|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:
$ q; J. b9 ~& l0 Z0 Z) H/ x$ G: L: \# L; m: u3 F2 |
<Account>; b6 I; o/ P$ ?% y
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />
1 @$ C8 {' s) v- T- x7 D( t4 o0 c. ? <Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />9 |' K1 N5 F1 p5 t: @
<Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />
* C( Y; G5 f; } <TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />9 d' ~5 ~6 \5 r0 {
<FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />
5 t* M: y' }/ D, B. v( I8 Q/ @ <HttpEntry Active="Yes" http_right="1" />
6 S" E6 Y, `5 v( ^. b <ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
( f8 u: R* y$ _( @8 U, l9 R0 I <CTDefParaEntry setDefValueFlag="1" />
1 G/ x/ R, L7 Y1 v( C</Account>
& S: p4 l W$ [6 P9 G
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:: \4 A0 T9 E0 W
$ N6 y5 v# f8 x3 f/ y8 dhttp://192.168.1.1/cqregister.asp
5 j: r& P* H! z& y/ c2 C3 @http://192.168.1.1/cqreset.asp
/ V' U+ V4 T# y, @# Ghttp://192.168.1.1/cwmpsetting.asp* n+ O. T$ k; k1 G0 v% z0 v
http://192.168.1.1/getGateWay.cgi/ i8 `- U7 z' `$ ^: g4 x4 h
: ]. d5 ~+ b4 u6 s#getRomfileInfo就出现个下拉菜单
6 L/ w9 @0 r' ?% z8 Dhttp://192.168.1.1/getRomfileInfo.cgi8 d; ?7 t; t8 f+ R& v, `
( o% |+ n$ N. G. ?; ]6 H* L
http://192.168.1.1/register.asp! t; k5 d0 j* v4 O: t$ U) C
http://192.168.1.1/regprocess.asp8 K% e* g$ M# a3 G4 | l4 [* j
http://192.168.1.1/regprocess.cgi9 S1 k' w I& M/ }4 l4 O
6 z- F( X1 E% B, v/ g
#恢复默认设置的命令不会丢移动下发的配置
( \1 Y; c& k" _* N$ Uhttp://192.168.1.1/restorepurefactory.cgi
9 `" K3 o w; D1 T# Q8 h, h( A3 h
; w/ K) d# ^7 S7 w, u) Z5 lhttp://192.168.1.1/telnet.asp8 ~# A$ {6 q6 d+ n5 B- b
http://192.168.1.1/test_factory.asp
" I$ B2 \ L# r( q- N' zhttp://192.168.1.1/test_info.asp0 {6 q; x9 d; B. B8 a
http://192.168.1.1/test_version.asp
8 L' t! B& w1 X7 k) Y' mhttp://192.168.1.1/upgrade.asp c( C; p3 K0 F* S
& U _* }! S5 j1 Z. z
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。' I* `2 X! x$ Y9 A+ G3 H
app-daily.asp; l, G9 i/ b& m. y
app-ddns.asp
# w- W* s3 t6 A$ G' i# }1 P$ V1 i, vapp-igmpset.asp
5 S1 T/ ?8 O) T3 t0 k3 u) ^: Vapp-natset.asp- R9 ]9 o& [8 I* f
app-upnp.asp
) y, m) ~# U9 c( Bapp-VoIP.asp
4 x* f1 m- A z! Capp-VoIP248.asp
" a6 H W# ^6 x6 papp-VoIP248_Adv.asp
! k5 k, v0 ]( c. qapp-VoIPUser.asp# c6 s8 p7 K' D$ ~! R
app-VoIP_Adv.asp; {2 x( `- ^+ {" a9 E; r/ z
app_ddnslist.cgi9 ~6 N9 [. R" n' U
avalanch.asp \5 P" L: {- P5 Q7 B& Y
byeBye.cgi
- [2 G1 y2 Q6 |, I( s7 `! wadv_vpn.asp
4 Q) g( X- U$ w" E, M4 n, ?1 o6 Icqregister.asp
h: \3 c4 z; e+ K @. Rcqreset.asp5 Y+ p% C( r: ?
