Howto Recover Mikrotik ADMIN Account Forgotten Password

4/2/2014 Howto Recover Mikrotik ADMIN account Forgotten Password | Syed Jahanzaib Personnel Blog to Share Knowledge !
Syed Jahanzaib Personnel Blog to Share

Knowledge !
January 14, 2012
Howto Recover Mikrotik ADMIN account Forgotten Password
Filed under: Mikrotik Related — Tags: forgotten password recovery, mikrotik admin password recovery,
mikrotik forgotten password, mikrotik password recovery, mikrotik routerboard password recovery — Syed
Jahanzaib / Pinochio~:) @ 12:24 PM
i
35 Votes
According to information on Mikrotik WIKI and forums, it is not possible to recover the passwords without
loosing configuration.
However following are few methods to recover it.
1# Recover password from BACKUP file using a website http://mikrotikpasswordrecovery.com/
http://aacable.wordpress.com/2012/01/14/howto-recover-mikrotik-admin-account-forgotten-password/ 1/13
2# Recover password from BACKUP file using Linux LIVE CD
3# Recover password by mounting Mikrotik Hard disk in Linux LIVE CD and do recovery
1# Recover password from BACKUP file using a

website http://mikrotikpasswordrecovery.com/
You can easily recover your forgotten password if you have BACKUP file.
Backup file is done by following command.
1 /system backup save name=zaibmikrotik
Open Following web site.

http://mikrotikpasswordrecovery.com/default.aspx
Click on Browse, and select your backup file,

Now click on ” Shows Passwords “
It will show you your Password in few seconds.

As shown in the image below . . .
Simple enough ??
2# Recover password from BACKUP file using Linux
Login to your Ubuntu / Linux Box,

Download mikrotik password recovery tool and compile it by following commands,
1 mkdir /temp
2 cd /temp
3 wget http://manio.skyboo.net/mikrotik/mtpass-0.7.tar.bz2
4 tar jxvf mtpass-0.7.tar.bz2

5 cd mtpass-0.7
6 make
Now copy your Mikrotik Backup File to /temp folder ( Either using WEBMIN File Manager, via USB or
any other method you like)
Now Issue the following command
1 ./mtpass /temp/zaibmikrotik.backup
It will show you all account passwords in few seconds.

As shown in the image below . . .
3# Recover password of x86 PC Version
Boot from Ubuntu LIVE CD

(I used Ubuntu 9.1 Desktop CD in this example, you can download it from following link.
1 http://old-releases.ubuntu.com/releases/karmic/ubuntu-9.10-desktop-i386.iso
Select “Try Ubuntu“

As Shown in the image below . . .
After you see Desktop, Open TERMINAL from APPLICATION > ACCESSORIES > TERMINAL
Now change to root user by

sudo su
Now check your partitions by issuing

fdisk -l
you will see something like below image.
You partition can be different, use your judgment to see what partition mt is in, either by mounting it one by
one.
Now mount it any folder , for example
mkdir /temp
mount -t auto /dev/sda2 /temp
Now check its content by ls /temp and you will something like below image
*********************************************************
*********************************************************
Now Copy the ‘mikrotik password file’, (in newer ROS , it is located in /rw/store/user.dat) to USB flash
drive, It will be used to decode the password.
(The USB flash drive should be ‘plug and play’ in Ubuntu Live. Just plug it in usb port and it will appear
on desktop in few seconds , OR you can also copy it your network pc via configuring interface lan card
accordingly)
(Note: In older ROS it is /nova/store/user.dat)
Now shutdown live cd.
then Boot from your Ubuntu box, and use the Method # 2 , described earlier in this article to decode
password using mtpass tool from this file.
Copy the user.dat file where you have decompressed mt password tool . e.g /temp , now use the mt pass
tool to recover password from this file.
./mtpass user.dat
and you will see your admin password.
As Now you have seen the password now, you can login into mikrotik pc router with your Old Password
If your architecture is ROUTERBOARD RB series, Please follow the below guide.
http://manio.skyboo.net/mikrotik/
Also it’s possible for you to send an SMS to your router, tell it to run a script (parameters supported) and the
router can even respond, as it also supports SMS sending! More here:
http://wiki.mikrotik.com/wiki/Sms
You can setup an script just in case you forgot your password , and via sending sms, it can reset it to default.
or send you return the new/original password.
Regard’s
Regard’s
SYED JAHANZAIB
http://aacable.wordpress.com
About these ads

