|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码: l- ]4 a; X8 f) w" n p2 g
+ F1 K1 v* F8 o |7 C7 J
<Account>" W" P4 W8 N7 ^/ c
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />/ K r& [7 }0 S; _/ `, W' ? k
<Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />
' o4 w5 u4 p* \1 t5 q5 R" } <Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />/ T7 i9 D/ A! B" T/ i5 t
<TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" /># s* |' Y- e7 j
<FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />
0 N, ?/ B, ^) e <HttpEntry Active="Yes" http_right="1" /> @; q$ {/ K1 b; \0 ~% L v
<ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
& _/ t; m2 a' Z' z' n% n/ `: N <CTDefParaEntry setDefValueFlag="1" />0 G) r8 I f$ p3 d2 k( s8 P+ b
</Account>
* Y! [6 o& {5 u) d7 T
7 r" \1 [. ^( W; B$ i& w* N* P2 J尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:
6 F" s& H" l) g& f5 \
' F3 L2 |4 z |/ A0 shttp://192.168.1.1/cqregister.asp
3 m) l% c' z: d* I" H6 b( G1 `0 ihttp://192.168.1.1/cqreset.asp
. a/ _$ m7 r; F% V3 D/ z6 Yhttp://192.168.1.1/cwmpsetting.asp& d' g7 z+ |- k3 F, i
http://192.168.1.1/getGateWay.cgi
* J0 g: U% H" N. l2 _9 d! R
" c/ v$ j$ E' A! y#getRomfileInfo就出现个下拉菜单
3 X# A4 D* Q# b% q" ]http://192.168.1.1/getRomfileInfo.cgi7 K3 V5 F$ A2 _" d
* `( h5 m# R4 f! C
http://192.168.1.1/register.asp4 N0 c* A0 [( F. y+ H4 X
http://192.168.1.1/regprocess.asp" G6 ~0 D1 c4 B# B
http://192.168.1.1/regprocess.cgi
, S- K1 t+ c) d; d/ g: s/ j8 K: q% A" p7 D
#恢复默认设置的命令不会丢移动下发的配置
9 j: E+ s1 G( w4 D8 Fhttp://192.168.1.1/restorepurefactory.cgi
9 f, O f. |/ F7 x/ D; Q, N) g1 w* o7 U
http://192.168.1.1/telnet.asp6 |- E; Y! i8 j/ o
http://192.168.1.1/test_factory.asp
+ W4 M/ r: @ H- p0 Phttp://192.168.1.1/test_info.asp% t7 U* s) s I0 {
http://192.168.1.1/test_version.asp2 s4 F3 F, ]0 M/ x
http://192.168.1.1/upgrade.asp
! u3 O) K+ b, J+ R% H- ^' }/ t; z5 Q
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。% S9 l/ U! ~( c3 k( T( N
app-daily.asp
: g+ U( v2 o! K; A ]8 W/ wapp-ddns.asp
2 Z3 E2 `( Q( w; Napp-igmpset.asp
/ ^' }; ?- J1 r+ O2 Dapp-natset.asp
( f# o$ s) {" }app-upnp.asp
( b1 W8 F, b; ?% F' R* m1 s* r8 c% bapp-VoIP.asp0 K! M! t1 ?: o4 @) u
app-VoIP248.asp
* n: t9 D. Z' n z5 p- i/ capp-VoIP248_Adv.asp
' T+ a9 B" [+ [2 S7 d) _ g: wapp-VoIPUser.asp
" e' a" B- }3 Zapp-VoIP_Adv.asp
: T* [" C% W+ R. `app_ddnslist.cgi
/ e }8 }6 y7 R; F7 Mavalanch.asp
# i5 W$ _. N) f! ^: o, o9 ^byeBye.cgi. A3 P' q* c9 n& P
adv_vpn.asp: B' ^( J, o' G8 p9 ?
