|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码: }, k( n: Q# N! N
- k3 C5 o/ Z4 I( C5 \- G<Account>' _; @$ g- [ k( F
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />! P& [! y Q s4 f- p
<Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />
8 A, U2 W, }* d- ` <Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />8 p! n; l) d% [4 D) j
<TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />) {* A6 ~ h6 J! n* Q8 Q1 R0 P% I
<FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />$ a' v$ X- o1 z* z
<HttpEntry Active="Yes" http_right="1" />) G% @. I( q0 w( Y
<ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
- D* |/ E8 F5 S* j <CTDefParaEntry setDefValueFlag="1" />& d$ {: H, a5 ?5 L% d
</Account>
# e) N1 C* [) Q) k
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:* k8 t8 O: v& I
5 U5 }( Z' {3 P. {2 c* l( {* w& ?
http://192.168.1.1/cqregister.asp6 M3 H4 o3 u; H% Y
http://192.168.1.1/cqreset.asp
. X+ A) `( ]4 Y) G8 {) S* vhttp://192.168.1.1/cwmpsetting.asp
1 q+ f" g1 ~2 X+ Z. ]http://192.168.1.1/getGateWay.cgi
; J5 A$ C, F- ?/ L* ~ g; `$ `
) y; q6 V9 J8 b#getRomfileInfo就出现个下拉菜单
5 N5 i: `* V& R) z) q' J3 ghttp://192.168.1.1/getRomfileInfo.cgi
' Q# n8 i5 U5 B( W/ \! m& }; o$ ~8 G1 {* s- N, e
http://192.168.1.1/register.asp
. s y6 @6 a# j2 ^- n1 O$ ahttp://192.168.1.1/regprocess.asp
, d* K* p0 u4 ~) _) hhttp://192.168.1.1/regprocess.cgi
+ R5 `. n r# @- {+ U
8 M$ A( F2 i7 c7 V! ~6 A#恢复默认设置的命令不会丢移动下发的配置$ q+ e. Z1 k( E! L a# X- [
http://192.168.1.1/restorepurefactory.cgi4 C! W U$ O$ q9 F2 e; v
) o; c. @' D, C! D
http://192.168.1.1/telnet.asp2 A$ ^% z* K9 W( i
http://192.168.1.1/test_factory.asp
9 s- ], j. z' f$ xhttp://192.168.1.1/test_info.asp
) d% y1 q3 E% F7 ]( B0 U% Thttp://192.168.1.1/test_version.asp1 @+ _$ \: G# f
http://192.168.1.1/upgrade.asp1 V$ s' T, j3 c* I7 e0 r
# _- B- O( R( o1 {$ d0 S/ o
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。
3 N4 h4 N$ z' B# Kapp-daily.asp
) |* v T z9 oapp-ddns.asp
6 j5 A0 n5 Y; Happ-igmpset.asp, W, @! L ~2 B7 b) q, q5 ]/ u2 G
app-natset.asp
$ S* c3 C1 V9 e- D }& [" Papp-upnp.asp6 O. E. _1 ~# z
app-VoIP.asp. C/ C& ?8 F5 _2 j; x) f) ]
app-VoIP248.asp" U2 o+ r5 m+ S! N9 B; u7 `; s
app-VoIP248_Adv.asp