You May Like
Comments (32)
32 Comments »
1. Assalam- o – Alaiqum
How are you Jahanzaib bhai….
Please give me your number i want to ask you some question about mikrotik iam very new plz plz plz i
will never distrub u again n again….
1.
iffi123us@hotmail.com 7
Comment by Irfan Alam — January 14, 2012 @ 12:31 PM
Reply
2. Awesome!!
Comment by Sridhar Iyer — January 14, 2012 @ 1:55 PM
Reply
3. Very very helpful post… THANKS ZAIB BHAI
Comment by Mobeen Ahmad — January 15, 2012 @ 8:58 PM
Reply
4. Very good your site man, maybe you can help us to learn how to install the mikrotik (without GUI) in a
virtual machine in UBUNTU plz, so we can get the mikrotik + cache and other tools in one unique PC
.
Best regards, from Brazil!
Comment by int21 — January 24, 2012 @ 12:39 AM
Reply
It’s very simple.
Just isntall VM , create new machine, adjust its hardware as per your requirements ,
Download Mikrotik in ISO format,
Boot from this ISO in the newly created vm ,
install it,
and have fun
I will write about it soon.
Comment by Syed Jahanzaib / Pinochio~:) — January 24, 2012 @ 11:09 AM
Reply
Hi Syed,
We use our own Radius and Mikrotik as NAS for PPPoE & Hotspot users. The thing we require is
dynamic queues for users getting connected. Eg. day 512 kbps and night 1 mbps. From Mikrotik
forum we’ve got that it cant be done for PPPoE coz Mikrotik doesn’t supports CoA, but can be
achieved for Hotspot users.
Any idea how it can be done?
Comment by rajjuneja — February 9, 2012 @ 2:14 PM
Well I have used Radius Manager along with Mikrotik and it works fine.
Comment by Syed Jahanzaib / Pinochio~:) — February 9, 2012 @ 3:21 PM
5. You mean its applicable for both PPPoE & HotSpot clients ? But cant see any option of configuring that
while creating new services in Radius manager. Just have the option of Data rates along with Burst limit,
threshold and time. How do give someone 512 kbps from 6 am to 8 pm and 1 mbps from 8 pm to 6 am.
????
Reply
use Radius manager v 3.9 it is support CoA
Reply
6. Thnx, got it !!!!
Reply
7. Hi Sayed, once again……..
If we have Radius manager and Mikrotik NAS, and if we want