cqregister.asp
0 I4 w; w+ B1 k9 Vcqreset.asp" o0 ^4 H% F6 q! @9 ]
adv_upnp.asp, X4 L- D6 j4 n7 m
cwmpsetting.asp
% Q8 \, p. C) g2 l5 Z7 W3 X5 o% ?diag-quickdiagnose.asp# D/ M. e4 |4 M+ c
ErrMsg.asp
3 S/ P5 b% {5 y& n# {/ IgetGateWay.cgi4 T6 ~ o/ ?6 U8 f: x! n+ n; Q
getPingResult.cgi
, ~; |- Q; T1 e' N: D7 f2 IgetRomfileInfo.cgi
% T/ u; i0 a, p" C6 \6 [+ F v" vgetTracentResult.cgi/ e- N/ m1 F% V d+ N
help.asp
& q) l9 H( A6 |6 T+ G2 Y# L9 _! p! F4 Khelp_content.asp
, e) f, M: ~" a/ d8 Dadv_qos.asp
# h; G& M) z, sadv_dmz.asp8 v; j K: I' v2 t4 G/ C( b
index.asp7 M! q" r& U$ ^( ~6 P' N5 k. y
index2.asp0 y7 p. i" @3 ]' m
index3.asp9 O o! ], }# H( G; l) H0 N# X
InsertSimcardMsg.cgi
9 i. J7 |$ K% _6 j; C% i: I8 vitms.cgi
d/ S. P& [/ g6 Z0 _adv_ddns.asp
3 G) y- R! t+ K: S8 g1 \8 A! Ucontent.asp
* [: s0 e) y) olaserforce.cgi8 u% X+ a' N" B0 P
lasernormal.cgi
0 R A7 {. z) o: s# Mlogout.cgi& O7 g4 }* x4 I; ^' `7 g$ d
mag-account.asp
; w- y, ?8 O8 h$ Qmag-diagnose.asp
! c* [# H x7 Emag-reset.asp) Y! Q+ N5 z* ^9 ]6 |) Y4 R/ N& Y }
mag-syslogmanage.asp, v+ v/ D6 M" t6 e
maintainreport.cgi/ J- \' e. N& R- p7 X; }3 x
net-binding.asp& g1 n+ B/ A- e9 Q
net-dhcp.asp4 F) k; a0 p: h3 ^4 p- g: |
net-landingpage.asp' r' C$ D& a/ W) ~, W9 _
net-phoneapp.asp
) ^, b4 Q% ^8 a* G' h9 lnet-qos.asp
2 V' N) F/ }, ]& M5 R# Onet-route6add.asp
0 P4 a% A. V8 P9 A; C! _net-routeadd.asp
: X- F# m( c' x0 Qnet-routeset.asp
% G, c \6 d0 S" e" }* Y) P+ l: Dnet-time.asp# U0 l+ J$ m/ E0 ~4 D z7 w
net-tr069.asp
. G/ G: I7 {6 Z" @: X# Unet-wanset.asp1 F9 h0 ^: ?( S+ m$ T
net-wlan.asp
9 U% v1 V) \1 ^. D$ e cnet-wlan11ac.asp
2 s& \0 g j: Y/ |( F. i- ]; i8 ^net-wlanshare.asp
3 D( R- t- q6 d5 Z. `& U. Onormal_access.asp3 v* c: `( E. u/ B4 A8 F; \2 {5 j' G
normal_internet_wan.asp0 z4 Q& G Y3 O$ w" e4 Z
normal_manage.asp* l+ W8 S2 d1 {! f
normal_manage_password.asp, o8 P2 i1 D* z' F
normal_network.asp8 h [& ^9 U# q9 G; t% _6 H% g
normal_security.asp* C6 p, j. t8 R7 u) r$ G
normal_sys.asp
8 }% N" S+ R1 T/ ~- c# mparentControl.asp
/ @! a4 M% z" A* d3 u8 B2 {pushviewfinish.asp: }2 [! t- c ?, Q
pushviewupgrade.asp
2 y; x% p+ ]2 I, Tqos-clsedit.asp) b z) o- `0 O9 t+ ?
