|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:
/ u1 C( R. ]- S% M4 K
X8 [/ k+ @' h( e! n" d<Account>, @& s6 b. n5 Q* H6 x
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />- Q ]7 s1 E3 q. V8 o
<Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />
5 T5 k" S. h0 K0 J' V <Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />
1 Z- F4 g. k# _5 {. `) _6 D <TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />4 U3 W1 A9 T* r" @7 ~
<FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" /> @; Y+ v- ^$ R, b ~- Y2 j# F6 i/ I
<HttpEntry Active="Yes" http_right="1" />
; N) }; b" v; I+ ~* R <ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
" `' j2 y8 ]( S. Y1 h8 O3 y e+ g <CTDefParaEntry setDefValueFlag="1" />
! m; h: K. p0 h5 A</Account>
" ]# C+ ~' r6 \( Z. |
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:
. [" w+ x3 Z8 I9 M9 ?
- P8 Q: R; y. Y, q1 z9 I3 O. xhttp://192.168.1.1/cqregister.asp
3 g( B' r$ v; Y. Jhttp://192.168.1.1/cqreset.asp: L6 H$ f) K" ?/ i ^
http://192.168.1.1/cwmpsetting.asp
5 o0 l8 k2 \, a8 b- `, \9 N: F; ihttp://192.168.1.1/getGateWay.cgi4 D0 A) \4 u9 S7 V& G! o
; ~1 A4 G6 t& _ L K- s#getRomfileInfo就出现个下拉菜单
( C; S1 H2 h1 d2 |http://192.168.1.1/getRomfileInfo.cgi
; S$ U0 d3 u. E! B# H: {/ e9 F) H/ {2 {( ]% P d
http://192.168.1.1/register.asp. A5 H3 M- \: d3 d+ N
http://192.168.1.1/regprocess.asp
- b0 ?1 y; `6 `6 rhttp://192.168.1.1/regprocess.cgi% J& N# T% v' s, `
: u; e9 L) f m E; \" s0 N$ O
#恢复默认设置的命令不会丢移动下发的配置
5 F# v7 u9 i( B8 `& ^http://192.168.1.1/restorepurefactory.cgi
" n3 b. ]' Y$ e* a/ d3 i4 ], _
+ O! ^1 d" b' v, k6 P) c+ hhttp://192.168.1.1/telnet.asp
* D3 f! x3 t. p( ohttp://192.168.1.1/test_factory.asp
7 Y* i% H5 `! Z: s( ^8 Vhttp://192.168.1.1/test_info.asp Z+ O T* T) O( I8 b
http://192.168.1.1/test_version.asp: p9 k( {* m' F. ]
http://192.168.1.1/upgrade.asp
r+ v( C4 G0 S. o- W" M& {
3 r% R' G8 n# J8 b/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。# `5 \ K5 ?* t4 U4 `
app-daily.asp; [+ j- |! x( u7 b
app-ddns.asp
6 W" s8 k1 j* L6 ~& j5 t5 }app-igmpset.asp
