hw_ctree.xml文件无法解密

ahww · 发表于 2024-10-21 23:51:01

改成与超密一样的字符串也不行。

358954592 · 发表于 2024-10-22 00:26:37

@Echo off
! ~7 b) O. v/ ^
echo set sh=WScript.CreateObject("WScript.Shell") >tmp.vbs
3 j1 X/ Y# g" X' d& @7 f7 k+ h
echo WScript.Sleep 1000 >>tmp.vbs
/ h' \+ A p) N
echo sh.SendKeys "open 192.168.1.1{ENTER}" >>tmp.vbs
3 N7 {+ |4 |4 Y: v f, v7 O
echo WScript.Sleep 1000 >>tmp.vbs3 @. e3 N! {% B1 S; o, E% b
echo sh.SendKeys "root{ENTER}" >>tmp.vbs
' N" [! H; N% P$ O+ j1 R& ` J; l
echo WScript.Sleep 1000 >>tmp.vbs
1 R4 X- K( J: ?% T }! M: H
echo sh.SendKeys "adminHW{ENTER}" >>tmp.vbs9 M% b/ I5 I2 S, G& S2 u& a
echo WScript.Sleep 1000 >>tmp.vbs8 z! ]: s# q, X5 K( \4 H7 Z
echo sh.SendKeys "su{ENTER}" >>tmp.vbs
! h$ Z# d6 m, D3 o) L$ I; [% K* a, u
echo WScript.Sleep 1000 >>tmp.vbs
( g1 P8 |* H. `7 v" v
echo sh.SendKeys "shell{ENTER}" >>tmp.vbs
' M0 s2 J5 b0 ]) w8 D/ m, {
echo WScript.Sleep 1000 >>tmp.vbs
! F3 D3 i; T2 v' |9 h. r
echo sh.SendKeys "cp /mnt/jffs2/hw_ctree.xml /mnt/jffs2/mycfg.xml.gz {ENTER}" >>tmp.vbs6 |2 m" p% {5 H, g ^" {) y" W
echo WScript.Sleep 1000 >>tmp.vbs9 M$ g, j' z8 u/ n2 C! P1 s! C7 z
echo sh.SendKeys "cd /mnt/jffs2{ENTER}" >>tmp.vbs
% C5 c6 X E7 _8 A& y
echo WScript.Sleep 1000 >>tmp.vbs& v$ \- C( G3 v& C" H% s4 h4 F
echo sh.SendKeys "aescrypt2 1 mycfg.xml.gz tem{ENTER}" >>tmp.vbs& I3 J, h% U# A' P0 l+ z6 Q; @
echo WScript.Sleep 1000 >>tmp.vbs. K: r0 y0 E4 b9 f+ r
echo sh.SendKeys "gzip -d mycfg.xml.gz{ENTER}" >>tmp.vbs1 x9 B& d0 o. L) Z, j) ?8 W" K; c
echo WScript.Sleep 1000 >>tmp.vbs
: H* A7 a' W" E) A0 I% L/ v% H5 K
echo sh.SendKeys "grep WebUserInfoInstance mycfg.xml{ENTER}" >>tmp.vbs
' h3 H1 c r% b% r" t
echo WScript.Sleep 1000 >>tmp.vbs
% r" |* N$ {) W- j
echo sh.SendKeys "rm mycfg.xml{ENTER}" >>tmp.vbs8 D% j& z$ F2 k* z7 P
echo WScript.Sleep 1000 >>tmp.vbs
! z8 {' j) G) U: Z5 B% k3 u/ H1 I
start telnet
% N& W0 i. N A8 i
cscript //nologo tmp.vbs
9 n5 g p) ^3 X9 O: F! G/ H, X! j
del tmp.vbs

复制代码

ahww · 发表于 2024-10-23 10:29:28

Marken888 发表于 2024-10-21 20:21; Q1 Y, x6 Z6 T8 y5 e
这不清楚，听说加密方式是哈希值，还原不回去的，改成跟超密一样试试看吧 ...

试了，无效。

ahww · 发表于 2024-10-23 10:32:22

358954592 发表于 2024-10-22 00:26

我试试。

ahww · 发表于 2024-10-23 11:24:13

358954592 发表于 2024-10-22 00:26

不行，解出的密码部分仍是乱码或仍是加密的，如下：
<X_HW_WebUserInfoInstance InstanceID="1" UserName="root" Password="$2-{\>L;OTS5*&>#YL[BsO`ghKA<}TG#5]PEH[Gq|HvXVO2-vBfRGJD;2iK;$1f8&I*<E[$WqX"0"2Z@c~2o$_6scL#5q"~k=V3`,U$" UserLevel="1" Enable="1" ModifyPasswordFlag="1" Salt="01efce6ddd3feac23ed85bad" PassMode="3" Alias="cpe-1"/>
<X_HW_WebUserInfoInstance InstanceID="2" UserName="telecomadmin" Password="$2/(E|7D<JPDgbtLSQvg9W{/2^LKnb#P<Yn/Z18G2NPC%.4"OaL"|~ayHm`vCCV7<6Us^LZ)uSoH*wVWI&Rh<BL&p^JUj/N,S*]6E$$" UserLevel="0" Enable="1" ModifyPasswordFlag="0" Salt="d4e109ad12d6ed238fb8eee1" PassMode="3" Alias="cpe-2"/>

ahww · 发表于 2024-10-23 11:25:39

358954592 发表于 2024-10-22 00:26

试了，不行，密码部分仍是一长串各种各样的字符
<X_HW_WebUserInfoInstance InstanceID="1" UserName="root" Password="$2-{\>L;OTS5*&>#YL[BsO`ghKA<}TG#5]PEH[Gq|HvXVO2-vBfRGJD;2iK;$1f8&I*<E[$WqX"0"2Z@c~2o$_6scL#5q"~k=V3`,U$" UserLevel="1" Enable="1" ModifyPasswordFlag="1" Salt="01efce6ddd3feac23ed85bad" PassMode="3" Alias="cpe-1"/>
<X_HW_WebUserInfoInstance InstanceID="2" UserName="telecomadmin" Password="$2/(E|7D<JPDgbtLSQvg9W{/2^LKnb#P<Yn/Z18G2NPC%.4"OaL"|~ayHm`vCCV7<6Us^LZ)uSoH*wVWI&Rh<BL&p^JUj/N,S*]6E$$" UserLevel="0" Enable="1" ModifyPasswordFlag="0" Salt="d4e109ad12d6ed238fb8eee1" PassMode="3" Alias="cpe-2"/>

358954592 · 发表于 2024-10-23 14:35:28

本帖最后由 358954592 于 2024-10-23 20:07 编辑

还原后的密码是保存在hw_default_ctree.xml文件里的，把这个问价下载下来解析一下，
<X_HW_WebUserInfo NumberOfInstances="2">
<X_HW_WebUserInfoInstance InstanceID="1" ModifyPasswordFlag="0" UserName="useradmin" Password="r37us" UserLevel="1" Enable="1"/> \\光猫背后的用户名密码
<X_HW_WebUserInfoInstance InstanceID="2" ModifyPasswordFlag="0" UserName="telecomadmin" Password="nE7jA%5m" UserLevel="0" Enable="1"/> \\超级密码

改成你想要的密码，加密后上传。然后再恢复出厂设置。

账号		自动登录	找回密码
密码			注册

[教程] hw_ctree.xml文件无法解密

浏览过的版块