Syed Jahanzaib Personnel Blog to Share Knowledge !

January 14, 2012

Howto Recover Mikrotik ADMIN account Forgotten Password


Last Updated: 18th April, 2014, 22:04 gmt+5

According to information on Mikrotik WIKI and forums, it is not possible to recover the passwords without resetting whole mikrotik box (resulting in loss of all configuration also). However following are few methods to recover the password.

0# Recover password from BACKUP file using a website http://mikrotikpasswordrecovery.com/ (NOT WORKING ANYMORE, LINK CLOSED as of April 2014),

If you require it on urget basis, you can email me your config, and I will recover it for you, just in case if you dont have linux or urgency is required.

1# Recover password from BACKUP file using Ubuntu or Linux LIVE CD [updated April 2014]

2# Recover password by mounting Mikrotik Hard disk in Linux LIVE CD  and do recovery [not updated since last year, it was tested with 5 version)

 

 

2# Recover password from BACKUP file using Linux [working as of april 2014]

Login to your Ubuntu / Linux Box,
Download mikrotik password recovery tool and compile it by following commands,

sudo apt-get update
sudo apt-get install build-essential g++ libssl-dev libcurl4-gnutls-dev libexpat1-dev gettext libz-dev
mkdir /temp
cd /temp
wget http://manio.skyboo.net/mikrotik/mtpass-0.9.tar.bz2
tar jxvf mtpass-0.9.tar.bz2
cd mtpass-0.9
make

#If you receive *error* after issuing make command, then you can use following command to compile it in desi JUGAAR (workaround) way hehehehe
g++ mtpass.cpp -lgnutls-openssl -o mtpass

Now upload/copy your Mikrotik Backup File to /temp folder ( Either using WINSCP gui tool, WEBMIN File Manager,  via USB or any other method you like)

Now Issue the following command

 ./mtpass /temp/zaibmikrotik.backup

It will show you all account passwords in few seconds.
As shown in the image below . . .

mtpass.

.

.

 

3# Recover password of x86 PC Version

Boot from Ubuntu LIVE CD
(I used Ubuntu 9.1 Desktop CD in this example, you can download it from following link.

http://old-releases.ubuntu.com/releases/karmic/ubuntu-9.10-desktop-i386.iso

Select “Try Ubuntu
As Shown in the image below . . .

After you see Desktop, Open TERMINAL from APPLICATION > ACCESSORIES > TERMINAL

Now change to root user by
sudo su

Now check your partitions by issuing
fdisk -l

you will see something like below image.

You partition can be different, use your judgment to see what partition mt is in, either by mounting it one by one.

Now mount it any folder , for example

mkdir /temp
mount -t auto /dev/sda2 /temp

Now check its content by ls /temp and you will something like below image

*********************************************************

*********************************************************

Now Copy the ‘mikrotik password file’, (in newer ROS , it is located in /rw/store/user.dat) to USB flash drive, It will be used to decode the password.
(The USB flash drive should be ‘plug and play’ in Ubuntu Live. Just plug it in usb port and it will appear on desktop in few seconds , OR you can also copy it your network pc via configuring interface lan card accordingly)
(Note: In older ROS it is /nova/store/user.dat)

Now shutdown live cd.

then Boot from your Ubuntu box, and use the Method # 2 , described earlier in this article to decode password using mtpass tool  from this file.

Copy the user.dat file where you have decompressed mt password tool . e.g /temp , now use the mt pass tool to recover password from this file.

./mtpass user.dat

and you will see your admin password.

As Now you have seen the password now, you can login into mikrotik pc router  with your Old Password :) :) :)


If your architecture is ROUTERBOARD RB series, Please follow the below guide.

http://manio.skyboo.net/mikrotik/

Also it’s possible for you to send an SMS to your router, tell it to run a script (parameters supported) and the router can even respond, as it also supports SMS sending! More here:
http://wiki.mikrotik.com/wiki/Sms

You can setup an script just in case you forgot your password , and via sending sms, it can reset it to default. or send you return the new/original password.

