export compact get this thing printed out on paper so you can look at the whole config
On Tue, Nov 15, 2016 at 2:32 PM, George Skorup <geo...@cbcast.com> wrote: > If there aren't any firewall rules preventing access to the router(s), > look at IP > Services. I'd bet they have 'available from' addresses defined. > > > On 11/15/2016 2:13 PM, Brett A Mansfield wrote: > > They have several sites that have both public routing and SD-WAN. They > also have redundant routers. After getting in I've found that the VLANs are > only in the bridges switch ports and there aren't any VLANs on the ports to > the outside world. I cannot find anything in the firewall or routing > policies that prevent access to management from all interfaces though. > > Thank you, > Brett A Mansfield > > On Nov 15, 2016, at 12:51 PM, Ken Hohhof <af...@kwisp.com> wrote: > > That’s insane. > > > > I also wonder, if the architecture is switched, funneling VLANs from every > AP back to a central mother-of-all-routers, why did they use CCRs rather > than switches? All the switching and VLAN stuff can be done in hardware, > and the CPU would just be doing control plane stuff. > > > > > > *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On > Behalf Of *Josh Luthman > *Sent:* Tuesday, November 15, 2016 1:05 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik Password reset for inherited network > > > > More than 1000 VLANs =P > > > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Tue, Nov 15, 2016 at 2:02 PM, Ken Hohhof <af...@kwisp.com> wrote: > > I forget, did you say there was a complex configuration with VLANs? Or > was that a different thread? > > > > Might be a VLAN issue. Is there a management VLAN? > > > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Josh Luthman > *Sent:* Tuesday, November 15, 2016 12:48 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik Password reset for inherited network > > > > By default you can. > > > > You're probably limited by IP, in which case that would be /ip firewall > filter > > > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Tue, Nov 15, 2016 at 1:40 PM, Brett A Mansfield < > li...@silverlakeinternet.com> wrote: > > Okay, so I'm finally into one of these routers without resetting it. The > problem is that only a single interface allows me to log into them. I'm not > super familiar with these CCRs, and I've been pulling teeth trying to > figure out how to open it up so I can manage it from any interface. Can > anyone point me to a tutorial or give me instruction on how to accomplish > that? > > Thank you, > > Brett A Mansfield > > > On Nov 9, 2016, at 12:05 PM, Adam Moffett <dmmoff...@gmail.com> wrote: > > Tried serial console? > > > > > > ------ Original Message ------ > > From: "Josh Reynolds" <j...@kyneticwifi.com> > > To: af@afmug.com > > Sent: 11/9/2016 2:05:09 PM > > Subject: Re: [AFMUG] Mikrotik Password reset for inherited network > > > > Wonder if its only listening on certain IPs or IP ranges... > > > > On Nov 9, 2016 1:01 PM, "Brett A Mansfield" <li...@silverlakeinternet.com> > wrote: > > Port scan only gave me a single open port, 5678. > > Thank you, > > Brett A Mansfield > > > On Nov 9, 2016, at 11:20 AM, Josh Reynolds <j...@kyneticwifi.com> wrote: > > Run a port scan on them. Try the web too. > > > > On Nov 9, 2016 11:39 AM, "Brett A Mansfield" <li...@silverlakeinternet.com> > wrote: > > All the romon ports and all other normal ports used for management aside > from the discovery are either closed or blocked by an internal firewall. > > Thank you, > > Brett A Mansfield > > > On Nov 9, 2016, at 10:18 AM, That One Guy /sarcasm < > thatoneguyst...@gmail.com> wrote: > > wrong username/password > > you should be able to romon or mac connect regardless, hopefully he had > romon on and once youre into one you can get into the rest > > > > On Wed, Nov 9, 2016 at 11:16 AM, Brett A Mansfield < > li...@silverlakeinternet.com> wrote: > > So I think I have the correct password, but no matter what I get an error > when connecting. I think he may have changed the management ports. I should > be able to log in via console and change all of that there, correct? > > > > If so I'll google the guide. My biggest question is if I try to log in and > the password is wrong will it tell my username and or password is wrong or > will it just say "error, cannot connect"? > > Thank you, > > Brett A Mansfield > > > On Nov 9, 2016, at 10:07 AM, That One Guy /sarcasm < > thatoneguyst...@gmail.com> wrote: > > man, ive been hiding that shame for some time, im glad to know someone > else out there is equally as guilty > > > > On Wed, Nov 9, 2016 at 9:52 AM, Ken Hohhof <af...@kwisp.com> wrote: > > OK, I am lazy, which means I use Winbox, and it has the password stored > for every Mikrotik I manage. Plus I use Winbox on several computers - > laptops, desktops, and computers I remote into. I take it this guy was not > similarly lazy? If I was the fired ex-admin, all you would need is to find > one of the computers I used Winbox on. Even if it's not possible to > decrypt the stored passwords, you could Winbox into every Mikrotik and > change the password. > > I guess real men use SSH and the CLI. Oh, and don't store the credentials > in their SSH client. > > Note, it appears Winbox 3 stores the passwords as cleartext in > settings.cfg.viw. > > > > -----Original Message----- > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Butch Evans > Sent: Wednesday, November 9, 2016 9:10 AM > To: af@afmug.com > Subject: Re: [AFMUG] Mikrotik Password reset for inherited network > > On Wed, 2016-11-09 at 00:24 +0000, Brett A Mansfield wrote: > > I was able to find the backups. Sadly they are running v6.36. > > > > If I default it can I restore its config and change the password or > > will it apply the old one? > > > > > > Google for "mtpass". That will find the passwords in the backup file. > If these backups contain the "old" OR the "new" password, when you > default/restore the backup, the password will be whatever is in that file. > > > -- > Butch Evans > Training and Support for WISPs > 702-537-0979 > http://store.wispgear.net/ > http://www.butchevans.com/ > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.