|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:+ Y9 Q9 M2 I1 S$ v, c8 d( L
X# l+ w, h" N4 t& V5 Y) b$ }- F8 ]6 F<Account>, x- e v2 K5 C) |- S) h0 @9 A3 ]
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />
. X" g+ Y7 N) t/ n <Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />
2 o1 L% `6 s% D7 i <Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />& P. L) e' \ o# C+ _
<TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />
3 f5 I6 w3 m5 T/ f <FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />; P! w* j6 [/ q+ {6 F3 y
<HttpEntry Active="Yes" http_right="1" />
. k! B7 `8 }* V9 h- i8 G7 { <ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />& L( r$ G. L, z1 {( _
<CTDefParaEntry setDefValueFlag="1" />
L( J0 _) P) y</Account>
* B. h; G0 M9 A$ ]& J% p5 J2 k1 c g, K! W7 t" J, ?. M
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:
T- Y) X7 o4 ?, K& J4 T. g/ u6 a! I1 b5 q, ~- g2 ^4 H1 J8 F& J
http://192.168.1.1/cqregister.asp
% J1 P- I' r [8 M( j6 G9 y: x; J6 w! Ihttp://192.168.1.1/cqreset.asp* R5 W2 L( n o; ]! c3 |: ?
http://192.168.1.1/cwmpsetting.asp
: m2 [ L. o* j1 F0 K: K& Shttp://192.168.1.1/getGateWay.cgi
5 X5 S/ i( q6 I1 H" D3 ]1 t$ N r& q
#getRomfileInfo就出现个下拉菜单
- O8 x5 F/ F- J5 B9 ihttp://192.168.1.1/getRomfileInfo.cgi5 S; N2 w9 N: ?" E) f
! T; l3 _# k3 ^' i; i V+ R
http://192.168.1.1/register.asp
* a: h( t3 A' Q3 T& hhttp://192.168.1.1/regprocess.asp
' C% t! R! R# C/ ~1 I9 Z4 Uhttp://192.168.1.1/regprocess.cgi# b* a& v: P9 B: d/ }: x
- ?+ S5 E8 A. {6 f: P#恢复默认设置的命令不会丢移动下发的配置
' W! _, [4 Q& {* a7 Z- ehttp://192.168.1.1/restorepurefactory.cgi6 J+ w& s' n! k! [0 f7 f: L U
3 _) p; R1 Z, [/ g! o* y- E
http://192.168.1.1/telnet.asp1 G3 }* j$ N8 Y! [+ O
http://192.168.1.1/test_factory.asp
- R* Q: X, D+ Q% \) F/ Z: mhttp://192.168.1.1/test_info.asp) `0 C9 |0 m* \! e. q; p4 e4 ?
http://192.168.1.1/test_version.asp, `1 a; o% R+ B# J/ i
http://192.168.1.1/upgrade.asp0 s6 H) E; o6 e
6 s6 v+ q. M6 ^- W2 O7 ~
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。1 v! S; F; T. u4 |
app-daily.asp7 s: Z4 L$ K# C' g! Y# Y
app-ddns.asp
0 ?% I& t& L6 s0 o& m- g* j5 z! Aapp-igmpset.asp
, E5 Y* `" R* c' r, r5 japp-natset.asp. T1 d. J8 {% ]- \& p
app-upnp.asp
( K$ d# v: _' w; z# Happ-VoIP.asp! h6 ^. r" J k; X M( r) o