http://aacable.wordpress.com/2012/01/14/howto-recover-mikrotik-admin-account-forgotten-password/ to use it for Hotspot. So is it possible that8/13
If we have Radius manager and Mikrotik NAS, and if we want to use it for Hotspot. So is it possible that
the DHCP pool on NAS is private say 10.5.50.0/24 and after guests gets logged in, the guest should be
provided with a public ip from a public pool say 1.1.1.0/25 for that session (till the time the user is logged
in) after the user logs out the ip should be free. The assignment of Public IPs to private IPs (after users
gets logged in) should be random. So, can Radius Manager keep session logs of users along with logged
in time, logged out, its private ip and also public IP.
I earlier tried doing netmap of src-nat and dstn-nat, but there was no logs maintained of which private ip
is assigned to which public ip. Even Mikrotik support says that there isnt any option currently to log the
netmaps.
We have to maintain fool-proof security as per the law of DoT, thus need to allocate users with unique
Public Ip for each login (and not masquerade). And the problem is that we have very limited Public Ips
(but enough to allocate the live concurrent users).
Would really appreciate if you could help me on this.
Reply
Can’t say about Hotspot User,
in my opinion, You can define in RADIUS to provide Live ip to user via live public pool (live ip pool
for users created in Mikrotik), so when mikrotik will assign any ip to user, it will log this entry.
in Logs, you can see what ip was assigned to which users.
Reply
8. That’s true when we have PPPoE clients, since IP is allocated only after users logs in (By Radius) but how
can that be possible while using HotSpot.
Because any user getting connected to the HotSpot interface; Public IP will automatically be provided
even when the user doesn’t logs in. That would result in wastage of Public IPs.
I want public ips to be assigned only after users logs in. And that, either Radius should have the users
Public IP detail of the session, or else Mikrotik should manage logs of which private IP is mapped to
which public IP along with time-stamp (Logs send to Syslog server).
Reply
Sorry I haven’t used hotspot anywhere so can’t guide you in the right path.
Have you tried posting your query to mikrotik forum ? Maybe some one will come up with any work
around. I am sure you will get good and authentic replies over there.
Comment by Syed Jahanzaib / Pinochio~:) — February 11, 2012 @ 11:45 AM
Reply
9. Hi,
We now have a network with Radius Manager and Mikrotik as NAS for PPPoE users. We have
obeserved that while creating profile/plans like 1mbps day and 2 mbps night (7 am to 9 pm 1 mbps & 9
pm tp 7 am 2 mbps) on Radius Manager, the queue (rate-limit) of the pppoe users does not changes on
the fly but if the user logs out and logs in again at the night time the user gets the queue of 2 mbps.
Mikrotik support says that CoA is only for HotSpot and not for PPPoE thus cannot change rate-limit of
connected pppoe users. CoA for PPPoE only supports DM (Disconnect-Message) or so called PoD(Packet
of Disconnection) to disconnect the connected pppoe users.
Is there any solution which can change the queue/rate-limit of the pppoe users on the fly without
disconnecting the users.
Would appreciate your reply.
Comment by rajjuneja — April 18, 2012 @ 1:38 PM
Reply
Change on the fly is Not supported for pppoe clients. No proper solution for this. I made an ugly
workaround for this that I configured a script on Mikrotik PPPoE Server which disconnects all
sessions on Mikrotik at 12:00am, and 12pm to enforce rate changes.
Comment by Syed Jahanzaib / Pinochio~:) — April 19, 2012 @ 8:49 AM
Reply
10. Can you please share the script configuration which you’ve mentioned above ?? Also anything done on
Radius Manager or just on Mikrotik ??
Comment by rajjuneja — April 23, 2012 @ 5:19 PM
Reply
Just Mikrotik.
Also read this. a bit advance, but works according to this guy on the forum.
http://forum.mikrotik.com/viewtopic.php?f=9&t=52794
Reply
11. root@ijaz-laptop:/temp/mtpass-0.7# make
g++ -lssl -lcrypto mtpass.cpp -o mtpass

