nuclei-templates/http/exposed-panels/mikrotik/mikrotik-routeros.yaml

id: mikrotik-routeros

info:
  name: MikroTik Router OS Login Panel - Detect
  author: gy741
  severity: info
  description: MikroTik Router OS login panel was detected.
  reference:
    - https://systemweakness.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
    cpe: cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: mikrotik
    product: routeros
    shodan-query: http.title:"mikrotik routeros > administration"
    fofa-query: title="mikrotik routeros > administration"
    google-query: intitle:"mikrotik routeros > administration"
  tags: panel,login,mikrotik

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'If this device is not in your possession, please contact your local network
            administrator'
          - '.mikrotik.com'
        condition: and

      - type: word
        name: router-old
        part: body
        words:
          - '<title>mikrotik routeros > administration</title>'
          - '<title>Mikrotik Router'
          - '<img src="/webcfg/'
          - '<title>MikroTik RouterOS Managing Webpage</title>'
        condition: or

      - type: word
        name: hotspot
        part: body
        words:
          - 'Please log on to use the mikrotik hotspot service'
          - 'mikrotik hotspot > login'
        condition: and

      - type: word
        name: mikrotik-httpproxy
        part: header
        words:
          - "Server: mikrotik httpproxy"

    extractors:
      - type: regex
        group: 1
        regex:
          - "<h1>RouterOS (.+)</h1>"
          - '<div class="top">mikrotik routeros (.[0-9.]+) configuration page</div>'
          - 'routeros (.[0-9.]+) '
          - '<b>MikroTik RouterOS (.[0-9.]+)</b>'
# digest: 4b0a004830460221008beb2dc7df4f68eec23601419c61532e54134675cbc96fb80e9bf943eac493ae02210091635cdf3aa45fa93fed800f26e6b381fa64def0cbb98bdb0282b7f2a2e78635:922c64590222798bb761d5b6d8e72950