|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:# K6 v' u- v( g; a" m8 J
8 ~7 D6 |, p! O% O5 g<Account>
4 q0 l( E/ i( y; v8 B3 o <Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />
) O' F. ?) O' f0 B9 } <Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />/ B. E. m4 ~7 |" Z" [
<Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />
8 k) b+ z& f9 c8 V) L; D0 x <TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />
. w8 ]0 D& J. H5 s$ e5 t7 r$ u <FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />( G8 h6 e- C# i. j/ j
<HttpEntry Active="Yes" http_right="1" />) z( {6 m; N: {1 R5 F0 ^1 X
<ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
) }4 A" g! R ?) ?, q$ J$ Z <CTDefParaEntry setDefValueFlag="1" />
7 g2 Z4 S2 T% }</Account> 本地移动不改超密,所以我一直在找telnet的用户名和密码,试了telnet的默认账号密码发现不对应该是被运营商改了。。。移动的网在家就是看电视用。。。懒得拆机ttl。。。也没法下一步玩。。。也就不开新贴献丑了。。。
9 y/ n, j8 z: b3 l e% Y: ~! H( d& B, b
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:+ ~9 E8 @! F/ I0 s R; Y% R, y
2 |) z7 p: Z2 D5 b; h
http://192.168.1.1/cqregister.asp5 Y0 P0 m- {4 W* l
http://192.168.1.1/cqreset.asp5 N: @4 I' I a3 F. P7 ~9 K
http://192.168.1.1/cwmpsetting.asp$ h- e8 n$ q2 V, N, S1 s
http://192.168.1.1/getGateWay.cgi: q% N1 P- _; i0 Z* t# I
4 Q' B6 l1 C- y; E6 f! A#getRomfileInfo就出现个下拉菜单6 K; ?$ \7 p3 C0 N6 Z
http://192.168.1.1/getRomfileInfo.cgi3 P* S: @8 n. ^ ]( W
% p. o0 b- j) S+ ?6 Z
http://192.168.1.1/register.asp3 e. h3 Y& i# J" W3 a2 `) r
http://192.168.1.1/regprocess.asp L8 r' }7 F9 |' ?8 x
http://192.168.1.1/regprocess.cgi* j G0 T; l' B! r6 @: N& E
2 c5 q( t; F% T( b#恢复默认设置的命令不会丢移动下发的配置
* i( m+ O* G% _6 A+ ~5 Ahttp://192.168.1.1/restorepurefactory.cgi
" ?. e9 N _, g0 b5 n# L- q- D. X7 E; K3 V; {" @# Y4 e4 v3 q0 r
http://192.168.1.1/telnet.asp
4 o. ~/ \( y% ^http://192.168.1.1/test_factory.asp. O- f* u$ v* e. Q4 ?9 k
http://192.168.1.1/test_info.asp+ |4 z$ Y& y2 f: F( P. ?