qos-comvlan.asp
8 V7 R1 L1 I( q" A8 K. _3 vqos-dslimit.asp
3 M& L1 d$ s8 F/ hredirect.cgi% L+ N2 V: w) J% v/ Y0 k
redirect_cancel.cgi
/ @" g6 d! n# jrefresh.asp K6 r! X6 z& O+ ^
register.asp
4 I" O4 f/ M1 y, ]* nregprocess.asp& h9 M6 D$ {: M7 E
regprocess.cgi$ Z8 a- a/ ?4 M6 b
regstatus.asp
2 k3 c3 u9 V6 v. L; u O! \RemoteUPGMsg.cgi. C7 V4 S) `0 Q; l
reset.asp
( z i9 S- Y4 w* m) Rresetscreen.asp' H9 w E9 }; G Z2 H, Y
restorepurefactory.cgi
8 K L8 w( Y5 Isec-addmacfilter.asp
2 l: b2 j) W# z+ c1 C" n3 G |+ Ksec-addportfilter.asp
4 z1 h* B; P8 f: m2 ]6 [* Ksec-firewall.asp5 k, C7 R! T# J7 E p' R
sec-macfilter.asp7 e) m/ m/ }9 y
sec-portfilter.asp
6 v, B, U& [# \8 K9 l$ s8 P3 rsec-protocolfilter.asp$ ?- ~& j6 h: `* |* g, y4 j7 x4 x
sec-urlfilter.asp
; s, ^7 n* q# B/ {' l2 R& Ysec_macfilterlist.cgi
& c' E0 Q7 `( csec_portfilterinlist.cgi( y) J c. l; y1 ]- [ N
sec_portfilteroutlist.cgi/ S- I- G c3 p: D' x
sec_urlfilterlist.cgi; r+ K5 y& L( I5 p# A( e
selfcheck.asp' ?( v9 `- N$ C$ k: j- z
showhis.cgi
. J& E" k" M+ A8 \1 p8 sshowusb.cgi
+ r+ B7 n* b% r: [& Hsta-acs.asp
4 q* T A5 m6 G, p2 |sta-device.asp- K: `* s8 h2 e/ K" f; u
sta-network.asp
" w& \5 k0 h9 d( f4 v7 m/ y3 R5 Xsta-position.asp. v5 N6 h3 V) |, Z9 h u
sta-user.asp
; L$ S6 K8 r% Msta-VoIP.asp
6 p; f) x. |! T4 xsta-VoIP248.asp# B2 ?; w+ n9 M5 L& F0 G0 a
state_bandwidth.asp
* ]; Y+ D" O, H3 istate_device.asp, l2 g! d6 [6 c$ o# T0 ^; A; q
state_gateway.asp$ G t( V0 |5 @" C/ x* T9 l
state_overview.asp
3 U; O" l+ K m( zstore.asp
) ?/ J; w3 V) ~5 j: wsyslog.cgi
: p; ^0 ]: C, a! I6 }2 Utelnet.asp
/ p! {' J; f1 Mtest_factory.asp
/ {4 C) Y1 z% b7 t( Ntest_info.asp
; e5 @: t7 V; t9 O3 @1 c6 Z7 p3 Itest_version.asp; {7 y0 a: q" ]2 w5 {% p
uindex.asp2 t& m0 r8 V4 O9 U) E. j2 d
UpdateMsg.cgi
& W& [. i' l8 t8 W& } ?6 [upgrade.asp/ r' O9 w$ e( ^ _! T, E. e h
wifi.asp
由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。* t. l6 O8 e& n8 s# n5 Z, U
/ R5 O: P+ ~, M3 k! B y7 B
! y1 X- F# o* J; \4 z* @. A$ B, |
) H, a4 ^) y) k/ ^. x/ F |
|
/1 
44152102000001