Regard’s
SYED JAHANZAIB

http://aacable.wordpress.com

About these ads

60 Comments »

  1. Assalam- o – Alaiqum
    How are you Jahanzaib bhai….
    Please give me your number i want to ask you some question about mikrotik iam very new plz plz plz i will never distrub u again n again….
    iffi123us@hotmail.com

    Comment by Irfan Alam — January 14, 2012 @ 12:31 PM

  2. Awesome!!

    Comment by Sridhar Iyer — January 14, 2012 @ 1:55 PM

  3. Very very helpful post… THANKS ZAIB BHAI

    Comment by Mobeen Ahmad — January 15, 2012 @ 8:58 PM

  4. Very good your site man, maybe you can help us to learn how to install the mikrotik (without GUI) in a virtual machine in UBUNTU plz, so we can get the mikrotik + cache and other tools in one unique PC ;).

    Best regards, from Brazil!

    Comment by int21 — January 24, 2012 @ 12:39 AM

    • It’s very simple.
      Just isntall VM , create new machine, adjust its hardware as per your requirements ,
      Download Mikrotik in ISO format,
      Boot from this ISO in the newly created vm ,
      install it,
      and have fun :)

      I will write about it soon.

      Comment by Syed Jahanzaib / Pinochio~:) — January 24, 2012 @ 11:09 AM

      • Hi Syed,

        We use our own Radius and Mikrotik as NAS for PPPoE & Hotspot users. The thing we require is dynamic queues for users getting connected. Eg. day 512 kbps and night 1 mbps. From Mikrotik forum we’ve got that it cant be done for PPPoE coz Mikrotik doesn’t supports CoA, but can be achieved for Hotspot users.

        Any idea how it can be done?

        Comment by rajjuneja — February 9, 2012 @ 2:14 PM

      • Well I have used Radius Manager along with Mikrotik and it works fine.

        Comment by Syed Jahanzaib / Pinochio~:) — February 9, 2012 @ 3:21 PM

  5. You mean its applicable for both PPPoE & HotSpot clients ? But cant see any option of configuring that while creating new services in Radius manager. Just have the option of Data rates along with Burst limit, threshold and time. How do give someone 512 kbps from 6 am to 8 pm and 1 mbps from 8 pm to 6 am. ????

    Comment by rajjuneja — February 9, 2012 @ 3:31 PM

  6. Thnx, got it !!!!

    Comment by rajjuneja — February 9, 2012 @ 8:36 PM

  7. Hi Sayed, once again……..

    If we have Radius manager and Mikrotik NAS, and if we want to use it for Hotspot. So is it possible that the DHCP pool on NAS is private say 10.5.50.0/24 and after guests gets logged in, the guest should be provided with a public ip from a public pool say 1.1.1.0/25 for that session (till the time the user is logged in) after the user logs out the ip should be free. The assignment of Public IPs to private IPs (after users gets logged in) should be random. So, can Radius Manager keep session logs of users along with logged in time, logged out, its private ip and also public IP.

    I earlier tried doing netmap of src-nat and dstn-nat, but there was no logs maintained of which private ip is assigned to which public ip. Even Mikrotik support says that there isnt any option currently to log the netmaps.

    We have to maintain fool-proof security as per the law of DoT, thus need to allocate users with unique Public Ip for each login (and not masquerade). And the problem is that we have very limited Public Ips (but enough to allocate the live concurrent users).

    Would really appreciate if you could help me on this.

    Comment by rajjuneja — February 10, 2012 @ 3:14 PM

    • Can’t say about Hotspot User,
      in my opinion, You can define in RADIUS to provide Live ip to user via live public pool (live ip pool for users created in Mikrotik), so when mikrotik will assign any ip to user, it will log this entry.
      in Logs, you can see what ip was assigned to which users.

