched, funneling VLANs from every AP back to a central mother-of-all-routers, why did they use CCRs rather than switches? All the switching and VLAN stuff can be done in hardware, and the CPU would just be doing control plane stuff. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman Sent: Tuesday, November 15, 2016 1:05 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik Password reset for inherited network More than 1000 VLANs =P Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Nov 15, 2016 at 2:02 PM, Ken Hohhof <af...@kwisp.com <mailto:af...@kwisp.com> > wrote: I forget, did you say there was a complex configuration with VLANs? Or was that a different thread? Might be a VLAN issue. Is there a management VLAN? From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com> ] On Behalf Of Josh Luthman Sent: Tuesday, November 15, 2016 12:48 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik Password reset for inherited network By default you can. You're probably limited by IP, in which case that would be /ip firewall filter Josh Luthman Office: 937-552-2340 <tel:937-552-2340> Direct: 937-552-2343 <tel:937-552-2343> 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Nov 15, 2016 at 1:40 PM, Brett A Mansfield <li...@silverlakeinternet.com <mailto:li...@silverlakeinternet.com> > wrote: Okay, so I'm finally into one of these routers without resetting it. The problem is that only a single interface allows me to log into them. I'm not super familiar with these CCRs, and I've been pulling teeth trying to figure out how to open it up so I can manage it from any interface. Can anyone point me to a tutorial or give me instruction on how to accomplish that? Thank you, Brett A Mansfield On Nov 9, 2016, at 12:05 PM, Adam Moffett <dmmoff...@gmail.com <mailto:dmmoff...@gmail.com> > wrote: Tried serial console? ------ Original Message ------ From: "Josh Reynolds" <j...@kyneticwifi.com <mailto:j...@kyneticwifi.com> > To: af@afmug.com <mailto:af@afmug.com> Sent: 11/9/2016 2:05:09 PM Subject: Re: [AFMUG] Mikrotik Password reset for inherited network Wonder if its only listening on certain IPs or IP ranges... On Nov 9, 2016 1:01 PM, "Brett A Mansfield" <li...@silverlakeinternet.com <mailto:li...@silverlakeinternet.com> > wrote: Port scan only gave me a single open port, 5678. Thank you, Brett A Mansfield On Nov 9, 2016, at 11:20 AM, Josh Reynolds <j...@kyneticwifi.com <mailto:j...@kyneticwifi.com> > wrote: Run a port scan on them. Try the web too. On Nov 9, 2016 11:39 AM, "Brett A Mansfield" <li...@silverlakeinternet.com <mailto:li...@silverlakeinternet.com> > wrote: All the romon ports and all other normal ports used for management aside from the discovery are either closed or blocked by an internal firewall. Thank you, Brett A Mansfield On Nov 9, 2016, at 10:18 AM, That One Guy /sarcasm <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com> > wrote: wrong username/password you should be able to romon or mac connect regardless, hopefully he had romon on and once youre into one you can get into the rest On Wed, Nov 9, 2016 at 11:16 AM, Brett A Mansfield <li...@silverlakeinternet.com <mailto:li...@silverlakeinternet.com> > wrote: So I think I have the correct password, but no matter what I get an error when connecting. I think he may have changed the management ports. I should be able to log in via console and change all of that there, correct? If so I'll google the guide. My biggest question is if I try to log in and the password is wrong will it tell my username and or password is wrong or will it just say "error, cannot connect"? Thank you, Brett A Mansfield On Nov 9, 2016, at 10:07 AM, That One Guy /sarcasm <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com> > wrote: man, ive been hiding that shame for some time, im glad to know someone else out there is equally as guilty On Wed, Nov 9, 2016 at 9:52 AM, Ken Hohhof <af...@kwisp.com <mailto:af...@kwisp.com> > wrote: OK, I am lazy, which means I use Winbox, and it has the password stored for every Mikrotik I manage. Plus I use Winbox on several computers - laptops, desktops, and computers I remote into. I take it this guy was not similarly lazy? If I was the fired ex-admin, all you would need is to find one of the computers I used Winbox on. Even if it's not possible to decrypt the stored passwords, you could Winbox into every Mikrotik and change the password. I guess real men use SSH and the CLI. Oh, and don't store the credentials in their SSH client. Note, it appears Winbox 3 stores the passwords as cleartext in settings.cfg.viw. -----Original Message----- From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com> ] On Behalf Of Butch Evans Sent: Wednesday, November 9, 2016 9:10 AM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik Password reset for inherited network On Wed, 2016-11-09 at 00:24 +0000, Brett A Mansfield wrote: > I was able to find the backups. Sadly they are running v6.36. > > If I default it can I restore its config and change the password or > will it apply the old one? > > Google for "mtpass". That will find the passwords in the backup file. If these backups contain the "old" OR the "new" password, when you default/restore the backup, the password will be whatever is in that file. -- Butch Evans Training and Support for WISPs 702-537-0979 <tel:702-537-0979> http://store.wispgear.net/ http://www.butchevans.com/ -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