adv_upnp.asp |& J9 G. ?% \ w( {4 [, u! t
cwmpsetting.asp: r5 T7 s! W4 }) M
diag-quickdiagnose.asp
4 Z7 j8 C8 c8 L+ s2 lErrMsg.asp' U0 I ~- x) ?4 T) ~
getGateWay.cgi
4 y3 m# j6 T" O6 C, {% c* ?getPingResult.cgi0 d4 y' N! ^) `# N
getRomfileInfo.cgi' O0 [ R5 G7 v" c" x$ |& B
getTracentResult.cgi3 }6 f2 F3 w4 X, P
help.asp
* K( Z; q, Z# s2 rhelp_content.asp4 f* f4 s# n! [ i& E! W) x
adv_qos.asp
8 B0 W8 C/ {& nadv_dmz.asp
3 v7 R _0 i% B( i b: }: q3 ?1 b Z/ kindex.asp
6 m9 x0 ~+ _* H8 r2 c/ d3 cindex2.asp. H& q4 E X5 \8 \6 [ N
index3.asp; D4 A" l: L$ R# I9 c2 e
InsertSimcardMsg.cgi
/ b0 d5 R x4 @" Xitms.cgi: d) Q* n2 _7 a
adv_ddns.asp
) h) v* Z2 a9 a5 U* xcontent.asp
$ R3 f0 T0 i8 H3 ^& Jlaserforce.cgi
9 S2 ^, ?) c+ ?3 Olasernormal.cgi
. t& L3 a( ~* w* Mlogout.cgi4 {; k7 c! ^; m6 G) T. F
mag-account.asp
. D; Y+ f# l$ Z3 Jmag-diagnose.asp/ H$ x4 Z6 W, }/ U/ ^* P+ g
mag-reset.asp9 q& n, ~$ h5 D5 X( ?
mag-syslogmanage.asp! Y! Z+ V1 o# W* N; _' E$ K6 T
maintainreport.cgi( Y7 D, d" H$ z
net-binding.asp
- I0 c* S- j/ P, Lnet-dhcp.asp1 Z) n/ c. E/ N! y" |" Q) b* C
net-landingpage.asp
- \, e0 M9 W# L; f% \net-phoneapp.asp
( W1 u2 p1 L8 Ynet-qos.asp
9 q( {! N) q0 O1 Ynet-route6add.asp! t( B# n0 w# l% g8 M6 ?- f _
net-routeadd.asp
4 B- g% d/ j$ e" P" T. Hnet-routeset.asp: b' R( g( i' T8 x' E
net-time.asp0 G5 N6 y; h" d" H+ a' t6 f" a
net-tr069.asp
9 K$ ?, m% F3 X( H- i8 q4 Jnet-wanset.asp8 h) N$ G7 Q" ~! r6 O0 g
net-wlan.asp* q. z4 I# D0 M1 b+ G
net-wlan11ac.asp+ R' ^ `3 p( w) M' q6 G
net-wlanshare.asp
- e9 `% ]. K& ]normal_access.asp* [' v& ~1 F+ Z( I# F0 {6 A
normal_internet_wan.asp
. H! J. X0 k$ z7 Z' S: o( m2 ^normal_manage.asp
9 X2 R, \$ e5 C/ Bnormal_manage_password.asp$ t/ }! E) O% b# u
normal_network.asp5 R- c7 m7 H8 B* s$ w3 a! C
normal_security.asp5 A3 j3 a0 {4 ]$ d
normal_sys.asp
/ K! }4 p/ ~6 ^3 D. E d, oparentControl.asp, j! K8 d6 P9 f/ M3 ]
pushviewfinish.asp6 g) _; q+ F- ~6 ~! C- o2 @
pushviewupgrade.asp4 A2 l$ ?5 j: Z
qos-clsedit.asp$ y" ]+ g; J, m4 s O* f
qos-comvlan.asp