http://192.168.1.1/test_version.asp% a* p5 l; R; Q$ a; y6 W. e, P; s# w
http://192.168.1.1/upgrade.asp0 r5 ^' i, w5 A. R
7 u# f0 }7 X2 w- s, T/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。
% D; H, |7 I: o8 Wapp-daily.asp
9 m8 b/ T; ?5 Gapp-ddns.asp
" A( p' ~+ j2 q4 I* Tapp-igmpset.asp
0 k/ A7 X6 R# ?* ~/ J0 ^app-natset.asp' g3 L% i+ T+ Q4 u" F
app-upnp.asp
4 q: P8 f# ^/ I b0 K( Eapp-VoIP.asp
$ O( g( z* X8 e e! V) happ-VoIP248.asp, @4 @4 X8 i7 c+ f/ f3 L
app-VoIP248_Adv.asp
( A7 @( o: R& L& xapp-VoIPUser.asp! U/ S' ^: i0 l! v9 E% ?5 @) b
app-VoIP_Adv.asp, L q: u# i! z
app_ddnslist.cgi
7 c4 e; _, j0 v R7 \avalanch.asp/ X0 o% a1 a# m/ U" H
byeBye.cgi
, ]+ T4 i |. ~ X( U) f4 eadv_vpn.asp) t* U8 i7 }/ k) d; r4 L
cqregister.asp* @- f* G( F+ E' ~& S9 s+ V8 Z
cqreset.asp3 ~ A( C& ?, |1 L
adv_upnp.asp
* X( R. W3 d# M# [/ `' _. B' ]. d, \9 }1 lcwmpsetting.asp2 Z" Y* F3 |1 @6 |9 q; i
diag-quickdiagnose.asp* e! A+ G/ c9 I: }
ErrMsg.asp1 J" _9 h' Q& R
getGateWay.cgi3 M6 t: v1 U2 J) Q4 f
getPingResult.cgi) d5 A: w) C$ u! @! @1 L& R
getRomfileInfo.cgi
/ ~) t: V( {7 H& L8 I& u- h9 }& D- ZgetTracentResult.cgi
" ~1 u, \' j3 ^ G! T% zhelp.asp
) W3 p* J; m: d3 Nhelp_content.asp
0 t1 e# T" \- I9 r) gadv_qos.asp p, {1 G; e$ P9 ^
adv_dmz.asp+ i4 g i1 H$ D) k' ?. ]2 D
index.asp
! q R* L+ ]) i4 _* Vindex2.asp
- d5 z0 l) p* y" M/ c0 pindex3.asp
: R- A( s% n. Q' y* L/ v& CInsertSimcardMsg.cgi5 R0 Q( u% A; Y$ s
itms.cgi
- J6 g5 m8 n& V" padv_ddns.asp
( U) G# @7 L, Q1 gcontent.asp7 Q- y+ P0 W& G, `) ?
laserforce.cgi
' Q! J) L h6 a# _) C7 }' F% Ulasernormal.cgi' ~+ f, Y4 W4 M: d4 Z2 s
logout.cgi
/ P; ^4 m6 u, Q) T, vmag-account.asp
E* P7 S' P ^0 q2 Gmag-diagnose.asp
/ g4 M0 ^ W7 Y: j! emag-reset.asp
& _! G& M, q/ \ i5 amag-syslogmanage.asp# v$ W7 F& V5 k8 @% g- x: P# b
maintainreport.cgi, h+ {! E" N" f8 j, j# l
net-binding.asp
2 h. j: a2 P* w# nnet-dhcp.asp
% w0 q p* h a9 H! m8 o/ x& r8 Mnet-landingpage.asp) {( t) q& U: X! B4 s
net-phoneapp.asp
- U. y% j3 Y/ a, \net-qos.asp7 x: o( B/ W! X6 P; B. Y
net-route6add.asp
$ j( Z! n. E5 t" W3 Cnet-routeadd.asp
2 S% L, F O1 B. pnet-routeset.asp
# Q: Q3 \: I# i( M; Pnet-time.asp" X' J# b& I% v( L
net-tr069.asp
: o- f; P* A& U1 r, @- O! x* Dnet-wanset.asp
6 F/ O2 b: M3 L- e! k |; q; z( wnet-wlan.asp
. W8 e9 i' R* M+ h* H2 ?net-wlan11ac.asp
- _( k9 e4 g0 R3 Vnet-wlanshare.asp
" l) L$ w6 x' i+ H! z$ Tnormal_access.asp* N3 K9 L5 f, `2 U8 C8 p% p
normal_internet_wan.asp r$ |) Z+ i+ I& ]0 Q$ x f9 v2 e