app-VoIP248.asp5 A9 _0 @8 o7 @
app-VoIP248_Adv.asp5 t& X0 }& t$ q
app-VoIPUser.asp, h! @3 m, _ E* L4 P! a1 z
app-VoIP_Adv.asp
5 _( ]7 ^" k6 |9 Y+ X# V: u- papp_ddnslist.cgi
& {" b$ S1 U. h# l( K3 n: Q' Tavalanch.asp4 Z T$ [: S; E7 `& F
byeBye.cgi
$ h r! e$ j4 R* `/ hadv_vpn.asp% r& K9 L* H2 H9 {- A7 I' J/ F
cqregister.asp
. Z* T; }9 g( D! ~+ lcqreset.asp
" N3 F1 K* Q' D4 m6 N% E3 ^adv_upnp.asp
+ c2 k9 x8 t# zcwmpsetting.asp
) { l- r( i! [" |7 [# g( Xdiag-quickdiagnose.asp
1 B; ?5 i9 y: ?4 ~ErrMsg.asp
4 ]) P) u t# O4 d \' }4 G) _getGateWay.cgi
: V E% X8 X' p8 b! kgetPingResult.cgi
3 A; c, e8 Q0 [getRomfileInfo.cgi: b+ Z" f* |4 r) z8 j# A w. L5 {
getTracentResult.cgi" k$ A* y8 g( K4 [- g
help.asp, ^* ?( ~5 c6 C, j' _# b
help_content.asp1 X+ l' `% @9 G5 k: l* S
adv_qos.asp) }* J7 c% _9 d- T- M5 V1 o
adv_dmz.asp7 ]$ @3 G4 B) A. r% }6 K n
index.asp. i) W0 p; o0 F0 n
index2.asp) m2 k" Z, y2 t+ Z: ?+ v
index3.asp
) J/ N; g% O: Z) T% f) h, iInsertSimcardMsg.cgi
/ m" D* ^/ S9 n; X6 {itms.cgi; B% A( e" g- K
adv_ddns.asp2 J* B8 |9 w7 h n. C* e
content.asp
2 j8 O. k/ r6 d, u" claserforce.cgi) a' h' w( c2 ~: a
lasernormal.cgi8 _# r) P% l! d: B" T, _
logout.cgi( m+ o4 Q1 v" k- Y% Q
mag-account.asp
) y6 A8 l: S5 k0 v' Qmag-diagnose.asp- H1 |) _( s, b& |. S4 W
mag-reset.asp
; _# j0 Z+ a. N3 ]mag-syslogmanage.asp
3 b* Q3 p' X/ j4 t7 B; w* P1 t" Lmaintainreport.cgi5 O$ `' B: J* B9 \& B
net-binding.asp( F8 }- o! [# m. {( @, `: ^" M
net-dhcp.asp
5 z' U5 j8 {6 |/ \! ?& g1 b7 ~6 C& Gnet-landingpage.asp t s, l ~7 X( v
net-phoneapp.asp5 g. J* K* P9 k5 Z- j6 F8 G
net-qos.asp
7 V8 w& |3 v' a( A6 |5 N- hnet-route6add.asp
2 L9 D9 I: w7 n1 H, R8 V& b& ~net-routeadd.asp# U/ s# Q" _$ d1 Q* K; g
net-routeset.asp8 m4 g8 D- A2 Z6 k7 o) _
net-time.asp
( e' e; C+ p+ L% A$ L( K J( Nnet-tr069.asp4 F" p) [7 y$ x1 @2 @1 m9 g& O
net-wanset.asp
. i; H4 X3 K; \, C) _" }9 a' W* Xnet-wlan.asp
) f7 Q' O7 \8 \ c }net-wlan11ac.asp! X" ^7 a! S* j9 U# q
net-wlanshare.asp
! C" x, x7 G& X: [2 s2 K+ [1 i1 Znormal_access.asp* Q2 r! T2 e( _4 K8 H
normal_internet_wan.asp
/ N+ q+ ?, d8 f0 Mnormal_manage.asp7 K) D# t( y- v3 k8 q$ Y9 A0 M
normal_manage_password.asp) t4 ~- ]; `* h3 t. m
normal_network.asp8 D! M0 j; p! a; F# v h$ R
normal_security.asp/ ?& v$ ?5 S8 p; S% b