/ u: @6 H- H. C% v/ \app-VoIPUser.asp: j% e/ A) M3 p. `, d
app-VoIP_Adv.asp, }- J- e2 `* {( |1 G3 B) Z5 v0 J
app_ddnslist.cgi6 y0 w1 u$ z9 ~
avalanch.asp k# _. s) A# n7 W! c$ z
byeBye.cgi
2 h0 _9 f) ^+ K* E( M4 f( v% Oadv_vpn.asp* G& |: `& M! ?- G1 _6 X& }
cqregister.asp3 j5 y. O6 b( X. O1 Z2 T
cqreset.asp* k3 v" @4 _# \
adv_upnp.asp
" @; Q4 x. i5 {+ K# [cwmpsetting.asp
( ?) c0 g. o' c9 Hdiag-quickdiagnose.asp4 m: U% P2 j |& J! y% R
ErrMsg.asp" X% E3 ~: A+ f7 o" p7 D& s
getGateWay.cgi
* w1 y' n3 G' qgetPingResult.cgi& X5 q/ H8 }" ]4 o3 }+ p; H {5 s
getRomfileInfo.cgi7 I8 I% |# U1 k- I/ n% \
getTracentResult.cgi* x0 s7 b: E/ T: J+ p; _ w
help.asp
, D) n* k/ R/ F7 H+ ?; K+ `help_content.asp
8 j( X" G8 U+ y$ o" w. [3 {2 O, fadv_qos.asp
; P1 \6 @$ c, K6 ?5 Madv_dmz.asp
/ N% q+ \/ u* U2 r! Eindex.asp( p; X6 R! x* d/ E* T- \- N$ y
index2.asp9 }3 H4 I2 b* n0 B
index3.asp
' Z- H% t4 Y- k3 z# Q9 Y tInsertSimcardMsg.cgi3 F5 U: ^. C/ {5 q( _5 F8 }
itms.cgi
2 b4 v# ^/ @/ u8 h: [! ~. H7 Oadv_ddns.asp
7 d/ M u9 \" R$ |content.asp; X- D O( H5 s0 B {+ c
laserforce.cgi2 L, f* e& R, p/ h1 z7 |
lasernormal.cgi! a7 f5 A/ e8 w9 @4 U8 I
logout.cgi) o) v$ S0 o' l
mag-account.asp
: ]2 T+ y4 [1 P# W1 s1 P/ F7 m5 kmag-diagnose.asp
* \8 y* N' u [# \. rmag-reset.asp! @; N" g# i: T% x4 m L
mag-syslogmanage.asp7 f! }9 u- d. l0 w) W
maintainreport.cgi
' X" e2 t4 q' S7 v6 S ?% Mnet-binding.asp5 m$ z( o# n7 P
net-dhcp.asp% O- q) Z p5 k5 c
net-landingpage.asp
2 Q5 S d* `+ N Fnet-phoneapp.asp
$ S2 a' G1 O' }" inet-qos.asp
8 V# G( K% B( G [/ J% ~net-route6add.asp$ E E0 q. e3 Q0 x$ @# w' P2 a1 r7 b
net-routeadd.asp) f" x9 o( x" X5 O3 X F; P
net-routeset.asp2 S+ b0 n% b/ `; S! N0 h- O9 J
net-time.asp$ v& a0 y$ Z- J4 E* r2 k5 J( \8 E
net-tr069.asp; ~3 @8 j5 u8 D$ N
net-wanset.asp
# P* g" q5 X3 R" P- ^( ]* C T+ Wnet-wlan.asp7 O, ]5 [6 ^% X { i& X
net-wlan11ac.asp
' X. j) r! O! {" snet-wlanshare.asp
/ G9 c; X/ S+ p L/ }/ Enormal_access.asp0 C8 E) h' R4 m5 z( C/ N$ B- n8 h
normal_internet_wan.asp5 y4 e: M8 U0 r- ~
normal_manage.asp
; O# J4 I# y. B9 V' n4 D3 inormal_manage_password.asp1 R: a& M$ B- q+ z1 K4 }
normal_network.asp! k0 k, o. a1 X2 a* X- {0 E
normal_security.asp
! P) ~# N2 t: k- M. c7 rnormal_sys.asp
0 T- L7 f( ]1 U9 yparentControl.asp