      Comment by Syed Jahanzaib / Pinochio~:) — February 10, 2012 @ 4:48 PM

  8. That’s true when we have PPPoE clients, since IP is allocated only after users logs in (By Radius) but how can that be possible while using HotSpot.
    Because any user getting connected to the HotSpot interface; Public IP will automatically be provided even when the user doesn’t logs in. That would result in wastage of Public IPs.
    I want public ips to be assigned only after users logs in. And that, either Radius should have the users Public IP detail of the session, or else Mikrotik should manage logs of which private IP is mapped to which public IP along with time-stamp (Logs send to Syslog server).

    Comment by rajjuneja — February 10, 2012 @ 5:26 PM

    • Sorry I haven’t used hotspot anywhere so can’t guide you in the right path.

      Have you tried posting your query to mikrotik forum ? Maybe some one will come up with any work around. I am sure you will get good and authentic replies over there.

      Comment by Syed Jahanzaib / Pinochio~:) — February 11, 2012 @ 11:45 AM

  9. Hi,
    We now have a network with Radius Manager and Mikrotik as NAS for PPPoE users. We have obeserved that while creating profile/plans like 1mbps day and 2 mbps night (7 am to 9 pm 1 mbps & 9 pm tp 7 am 2 mbps) on Radius Manager, the queue (rate-limit) of the pppoe users does not changes on the fly but if the user logs out and logs in again at the night time the user gets the queue of 2 mbps. Mikrotik support says that CoA is only for HotSpot and not for PPPoE thus cannot change rate-limit of connected pppoe users. CoA for PPPoE only supports DM (Disconnect-Message) or so called PoD(Packet of Disconnection) to disconnect the connected pppoe users.

    Is there any solution which can change the queue/rate-limit of the pppoe users on the fly without disconnecting the users.

    Would appreciate your reply.

    Comment by rajjuneja — April 18, 2012 @ 1:38 PM

    • Change on the fly is Not supported for pppoe clients. No proper solution for this. I made an ugly workaround for this that I configured a script on Mikrotik PPPoE Server which disconnects all sessions on Mikrotik at 12:00am, and 12pm to enforce rate changes.

      Comment by Syed Jahanzaib / Pinochio~:) — April 19, 2012 @ 8:49 AM

  10. Can you please share the script configuration which you’ve mentioned above ?? Also anything done on Radius Manager or just on Mikrotik ??

    Comment by rajjuneja — April 23, 2012 @ 5:19 PM

  11. root@ijaz-laptop:/temp/mtpass-0.7# make

    g++ -lssl -lcrypto mtpass.cpp -o mtpass
    mtpass.cpp:26:25: error: openssl/md5.h: No such file or directory
    mtpass.cpp: In member function ‘void cUserRecord::DecryptAndShowRecord()’:
    mtpass.cpp:158: error: ‘MD5_DIGEST_LENGTH’ was not declared in this scope
    mtpass.cpp:162: error: ‘key’ was not declared in this scope
    mtpass.cpp:162: error: ‘MD5’ was not declared in this scope
    mtpass.cpp: In function ‘int main(int, char**)’:
    mtpass.cpp:264: error: ‘MD5_DIGEST_LENGTH’ was not declared in this scope
    make: *** [mtpass] Error 1

    root@ijaz-laptop:/temp/mtpass-0.7#

    How can it be fixed….?

    Comment by ijaz — May 9, 2012 @ 3:35 PM

  12. Hello, we require load balancing along with failover. Eg LAN – 192.168.1.0/24. WAN 1 (interface ip) – 10.10.1.2 g/w 10.10.1.1 WAN 2 (interface ip) – 10.10.2.2 g/w 10.10.2.1. User with IP 192.168.1.2 could use WAN 1, user with IP 192.168.1.3 could use WAN 2 (using 2 different gateways @ the same time kind of load balancing) Similarly even other connected nodes on LAN should be distributed between 2 different gateways. And as soon as any one of the g/w is down the other should take over the whole LAN n/w. Again when the gateway is up load balancing should happen again.
    Any idea ???

    Comment by rajjuneja — May 11, 2012 @ 2:02 PM

    • I would like to do username=ip address of subscriber for external AAA/Radius server. with Hotspot i am able to do mac authentication & other authentication. but I want to use ip address rather then mac for authentication.