& a% N* g1 J: }0 \: m% Hqos-dslimit.asp
* z- Y7 a3 ]5 b7 e& \/ v3 predirect.cgi$ s. A4 `' Z; e; ?$ O% _" z+ M6 X% G
redirect_cancel.cgi
9 \) V- c' `1 b+ }refresh.asp
, d, w* J7 z) q0 J; s. K3 Jregister.asp
' X9 L: x' m; e# D$ D, c+ [" `regprocess.asp* M8 Q8 e4 b8 c$ b* E) p _) `
regprocess.cgi
0 ^; O6 N) |7 T0 K! c* {regstatus.asp- |/ x& Q9 O1 J# P- |- F5 B: d
RemoteUPGMsg.cgi& \( L: U9 X5 N1 J
reset.asp" {& ]! o, E3 Q4 M5 ~, {$ }
resetscreen.asp( q' M; i, `5 R
restorepurefactory.cgi
2 Z& I+ m$ v5 { Hsec-addmacfilter.asp2 B1 A: T( }, K
sec-addportfilter.asp( v# X# a: M/ S* I
sec-firewall.asp: K( P7 S) r% t- g- j
sec-macfilter.asp
4 ^6 P! ~8 M4 G J3 jsec-portfilter.asp
8 z) I7 ^, t2 l5 _sec-protocolfilter.asp
. e: G3 V9 L* P. W, b2 b+ d7 I! zsec-urlfilter.asp
6 B2 |, s6 M1 C) @. f! qsec_macfilterlist.cgi, f4 M9 r+ T) ?
sec_portfilterinlist.cgi3 t5 N6 D5 x. v, J; l6 {: q
sec_portfilteroutlist.cgi$ @1 |" J q _4 i; s7 z
sec_urlfilterlist.cgi2 {( B/ k4 r$ D* ?( G8 Y" z4 w
selfcheck.asp, l; z; W4 I5 Y& t( x5 R
showhis.cgi
6 ]$ d0 {& J2 y8 X: c* \4 Cshowusb.cgi
6 x D' m! M% P( l" Ssta-acs.asp4 {% _+ |, r8 m, b0 F% Z
sta-device.asp
5 Y, N2 k- w" m* U! c$ ~sta-network.asp4 S' D5 l+ [) h C' l9 f
sta-position.asp
2 C' V# a+ Y+ k8 B* Q; v. h/ bsta-user.asp) z& r+ c, [ e8 C! L3 U
sta-VoIP.asp
: r, q" R8 \! o3 Z& ]$ ssta-VoIP248.asp) ~( u5 N1 g0 `1 Z2 [! V
state_bandwidth.asp
0 z# ~0 U5 m5 j( G: Bstate_device.asp
% W1 p6 M1 b2 g) x3 Y& i+ K, dstate_gateway.asp
( N) M( ]$ v) r1 O) \state_overview.asp
8 W9 E3 G/ ~. J/ ]' M" astore.asp2 L1 @9 ]- `7 r8 W
syslog.cgi3 _/ C6 r9 V- j; ~
telnet.asp; P( J( L9 n& {
test_factory.asp* X* k! } O5 z r$ Z, N" Q: _6 Y& v
test_info.asp
- P# R/ U& A# d' Z, n" qtest_version.asp6 q, t1 Y7 n' T' P5 D5 f0 o+ J1 e
uindex.asp
3 K+ `1 ?/ |4 \0 m ~; V: pUpdateMsg.cgi
/ i7 B- ^3 ?% [3 W2 ~1 |& `. W: dupgrade.asp
7 Q: |' ^$ B: \, l9 Twifi.asp
由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。
0 E3 `, H9 M) B3 [8 W( m6 f4 A( a7 Q
' L }9 O$ ]# G3 e
: F" |: C8 c4 j3 w q7 M |
|
/1 
44152102000001