mtpass.cpp:26:25: error: openssl/md5.h: No such file or directory
mtpass.cpp: In member function ‘void cUserRecord::DecryptAndShowRecord()’:
mtpass.cpp:158: error: ‘MD5_DIGEST_LENGTH’ was not declared in this scope
mtpass.cpp:162: error: ‘key’ was not declared in this scope
mtpass.cpp:162: error: ‘MD5’ was not declared in this scope
mtpass.cpp: In function ‘int main(int, char**)’:
mtpass.cpp:264: error: ‘MD5_DIGEST_LENGTH’ was not declared in this scope
make: *** [mtpass] Error 1
root@ijaz-laptop:/temp/mtpass-0.7#
How can it be fixed….?
Comment by ijaz — May 9, 2012 @ 3:35 PM
Reply
12. Hello, we require load balancing along with failover. Eg LAN – 192.168.1.0/24. WAN 1 (interface ip) –
10.10.1.2 g/w 10.10.1.1 WAN 2 (interface ip) – 10.10.2.2 g/w 10.10.2.1. User with IP 192.168.1.2 could
use WAN 1, user with IP 192.168.1.3 could use WAN 2 (using 2 different gateways @ the same time kind
of load balancing) Similarly even other connected nodes on LAN should be distributed between 2
different gateways. And as soon as any one of the g/w is down the other should take over the whole LAN
n/w. Again when the gateway is up load balancing should happen again.
Any idea ???
Comment by rajjuneja — May 11, 2012 @ 2:02 PM
Reply
I would like to do username=ip address of subscriber for external AAA/Radius server. with Hotspot i
am able to do mac authentication & other authentication. but I want to use ip address rather then
mac for authentication.
Comment by vishal — June 25, 2012 @ 1:43 PM
Reply
13. sir i cant login how can get backup bcos i forget password and username?????
Comment by lucky — October 22, 2012 @ 11:58 AM
Reply
14. dear i have 8 real ip and i want to give 5 real ip to my clients with dedicated 512k bandwdth…can you
help me???? im from bangladesh
Comment by salman — December 2, 2012 @ 2:37 AM
Reply
15. when I do make I get:
/tmp/cceYZ7S0.o: In function `cUserRecord::DecryptAndShowRecord()’:
mtpass.cpp:
(.text._ZN11cUserRecord20DecryptAndShowRecordEv[cUserRecord::DecryptAndShowRecord()]+0xd6):
undefined reference to `MD5′
collect2: ld devolvió el estado de salida 1
make: *** [mtpass] Error 1
Comment by Sergio — December 17, 2012 @ 7:32 PM
Reply
16. Compile to:
g++ mtpass.cpp -o mtpass -lssl -lcrypto
Comment by Rodrigo Minelli.´. — January 16, 2013 @ 4:12 AM
Reply
17. hello dear,
i have gone thru ur discription over recovering password bt my problem is that i hv not found back up
file in my system n i m nt used to use linex or wtevere is third option so is there any other easy option to
recover the password for dumb user like me……???? i will be gr8full to u.
Comment by gurmeet singh — April 12, 2013 @ 6:46 PM
Reply
Do you have x86 version of mikrotik or RB ?
Reply
18. Will this password recovery (Live CD) supports the latest x86 version (5.25)?
When I try to copy the user.dat an error came out saying something like the file or directory does not
exist.
Any ideas?
Comment by Ben — July 9, 2013 @ 1:29 PM
Reply
I guess it will work.
Comment by Syed Jahanzaib / Pinochio~:) — July 10, 2013 @ 1:46 PM
Reply
19. I am not familiar with ubuntu commands. Please tell me if I did the right thing.
cp -i /rw/store/user.dat /dev/sdb1
and the error was:

No such file or directory
Comment by Ben — July 30, 2013 @ 2:26 PM
Reply
20. Dear, Jahanzeb
I am running mikrotik rb750gl billing on a wifi network. I don’t have enough knowledge about
setting/configuration of mikrotik (someone had done this for me).
i just want to ask, that i see many ip addresses in my ip/firewall/connections page even there is no any
active user on my active user list. I have doubt that someone is using my wifi network without proper
user name / password. Please reply me..
Comment by safdar — March 30, 2014 @ 3:52 AM
Reply
Dont worry, Connection tab shows any ip that mikrotik is sensing on network.
But surely you should have proper firewall / security in place to avoid misuse of your
internet/resources. Something like PPPOE server or hotspot.
Reply
RSS (Really Simple Syndication) feed for comments on this post. TrackBack URI (Uniform Resource
Identifier)
The Silver is the New Black Theme Blog at WordPress.com.
Follow
Follow “Syed Jahanzaib Personnel Blog to Share Knowledge !”
Powered by WordPress.com

Howto Recover Mikrotik ADMIN Account Forgotten Password - Syed Jahanzaib Personnel Blog To Share Knowledge !

