O'Reilly logo

Mastering the Nmap Scripting Engine by Paulino Calderón Pale

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API

Let's tie everything together by writing a complete NSE script that uses all the libraries seen in this chapter. On this occasion, we will target devices running MikroTik RouterOS 3.x and higher versions with API access enabled.

The API service usually runs on TCP port 8728, and it allows administrative access to the devices running this operating system. Often, administrators will lock down HTTP and SSH but not the API. Let's write a script that helps us perform brute-force password-auditing against this service:

  1. First, let's start with the information tags and required libraries:
    description = [[ Performs brute force password auditing against Mikrotik RouterOS ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required