      Comment by vishal — June 25, 2012 @ 1:43 PM

  13. sir i cant login how can get backup bcos i forget password and username?????

    Comment by lucky — October 22, 2012 @ 11:58 AM

  14. dear i have 8 real ip and i want to give 5 real ip to my clients with dedicated 512k bandwdth…can you help me???? im from bangladesh

    Comment by salman — December 2, 2012 @ 2:37 AM

  15. when I do make I get:
    /tmp/cceYZ7S0.o: In function `cUserRecord::DecryptAndShowRecord()':
    mtpass.cpp:(.text._ZN11cUserRecord20DecryptAndShowRecordEv[cUserRecord::DecryptAndShowRecord()]+0xd6): undefined reference to `MD5′
    collect2: ld devolvió el estado de salida 1
    make: *** [mtpass] Error 1

    Comment by Sergio — December 17, 2012 @ 7:32 PM

  16. Compile to:
    g++ mtpass.cpp -o mtpass -lssl -lcrypto

    Comment by Rodrigo Minelli.´. — January 16, 2013 @ 4:12 AM

  17. hello dear,

    i have gone thru ur discription over recovering password bt my problem is that i hv not found back up file in my system n i m nt used to use linex or wtevere is third option so is there any other easy option to recover the password for dumb user like me……???? i will be gr8full to u.

    Comment by gurmeet singh — April 12, 2013 @ 6:46 PM

  18. Will this password recovery (Live CD) supports the latest x86 version (5.25)?
    When I try to copy the user.dat an error came out saying something like the file or directory does not exist.
    Any ideas?

    Comment by Ben — July 9, 2013 @ 1:29 PM

  19. I am not familiar with ubuntu commands. Please tell me if I did the right thing.
    cp -i /rw/store/user.dat /dev/sdb1

    and the error was:
    No such file or directory

    Comment by Ben — July 30, 2013 @ 2:26 PM

  20. Dear, Jahanzeb

    I am running mikrotik rb750gl billing on a wifi network. I don’t have enough knowledge about setting/configuration of mikrotik (someone had done this for me).
    i just want to ask, that i see many ip addresses in my ip/firewall/connections page even there is no any active user on my active user list. I have doubt that someone is using my wifi network without proper user name / password. Please reply me..

    Comment by safdar — March 30, 2014 @ 3:52 AM

    • Dont worry, Connection tab shows any ip that mikrotik is sensing on network.
      But surely you should have proper firewall / security in place to avoid misuse of your internet/resources. Something like PPPOE server or hotspot.

      Comment by Syed Jahanzaib / Pinochio~:) — April 1, 2014 @ 11:01 AM

  21. sir i have backup and dont know about any OS just windows
    but i want to recover password plz suggest me at mughal.sharaz1@gmail.com

    Comment by sharaz4113 — April 7, 2014 @ 11:58 PM

  22. aaacable@hotmail.com

    Comment by sharaz4113 — April 14, 2014 @ 2:12 PM

  23. Many Thanks for all you eforts .
    Jazakom allah khiaran

    could you please let me know what to do to fix the compilation errors of the mtpass.cpp file using Ubuntu live cd,

    mtpass.cpp:26:25: error: openssl/md5.h: No such file or directory
    mtpass.cpp: In member function ‘void cUserRecord::DecryptAndShowRecord()’:
    mtpass.cpp:158: error: ‘MD5_DIGEST_LENGTH’ was not declared in this scope
    mtpass.cpp:162: error: ‘key’ was not declared in this scope
    mtpass.cpp:162: error: ‘MD5’ was not declared in this scope
    mtpass.cpp: In function ‘int main(int, char**)’:
    mtpass.cpp:264: error: ‘MD5_DIGEST_LENGTH’ was not declared in this scope

    also could I compile the file under windows using cpp compiler ?

    I have sent you a Bkp file to retrieve its admins passwords , many thanks in advance .