5 b8 b. K+ r, y( \# K0 O) O, _pushviewfinish.asp
, S# L% F2 ] f3 npushviewupgrade.asp4 W; @- c$ i9 r; i+ s" i9 b
qos-clsedit.asp, [4 h6 @0 I2 j
qos-comvlan.asp
6 \, T, `% Z" x7 |2 xqos-dslimit.asp
. E! f$ Z* d1 H r+ G" f2 oredirect.cgi* O( d4 D0 ?" g
redirect_cancel.cgi
2 r& w0 f+ O5 Arefresh.asp
6 I* R* O+ g2 c. `3 zregister.asp
! D! }2 r$ W5 r7 Nregprocess.asp2 }: v* ^% C! d6 m* k$ B- b, V
regprocess.cgi
9 j0 _, k8 L4 Z9 sregstatus.asp% ?9 d1 z+ j6 t# L( F
RemoteUPGMsg.cgi
* W$ `# y% J, N7 m$ A9 W* M2 t& z1 `reset.asp
0 {8 v2 ~. H% ?1 a( A @; Sresetscreen.asp# y) Y8 m! s) c) o8 `
restorepurefactory.cgi! j& J2 V- i' Z) Y. e" L! U% a
sec-addmacfilter.asp* Y4 j" o$ I0 _; m: A* _# c4 f, a* F9 V
sec-addportfilter.asp
7 C# r1 {( S0 ]( G8 `sec-firewall.asp
' {6 w% n+ R% U( d1 B3 x; a: h* x! N% Tsec-macfilter.asp
& f. s6 b/ C0 E% fsec-portfilter.asp
6 j+ {! ]3 R, J! U/ G: lsec-protocolfilter.asp
: m# w1 J- L/ F$ G' C6 csec-urlfilter.asp
; p& j2 u5 C% B9 j! Usec_macfilterlist.cgi
' X3 f% B% E) s% u, o( Bsec_portfilterinlist.cgi
. T9 P7 T( d8 U3 D6 D$ Vsec_portfilteroutlist.cgi
1 b: P% B) G9 y# P+ C) Msec_urlfilterlist.cgi
, h* j$ V* _ f1 cselfcheck.asp0 j8 j1 u( Z5 q# U9 p
showhis.cgi, q4 y @( a+ m$ e+ u* S9 ^) o/ ?
showusb.cgi
. D& ^9 a3 {3 V9 V$ _7 ista-acs.asp' I5 j7 D+ o4 ]
sta-device.asp7 [) Y6 U3 M( _* \/ B6 ?/ E
sta-network.asp
, c0 p2 s# P/ f4 Zsta-position.asp
9 K9 L1 x: R9 @sta-user.asp
4 G) w) E1 F, S$ ~+ \1 Csta-VoIP.asp
/ O3 c% h3 P; w s+ t! i( csta-VoIP248.asp6 [! p/ i7 j/ t) w* m
state_bandwidth.asp
. M1 q) ^$ @% {: bstate_device.asp1 K$ s- Y7 A3 H
state_gateway.asp
/ h# r5 y! l* q% wstate_overview.asp4 Z3 I1 ~+ l9 d. ?. m6 l! |, |7 n9 R
store.asp
$ J: X. s$ h) L! x! C' N. N' _2 Lsyslog.cgi+ Z* G; n: o# N) Z
telnet.asp, H& K" p: ^* {; |' [5 `. }) a' F5 A
test_factory.asp
. h- n9 p# ~: O- a; _3 U. Ftest_info.asp1 l( y. J* u2 W1 c* w" O# W
test_version.asp4 ^6 c* l5 v/ N$ G* x) p3 b, h
uindex.asp' g, M: {/ v* }9 Y% d B
UpdateMsg.cgi% ^1 d/ s' u5 h1 l7 b4 S
upgrade.asp
a: T# e8 `/ cwifi.asp
?/ S9 U: c7 s* J由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。
2 }% W' M2 W' I& ?0 K! f8 e" k {4 I( V& {
, e, Z& [. ^7 K1 q
' @; u2 C9 ~/ x& D+ A$ u( j |
|
/1 
44152102000001