; r y0 a% V) ]3 W0 S- V2 P* dapp-natset.asp# X$ y$ F1 ]5 Q* N7 c
app-upnp.asp
; O4 `8 k5 o% ^5 I5 c; sapp-VoIP.asp1 D" L5 B- u3 `* N* Q2 }
app-VoIP248.asp6 f" p Z: y+ o2 w4 o4 e1 z/ A
app-VoIP248_Adv.asp# g" D4 W6 J3 [, r7 Q: L' }
app-VoIPUser.asp# t+ @0 S* |* q- y$ q- p
app-VoIP_Adv.asp
$ F' J( b; b/ i0 A Y" M5 |app_ddnslist.cgi* X/ u" b7 O5 f X
avalanch.asp
+ V+ }& Z: h+ D" ~7 abyeBye.cgi
7 _1 w! |% w% h% S& o m- Gadv_vpn.asp" F( H5 k8 y6 e1 o* b/ B" c
cqregister.asp, ?0 n- l# T6 c* |2 \0 B" c% Y! x
cqreset.asp
9 O. e2 j8 x. D5 T1 q/ ladv_upnp.asp% q4 C( Y5 }% Y0 l1 X& T
cwmpsetting.asp9 x$ q' K! H; k* n; X4 Q
diag-quickdiagnose.asp( x, U/ |; s# D* h* M4 }! e
ErrMsg.asp
6 Z5 l& @- ^" D" p. E. @getGateWay.cgi
5 J% [2 r1 Z! V8 ygetPingResult.cgi
0 E& a0 ]8 q$ x- R4 x9 EgetRomfileInfo.cgi
8 Q4 N: ]5 n' S- f( V- _getTracentResult.cgi
3 j. c$ N; g9 d! G' X( Nhelp.asp1 m/ W; ?. e0 T7 H
help_content.asp6 @+ v6 p1 H' K
adv_qos.asp
- W, n6 ~" Q' j/ ^+ f, o5 q0 q+ eadv_dmz.asp1 ?4 @; x" z T* a. K4 }
index.asp2 e& T% Z1 W+ w+ C
index2.asp
$ s7 O) V4 h' G, d. g! D7 p1 Bindex3.asp
! [6 J4 w8 Q8 f) L) @8 `+ LInsertSimcardMsg.cgi
# T5 |$ B, @. h# eitms.cgi: C' \. `0 d1 {+ c. i
adv_ddns.asp
8 ^/ Z+ l7 g: E4 Q$ j7 U' ]3 Lcontent.asp$ w5 \5 a8 N7 o6 K# n
laserforce.cgi# e2 l" I+ j O! A
lasernormal.cgi B/ L* P' H Q3 O. Q
logout.cgi: Q0 D; G9 L% [! j a7 b
mag-account.asp
) i+ U: y- {' U+ wmag-diagnose.asp
3 g( @6 ]$ |' P2 N( K3 Zmag-reset.asp
9 J: D+ o. a# n( C6 nmag-syslogmanage.asp8 B9 H( q( G) @6 T! a
maintainreport.cgi# ], T* L X/ k9 s4 f3 `
net-binding.asp3 `: e4 j1 r5 U
net-dhcp.asp
6 L3 c8 Q0 N% e0 onet-landingpage.asp
+ j8 I) G/ m& D) x7 M( wnet-phoneapp.asp+ {/ b- g6 h, P4 h6 |6 D
net-qos.asp3 a4 W' e9 z' v! _3 c
net-route6add.asp
8 F2 d0 e+ Z7 }) M( e6 Xnet-routeadd.asp' n* [( B1 O' x6 }& M
net-routeset.asp
3 g& s% |3 T6 H# R+ ?5 Inet-time.asp7 d) ~3 o" z! [+ T
net-tr069.asp
9 s9 c! ?0 y4 ~; D! e mnet-wanset.asp
8 V# c$ ~+ \1 @. r0 t/ o( y Unet-wlan.asp* l: t! F7 k5 M) i% I
net-wlan11ac.asp
( T* D* k. r1 Z/ ] } Knet-wlanshare.asp- R; ]$ A, f5 l9 f* J- k- B0 U" ?