normal_sys.asp
9 b/ t, b+ j' A% v2 U6 OparentControl.asp$ W! y3 W0 }$ \/ U( D8 D- i$ |( p
pushviewfinish.asp/ Q ?% @% @5 w2 G& W4 h0 X' O+ j) T7 B
pushviewupgrade.asp7 E+ t0 A2 B; b
qos-clsedit.asp0 T1 j% r; |6 u+ ?/ Y7 Y. P
qos-comvlan.asp
3 P9 Z7 j E6 Z* g% b! Eqos-dslimit.asp9 [7 V$ H7 C& }% O0 j
redirect.cgi
: k- W; q J5 X( Yredirect_cancel.cgi
% u, g3 I" O- {4 V2 nrefresh.asp
1 x8 D x0 B$ H9 J4 X6 eregister.asp7 n. V, H4 h) }/ T, b7 j) q3 S
regprocess.asp
; {( E \( U5 I. l0 \" jregprocess.cgi8 v% s& L: e) b( ~% m9 w' P
regstatus.asp
3 R/ t/ ?( D6 t9 T, nRemoteUPGMsg.cgi
) A; E( R0 d8 Y* b' Mreset.asp1 i1 D' q) ^( s9 w; H# V
resetscreen.asp! @2 H$ W h& J6 I3 a) k( X
restorepurefactory.cgi0 e$ c* J' ]' g# E. h8 X
sec-addmacfilter.asp1 X. [& n" \8 u* w2 i1 j1 o, ?% D; d
sec-addportfilter.asp8 V4 T% r( ^3 c7 a
sec-firewall.asp$ F2 D8 z' d. { a
sec-macfilter.asp2 X& f% H7 R; y1 Q7 \
sec-portfilter.asp6 O7 R; Q- d! {$ Z
sec-protocolfilter.asp& F' }. Z( `) t+ `1 x: v" V
sec-urlfilter.asp
2 I& I M% b. l0 d# X2 i3 ^1 fsec_macfilterlist.cgi8 o, _! Y7 i2 U0 |! b- x% O6 [
sec_portfilterinlist.cgi
8 w2 X4 w# K& y2 L) U5 V; T- T. osec_portfilteroutlist.cgi0 }2 }9 J5 ]/ d& J& P
sec_urlfilterlist.cgi
+ p. G+ N* e: _; I* Bselfcheck.asp) H4 u$ M: I5 ^7 f# u
showhis.cgi# g3 u( K& J$ ]( n/ |7 n4 X
showusb.cgi
, h5 E4 {4 F- B3 A+ o# F* Ista-acs.asp
3 s# h: y4 p& m( N3 D1 Rsta-device.asp, g! R# z: {. `3 ^9 p* |
sta-network.asp+ u" W9 m0 k1 l5 {+ F
sta-position.asp
U, [4 O3 q3 w- w' L7 }sta-user.asp3 X' O' e6 t! n0 ^ G5 g' ?
sta-VoIP.asp9 `9 H0 E# n( Q4 b
sta-VoIP248.asp- A0 Z+ n; T+ L: g) D
state_bandwidth.asp* V* F# ?% T* W# a# F) c1 t/ v- V
state_device.asp% T8 `$ S7 R, P! `
state_gateway.asp
0 s/ F% @4 w: U4 [8 K+ Ustate_overview.asp
) b8 @2 h* |; @% F! Mstore.asp: H' n0 ]& r3 N K! S3 [( C
syslog.cgi
! T+ A% i, Q, O3 d, @telnet.asp
9 q5 J! Y; A, `! f9 O( ntest_factory.asp
$ l1 m8 g7 D) Qtest_info.asp- x0 R/ |) f8 S/ q
test_version.asp
9 I+ c3 c/ i* u# X) ~- G) B: Kuindex.asp/ w. J3 B0 ]" n$ H2 B. r6 e
UpdateMsg.cgi/ f3 J. G. Z# T
upgrade.asp b" o2 i/ ^& v# u5 i
wifi.asp
由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。5 {0 ~9 i' H/ s1 C+ n8 J
. t- t9 W4 O) E: g% x, U# \& O1 l
: b9 {+ X7 t; Y8 F
|
|
粤公网安备44152102000001号 
