|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:/ M0 d( W* M) z( B3 Y6 Q
- J/ _6 ~" \ ~; z<Account>2 u- i' M @ O/ b2 d% M! u
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />! d5 ~; X% K: }& D+ [
<Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />3 O" T* H+ H5 `& {7 _2 M
<Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />
, q9 a' M2 i4 }7 X& D( x <TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />
% y) J% k8 M! t; j; D, a% s/ Y$ e <FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />
$ N) ^" ^9 n' ~/ S8 ]& V <HttpEntry Active="Yes" http_right="1" />8 \1 E! \6 a# {; M0 h H C
<ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
0 d g. I6 R; t/ q! ^) _8 o1 ^ <CTDefParaEntry setDefValueFlag="1" />
* i. N: a) [! Q</Account>
3 C4 p8 H, \0 ^$ T
- O9 `+ b- x& F9 g: ]- J, t尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:
/ p9 R4 m' e' k5 M) f6 A1 L) ? }/ F: {* h/ V b
http://192.168.1.1/cqregister.asp- _- \# ^- P7 V% @: C
http://192.168.1.1/cqreset.asp3 ^0 |+ y5 A; x# M3 ]- T* g/ l# w* h
http://192.168.1.1/cwmpsetting.asp
$ { `- R% A2 H. shttp://192.168.1.1/getGateWay.cgi
6 d3 F) r& }: p) k. {9 v; x
( {' L6 P% T- Y#getRomfileInfo就出现个下拉菜单" ?& k- ]. }+ Z. a+ d# Q
http://192.168.1.1/getRomfileInfo.cgi& ^ |: i1 L8 [
( t5 k1 K+ _5 I& Vhttp://192.168.1.1/register.asp
4 V3 f) D- {* a9 `3 J0 t# ghttp://192.168.1.1/regprocess.asp% f4 }$ N* [2 x4 _) V
http://192.168.1.1/regprocess.cgi
" b/ @. H( v4 n% S
& J: H$ T4 t7 H$ {9 v& m2 ?#恢复默认设置的命令不会丢移动下发的配置
( v1 S) I4 D# r2 w" |: C$ ohttp://192.168.1.1/restorepurefactory.cgi, C J6 T! C2 F3 R4 |5 W
9 _3 B7 H# r7 B( `0 l, w6 W6 ehttp://192.168.1.1/telnet.asp2 w8 P0 d) ~' ]
http://192.168.1.1/test_factory.asp+ ?; t s2 R5 K- S' {" t
http://192.168.1.1/test_info.asp) `6 X% v* ?+ z6 G+ |5 i( N
http://192.168.1.1/test_version.asp" n/ s+ G! w$ }0 ?
http://192.168.1.1/upgrade.asp
2 B+ s/ E6 n2 |5 ~1 U; t; }( s& S+ X& q7 d( c$ ~5 g- h
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。' U: X3 r# \: H- m5 a" p' {
app-daily.asp
0 v& _. J4 l1 z0 D% aapp-ddns.asp
9 d& X# ~$ D/ b: S1 _app-igmpset.asp* b7 ]" X4 Y, ^* |" ~' G6 N
app-natset.asp
( }0 r2 ^/ {! Z- ]# H% ]( _$ ?app-upnp.asp9 _4 C) F. q1 P5 U3 m8 ~
app-VoIP.asp: R9 A8 H5 K7 s2 X7 }4 p