normal_manage.asp
5 j) H: ^( T# s* o' h, m: hnormal_manage_password.asp
! `5 h( s5 J) s: C1 B- e5 {5 nnormal_network.asp
6 l+ W! m0 h7 q% }) Onormal_security.asp) S4 h+ e& ~! \5 X/ l
normal_sys.asp
~( j5 d, S+ B3 oparentControl.asp
" [# j/ n6 A* tpushviewfinish.asp
% P0 ~* \9 G* p$ }. I' p( ~pushviewupgrade.asp
9 x: V, L: q* F7 n7 V' pqos-clsedit.asp: x# b2 a7 y- _" J4 j+ j
qos-comvlan.asp0 k' d/ J% ^$ y6 d! t
qos-dslimit.asp
) H9 U. d- \3 b) b3 I: @. Oredirect.cgi% n. W. P4 c& D8 k) V& b6 [) v/ X
redirect_cancel.cgi
. r, H% ], ?% B' M. m. i: N. s( j! ]refresh.asp
+ V* T) u3 x9 n, j* I) Q3 B) U5 Hregister.asp5 I& \9 Z6 e' u- s
regprocess.asp
0 S: w$ W( L8 L4 fregprocess.cgi
9 I s. W3 y, x- ]/ Sregstatus.asp
$ ^( ]1 K) k' m0 A: [) [RemoteUPGMsg.cgi
4 V$ `* b. {/ X0 xreset.asp
N# h7 z7 W! o# K, o8 s. Eresetscreen.asp! w0 P x% ^2 _) q1 k: V
restorepurefactory.cgi
; L7 P: [" E9 @sec-addmacfilter.asp
6 O+ q" H! [/ [( q; O1 c1 esec-addportfilter.asp
" H- x+ P- ~2 A" `sec-firewall.asp% d d; l" O( X% S; }; A8 n
sec-macfilter.asp" f0 _+ z$ F8 j; [& ?' H
sec-portfilter.asp8 C" o: {, l6 d! R" Q
sec-protocolfilter.asp
7 w( s9 I( o% x z; a gsec-urlfilter.asp0 C, h# V2 z* Q; V
sec_macfilterlist.cgi* ^2 @8 B" d# N! ?+ k
sec_portfilterinlist.cgi* N, v& X8 I; h! W
sec_portfilteroutlist.cgi
9 j( ~& y+ o& {; f9 H; E4 b: esec_urlfilterlist.cgi# o& B9 A7 Q5 B8 y8 V7 I( d
selfcheck.asp
8 V$ q' }" H1 G L5 u" D' Lshowhis.cgi+ Q: R1 k- ~5 @. t4 |
showusb.cgi) i, K+ `6 ^* e7 r4 A
sta-acs.asp& }* R1 h7 w) ?3 M* s
sta-device.asp
8 L& ]/ K) T( g: b& Ysta-network.asp
1 H$ G9 ]" Z8 f& S2 hsta-position.asp1 l9 m) z. {& d# `
sta-user.asp
: Y# n5 z1 v6 U7 U Y+ Gsta-VoIP.asp
6 @) P6 d8 _1 W- W: }0 m" L' i" I' bsta-VoIP248.asp+ e* v! N- ]( ^6 q2 c
state_bandwidth.asp
0 E+ O/ B- R0 C. C) I* T4 tstate_device.asp
3 F7 k* I, m$ b+ v0 u4 f0 lstate_gateway.asp
8 k" S5 T7 [$ p |' |. o4 @0 p. ~state_overview.asp4 b7 q) S- h6 c# `6 t* w4 o
store.asp
+ H) {) Q0 Q# B) }$ t9 X5 Osyslog.cgi
1 v5 V& V+ F1 ?0 M$ X. dtelnet.asp
# G+ c' i5 h3 ytest_factory.asp
" R& E1 {, m5 ztest_info.asp
4 V$ m: ~( b: W2 h* m4 ?4 itest_version.asp; }; N7 z8 m3 y: M! p! E, w- P7 C) y
uindex.asp: I. v3 T% v' N4 N8 V3 y0 ^! ?8 Q' ^
UpdateMsg.cgi
; {) Q, O; V5 [( ~, F& B0 t; G/ tupgrade.asp
* q) m+ C$ M. a; z; iwifi.asp
& }1 Z5 `# ^' ?) ]6 p4 `% Y" `由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。
4 {3 w) _( }1 b
! H3 T7 K8 x2 D7 O0 x3 t/ y4 ?- P# h% X3 w2 j2 `& `
$ s& K: P. y$ G |
|