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Howto Recover Mikrotik ADMIN Account Forgotten Password - Syed Jahanzaib Personnel Blog To Share Knowledge !

Uploaded by

Copyright:

Available Formats

4/2/2014 Howto Recover Mikrotik ADMIN account Forgotten Password | Syed Jahanzaib Personnel Blog to Share Knowledge !

Syed Jahanzaib Personnel Blog to Share

January 14, 2012

1# Recover password from BACKUP file using a website http://mikrotikpasswordrecovery.com/

2# Recover password from BACKUP file using Linux LIVE CD

1# Recover password from BACKUP file using a

1 /system backup save name=zaibmikrotik

Open Following web site.

Click on Browse, and select your backup file,

It will show you your Password in few seconds.

2# Recover password from BACKUP file using Linux

Login to your Ubuntu / Linux Box,

4 tar jxvf mtpass-0.7.tar.bz2

It will show you all account passwords in few seconds.

3# Recover password of x86 PC Version

Boot from Ubuntu LIVE CD

Select “Try Ubuntu“

Now change to root user by

Now check your partitions by issuing

you will see something like below image.

Now mount it any folder , for example

Now shutdown live cd.

and you will see your admin password.

If your architecture is ROUTERBOARD RB series, Please follow the below guide.

About these ads

Comment by Irfan Alam — January 14, 2012 @ 12:31 PM

Comment by Sridhar Iyer — January 14, 2012 @ 1:55 PM

Comment by Mobeen Ahmad — January 15, 2012 @ 8:58 PM

Best regards, from Brazil!

Comment by int21 — January 24, 2012 @ 12:39 AM

I will write about it soon.

Comment by Syed Jahanzaib / Pinochio~:) — January 24, 2012 @ 11:09 AM

Any idea how it can be done?

Comment by rajjuneja — February 9, 2012 @ 2:14 PM

Comment by Syed Jahanzaib / Pinochio~:) — February 9, 2012 @ 3:21 PM

Comment by rajjuneja — February 9, 2012 @ 3:31 PM

Comment by Syed Jahanzaib / Pinochio~:) — February 9, 2012 @ 7:43 PM

Comment by rajjuneja — February 9, 2012 @ 8:36 PM

If we have Radius manager and Mikrotik NAS, and if we want

Would really appreciate if you could help me on this.

Comment by rajjuneja — February 10, 2012 @ 3:14 PM

Comment by Syed Jahanzaib / Pinochio~:) — February 10, 2012 @ 4:48 PM

Comment by rajjuneja — February 10, 2012 @ 5:26 PM

Comment by Syed Jahanzaib / Pinochio~:) — February 11, 2012 @ 11:45 AM

Would appreciate your reply.

Comment by rajjuneja — April 18, 2012 @ 1:38 PM

Comment by Syed Jahanzaib / Pinochio~:) — April 19, 2012 @ 8:49 AM

Comment by rajjuneja — April 23, 2012 @ 5:19 PM

Comment by Syed Jahanzaib / Pinochio~:) — April 25, 2012 @ 11:03 AM

g++ -lssl -lcrypto mtpass.cpp -o mtpass

How can it be fixed….?

Comment by ijaz — May 9, 2012 @ 3:35 PM

Comment by rajjuneja — May 11, 2012 @ 2:02 PM

Comment by vishal — June 25, 2012 @ 1:43 PM

Comment by lucky — October 22, 2012 @ 11:58 AM

Comment by salman — December 2, 2012 @ 2:37 AM

Comment by Sergio — December 17, 2012 @ 7:32 PM

Comment by Rodrigo Minelli.´. — January 16, 2013 @ 4:12 AM

Comment by gurmeet singh — April 12, 2013 @ 6:46 PM

Comment by Syed Jahanzaib / Pinochio~:) — April 13, 2013 @ 10:09 AM

Comment by Ben — July 9, 2013 @ 1:29 PM