app-VoIP248.asp
5 S) \" E. P- f. R, wapp-VoIP248_Adv.asp
9 M* g/ Q3 v. _; @ Zapp-VoIPUser.asp9 A0 F" f J" p6 Z8 k
app-VoIP_Adv.asp
/ y; b, S6 v4 [2 q* l! Z H6 wapp_ddnslist.cgi1 G/ Q# z3 W5 Z4 a% c7 V$ P5 M
avalanch.asp0 M8 D* A- }, S8 p
byeBye.cgi
+ h* A+ L6 X: P9 b3 b1 hadv_vpn.asp$ X! ` ]; D# [4 y
cqregister.asp
( a8 U! U" {2 @( z+ o/ R4 } F( O8 Zcqreset.asp
% \% I- v Z/ e badv_upnp.asp0 v" I$ f; s# z! Z. `! b% |$ G
cwmpsetting.asp. s0 [$ l* `; j0 d w4 x0 `
diag-quickdiagnose.asp6 O N7 j5 Z) H1 a, S
ErrMsg.asp; g7 U$ e& V" g' M2 C) g
getGateWay.cgi5 ~- C' P( Q( P/ i/ ~5 c
getPingResult.cgi
- a" V, {1 w( jgetRomfileInfo.cgi
8 _1 l9 L3 e5 m2 _" K8 K: egetTracentResult.cgi
: e/ d& \1 g. |! x3 g& j, A. ]help.asp Z' g6 S& O# E9 }" \" m
help_content.asp; S2 j# f2 t9 z7 Y
adv_qos.asp4 v7 [; \% m: J# P
adv_dmz.asp: \7 z% _- t7 n7 h( z/ Y7 _
index.asp/ ?2 k1 a. j7 Y; g$ i7 Z- A
index2.asp
7 l$ ?0 X; Z- \( A3 Kindex3.asp
/ M6 r, r6 V: d& X. \% x2 GInsertSimcardMsg.cgi
. z7 I# u9 g# ?itms.cgi6 ?, I$ `6 y9 G' {* U- Z
adv_ddns.asp
/ g" @: h, H3 a8 a* {content.asp
3 P7 Q) u; ?8 J) k, M" o* }) |! elaserforce.cgi
; k E; p7 r/ dlasernormal.cgi9 L: X' b3 ]6 G
logout.cgi
! c( f$ ^& |0 L' kmag-account.asp( R8 W4 ~+ U6 F `( }& \
mag-diagnose.asp
0 ?/ N- k7 B! y z! }mag-reset.asp
7 I& X, _. q1 G6 c6 R, L( ~" wmag-syslogmanage.asp
0 ~6 |9 }. W: U3 |maintainreport.cgi( d( f z( x* t M6 g. Q `
net-binding.asp
6 R9 m2 f" X4 `1 m. B$ W# rnet-dhcp.asp
9 a3 C" n1 f) bnet-landingpage.asp- R0 y6 h! h2 f4 f2 `" E8 W
net-phoneapp.asp/ |0 K6 {2 s# q
net-qos.asp/ Z$ S1 z+ j9 g- B
net-route6add.asp) v- U( n" D8 |( a/ |
net-routeadd.asp) ^! C* R6 a) C* Y. I; w7 f2 n
net-routeset.asp
- _8 u& y# X( j. C. q# knet-time.asp: F: X3 ]( J) {& c' z$ s
net-tr069.asp
0 W5 I6 q& R! knet-wanset.asp
# ~1 x& }1 Y9 t: R! Q& D8 F9 `net-wlan.asp
3 u6 O2 s l$ Z: ]) d' tnet-wlan11ac.asp) n& e& J( {) Q0 ^3 p
net-wlanshare.asp
; E7 i1 @ a: B" t6 G5 `normal_access.asp
; F+ _8 u" a1 ]# znormal_internet_wan.asp
( G4 v4 z( |; u% n/ J+ _( _" tnormal_manage.asp
( ]- } V7 Z8 ]9 O, B- C2 p7 Inormal_manage_password.asp
/ {# B& E: s. F4 t) i; s, P8 [normal_network.asp3 d0 g9 f; Z1 Z
normal_security.asp
' S8 [4 }: t( [/ U3 Onormal_sys.asp
1 g; y% [& A% v5 dparentControl.asp