    Comment by ahmed — April 15, 2014 @ 9:08 PM

  24. i send you the backup to your email

    Comment by Eng mohammed — April 22, 2014 @ 12:47 AM

  25. A.O.A sir i just lost my mikrotik password and the website http://www.mikerotikpasswordrecovery.com has been blocked or temporary unavailable kindly i’m in trouble i can’t creaet my users in my mt router please help i’ll be highly thankful to you.

    Comment by zeeshan — May 15, 2014 @ 1:36 AM

  26. i want to contact with Syed Jhanzaib Shah Dear This is my cell no plz sms or call me 03002519729

    Comment by Fida Rashdi — May 23, 2014 @ 12:00 PM

  27. Mikrotik password recovery online tool https://www.mikrotikpasswordrecovery.net

    Comment by Ungazan Slovakia — May 23, 2014 @ 11:20 PM

  28. Hello.
    I have next situation:
    We are using Mikrotik (5.14) on virtual machine VMWare. We are lost Admin password. Also we doesn’t have a backup file to restore and also we can to reset it because it is very much to restore rules after this.
    i have a make snapshot and make a OVF (Folder over file) export from VMWare ESXi (copy of mikrotik virtual machine) it is around 2.5 Gb. it is possible to get password or a backup configuration for mikrotik from this ?
    Thank you.

    Comment by Max — May 28, 2014 @ 1:46 AM

    • in your situation it is easier to recover the admin password ;)
      Simply mount in your VM, mount ubuntu cd as boot device and boot from it, then use the following method from my guide. I used it in the past and it worked like a charm. I dont remember exact version of mikrotik I used, but i guess it was something 5.x
      3# Recover password of x86 PC Version

      Comment by Syed Jahanzaib / Pinochio~:) — May 28, 2014 @ 9:02 AM

  29. or maybe exist another way/solution for virtual mikrotik to reset or get admin/root password without to lose any data

    Comment by Max — May 28, 2014 @ 1:49 AM

  30. Hello Syed, your material is very helpful!
    However I have the same problem like ahmed

    mtpass.cpp:26:25: error: openssl/md5.h: No such file or directory
    mtpass.cpp: In member function ‘void cUserRecord::DecryptAndShowRecord()’:
    mtpass.cpp:158: error: ‘MD5_DIGEST_LENGTH’ was not declared in this scope
    mtpass.cpp:162: error: ‘key’ was not declared in this scope
    mtpass.cpp:162: error: ‘MD5’ was not declared in this scope
    mtpass.cpp: In function ‘int main(int, char**)’:
    mtpass.cpp:264: error: ‘MD5_DIGEST_LENGTH’ was not declared in this scope

    What can i do about it?
    Thank you very much in advance.

    Comment by George — June 12, 2014 @ 4:26 PM

    • Have you tried
      #If you receive *error* after issuing make command, then you can use following command to compile it (workaround)
      g++ mtpass.cpp -lgnutls-openssl -o mtpass

      Comment by Syed Jahanzaib / Pinochio~:) — June 12, 2014 @ 4:28 PM

      • Yes i did.
        and i tried with the Ubuntu Live CD
        and on Centos 6.5 too

        I think the problem starts here:

        [root@localhost ~]# sudo yum install build-essential g++ libssl-dev libcurl4-gnutls-dev libexpat1-dev gettext libz-dev

        Loaded plugins: fastestmirror, kmod
        Loading mirror speeds from cached hostfile
        Setting up Install Process
        No package build-essential available.
        No package g++ available.
        No package libssl-dev available.
        No package libcurl4-gnutls-dev available.
        No package libexpat1-dev available.
        No package libz-dev available.

        I can’t find the packages g++ libssl-dev ibcurl4-gnutls-dev libexpat1-dev ibz-dev

        Comment by George — June 12, 2014 @ 5:32 PM

  31. Syed problem solved!
    I found the correct tools for Centos and I found the solution
    Many thanks for the support anyway!

    Comment by George — June 12, 2014 @ 6:09 PM

  32. plz send my password

    Comment by Rashid King — June 16, 2014 @ 10:41 AM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,270 other followers

%d bloggers like this: