ChimayRed - Reverse engineering of Mikrotik exploits from Vault 7 CIA Leaks.

ChimayRed – Reverse engineering of Mikrotik exploits from Vault 7 CIA Leaks.

LEGAL DISCLAMER:

The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

ChimayRed (CR) is an exploit that is used against MikroTik (MT) routers running RouterOS. It is used to upload a payload such as HIVE or TinyShell onto the MT router. This guide explains how to utilize ChimayRed to upload the TinyShell payload to the MikroTik router.

Dependencies:
+ Python 2.7.x

chimayred

What really happens?
+ The content_length_value is subtracted from the stack pointer register.
+ If we pass a big number bigger than 130000 and smaller than 2147483647 the stack pointer will point out of the stack, and the first PUSH will generate a SEGFAULT.
+ If we pass a negative number (or a number from 2147483648 [-2147483648] to 4294967295 [-1]), the space on the stack won’t be reserved because the stack pointer will be incremented instead of decremented.

Usage:

Source: https://github.com/BigNerd95