8 K5 m& o( _+ d7 o8 @8 M1 ? K1 zpushviewfinish.asp" n" L3 B2 l5 T+ k: Z
pushviewupgrade.asp
8 k: T! U3 }( e3 t# Z! aqos-clsedit.asp
$ @$ ]' E% Y9 D5 }1 I6 I P: C/ M: Xqos-comvlan.asp
n% [" y/ h2 i" ?! Sqos-dslimit.asp
1 B5 _; n$ U/ ^5 j) ]4 d4 M8 Bredirect.cgi# b0 c# v+ b' B$ r2 Q7 u' M* G
redirect_cancel.cgi
: K2 t. K* U* [% E/ l# a) t; Vrefresh.asp
% a' u. o' M+ P. }" g, Zregister.asp
|$ C2 X) y) @1 m, Q- sregprocess.asp% y, {; V' p7 U
regprocess.cgi
7 c9 r7 \6 c b/ i3 [+ F4 G5 Qregstatus.asp
* x! P! D# v' X# J' cRemoteUPGMsg.cgi
. g, u% |7 f9 [) }9 ^; Z* K3 Xreset.asp5 b. g. `* G1 s: F6 M! y6 X
resetscreen.asp5 l+ B/ d- \9 d+ e |. T8 K
restorepurefactory.cgi Z4 D# Y ~' S0 Y
sec-addmacfilter.asp" V/ J, J. i! t0 g, M: e4 E2 Q/ j6 \
sec-addportfilter.asp
2 A. X V! @% h- Isec-firewall.asp
) R" ?5 O8 c" asec-macfilter.asp
: K; X; M2 l: O; t$ H/ ]4 Bsec-portfilter.asp
: m) Q) t9 s. p! h. B' W+ ?sec-protocolfilter.asp9 Q. s( f* L9 c- i4 V
sec-urlfilter.asp! h+ {' p# G( W$ x2 a2 {! Y
sec_macfilterlist.cgi5 N3 w9 Z- ]8 R% P# b1 P: `" H& V
sec_portfilterinlist.cgi& C- K; Q! w( c5 y5 U
sec_portfilteroutlist.cgi
: ]2 s0 u# v) esec_urlfilterlist.cgi$ C$ G/ X" s$ |$ l
selfcheck.asp
A1 ?" L( @% Q* Pshowhis.cgi, x Q2 I# a6 b1 E& g& @7 n. d
showusb.cgi4 V7 h7 o2 N# U7 N' p
sta-acs.asp# D3 r5 D" b, V4 v' G
sta-device.asp
: u2 T3 v3 q/ s( Csta-network.asp
4 {7 }! b7 d# l) h: J* {: t9 ], Esta-position.asp) {) z4 o' H9 n& G2 m; C/ f
sta-user.asp1 f7 F! q4 m8 K K6 a' b
sta-VoIP.asp+ l* p) I" v( ]+ Y3 b" }
sta-VoIP248.asp
0 B1 W, v; ^, B8 g# X6 astate_bandwidth.asp* A% m/ c1 a# b4 J; N3 O
state_device.asp/ _& f( } v4 @$ c- P% O4 w
state_gateway.asp# M, H4 t9 k1 E
state_overview.asp
" ?, L$ B7 b- }/ o% t* cstore.asp2 s. e' A2 l) E1 X# F5 ?% C# d) H
syslog.cgi# o: ^. |. C- U; ^
telnet.asp3 t( G% L) l! P' W! v4 B$ V9 S
test_factory.asp, H- A" `. O2 f7 T. Y/ k* @ L
test_info.asp
' L, O9 i( Q# Ctest_version.asp4 C! [' h) \. R$ O7 M4 [
uindex.asp
+ N- w* O/ e& O+ ~5 ]% L. U# cUpdateMsg.cgi
* S1 u& X: y1 D2 G* x* uupgrade.asp1 E+ Y2 M* C6 ?& k
wifi.asp
由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。- f( y% w2 t. Q
" f0 O; s/ m: Q, p/ W b* z- j% z5 D
* k; W* e9 ~+ P8 m6 }6 u( K
0 q0 I C: t% X5 x+ N0 E
|
|
粤公网安备44152102000001号 