normal_access.asp1 f6 e" J/ X5 h" t; \
normal_internet_wan.asp
0 w4 N" m! h0 Znormal_manage.asp9 Y, C7 p% `7 v/ ^/ z
normal_manage_password.asp# ~: }* ~; \$ y9 |# o7 G% t
normal_network.asp
7 I( [0 E! b" hnormal_security.asp
0 I8 ~* b" N9 P7 S6 c4 wnormal_sys.asp9 Y% P* r6 L' X0 [) Z
parentControl.asp
4 o# N, i! J {$ bpushviewfinish.asp
q, v/ c4 j) Z1 ppushviewupgrade.asp
( X4 X& V+ L. w5 bqos-clsedit.asp6 H" y. C" J1 q: B" Z" n) O5 E
qos-comvlan.asp; \. `1 z9 u5 ~/ t0 d3 H
qos-dslimit.asp
2 j/ d2 o9 I2 E8 V6 Wredirect.cgi# C! @/ L, p5 j4 b) H- u5 G8 ? Q
redirect_cancel.cgi
0 U/ c5 q9 m- {1 H krefresh.asp3 W" T z1 U* Z* D6 K$ Z8 s4 L0 F
register.asp
8 h0 V x% w0 rregprocess.asp/ ]% K+ L. Z! g# Q
regprocess.cgi
* b' ?9 ~6 r6 ^# Zregstatus.asp" }1 p3 Q+ _/ o3 ], z$ Q9 Q
RemoteUPGMsg.cgi
# M% t3 { Q2 c3 b ^7 V3 Greset.asp( Y9 z! G- Y+ P: a, @: F$ v
resetscreen.asp
$ u0 x' M; d2 ^- @. D( drestorepurefactory.cgi
- Q0 i5 s7 x6 b. msec-addmacfilter.asp
9 @+ U: G3 \; Y! l l) P/ N1 Tsec-addportfilter.asp [! |. |3 ~3 f/ ~
sec-firewall.asp$ j% h# c% d$ y0 H' n
sec-macfilter.asp
' Y/ c' \4 m( }9 xsec-portfilter.asp
1 w! _( `& c/ J% V& Osec-protocolfilter.asp8 s, `" \- f/ i! P8 j# ~
sec-urlfilter.asp
+ f9 |% J5 c/ @( bsec_macfilterlist.cgi" {) l6 g( x1 t- C! d: S% @# k1 P' l
sec_portfilterinlist.cgi
- K: L, w$ [ P; N- Z4 }# E6 Fsec_portfilteroutlist.cgi
+ x, ?; t7 |2 k/ a% Hsec_urlfilterlist.cgi
4 X2 e a, q: V/ K# Lselfcheck.asp
0 e5 s5 S; k @3 o# `+ C% F7 hshowhis.cgi, Y5 k8 T. s1 C4 Y7 o
showusb.cgi6 s3 `0 ]( R. k* C$ n0 h$ J5 w
sta-acs.asp
( S# x0 e# b* I" G5 W+ \sta-device.asp/ e3 Q" s+ \& x* l5 U
sta-network.asp
+ r* V" q1 ]7 S8 h% k% n( Usta-position.asp: q1 v) S6 m* l7 T
sta-user.asp" k0 a8 e% z5 `5 D
sta-VoIP.asp5 ]5 ]$ z' V9 L
sta-VoIP248.asp5 Z; X5 y j; P4 n$ L3 g" Y( u
state_bandwidth.asp
- U- k3 z' [) D8 p( q2 Xstate_device.asp- [* G: {+ \, e$ x, f
state_gateway.asp: E; A3 Z- ]( `/ g/ x( D8 c
state_overview.asp( G' r* M* z- P1 i$ d5 u
store.asp% o# P1 s1 c |
syslog.cgi7 l; s4 T: [9 T& `) `
telnet.asp- d2 s+ b) w! \1 a7 Q
test_factory.asp ]% r# {$ D& `! i% x7 d3 W- X
test_info.asp9 ~. K8 b0 R% o' A
test_version.asp9 b+ g+ {% G# w8 Q5 a M
uindex.asp
0 f3 Q2 ^( U# {$ gUpdateMsg.cgi
! z9 o: u2 k2 |' K/ [ k* g7 uupgrade.asp
) J0 V& u5 f) T/ l2 h" ^- owifi.asp
由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。
: P5 q7 F; s9 A0 r& p2 ^: g" W T- c" E& @- C
9 i# Z/ R0 |9 d* z# e
1 v# `: M5 I( w1 k6 k
|
|
/1 
粤公网安备44152102000001号 
