|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:7 M$ E0 o8 s; S* }7 A* B3 S
8 H; h1 V# j9 q1 S! N h
<Account>
% i* M. Z2 {5 c <Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />/ A& B/ |1 Y x- L4 v$ T7 h% X, B( }
<Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />
' j- n! ?, s1 P( \ E* @) T <Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />4 ^& m) n; ^5 Z0 P2 f
<TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />
4 S$ F) t% h7 d j! j <FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />
* y3 O7 n. I; s2 n0 A <HttpEntry Active="Yes" http_right="1" />
3 X ?% G0 n* p# L) M8 A! l: x <ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
/ w/ w# g, v; Z) O2 A# a) l <CTDefParaEntry setDefValueFlag="1" />
0 T# x$ ~6 @9 Y- l# c1 x</Account>
; E/ R& n; E9 l7 N: \
2 F C) p0 v3 `! H+ u尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:4 C* x" O8 A* W1 O: x3 c% W3 b( K1 S
; Q% Q. o5 P4 a9 B: W/ @
http://192.168.1.1/cqregister.asp
; W+ ~9 u3 h! ghttp://192.168.1.1/cqreset.asp
1 `: B7 k+ ?( qhttp://192.168.1.1/cwmpsetting.asp- S( R a E3 Z h- n/ Y
http://192.168.1.1/getGateWay.cgi
$ C% f: m6 [! D) R1 E) X* d/ H9 _. O1 K
#getRomfileInfo就出现个下拉菜单2 v2 Y2 d- R2 ~- C1 P
http://192.168.1.1/getRomfileInfo.cgi* I3 N8 Y8 [! X0 ]9 _( k
9 L# L- o2 Y# Q7 {. n, E) m5 Dhttp://192.168.1.1/register.asp! Z3 w! h `8 }8 a% I& u2 `! R% @
http://192.168.1.1/regprocess.asp
l, V I; @3 Q) Q: B7 F+ G1 [http://192.168.1.1/regprocess.cgi/ [1 E! y& t* j! G, @; e
+ S6 \ f# f" o#恢复默认设置的命令不会丢移动下发的配置$ l! [; d6 U1 G- ~$ {5 }% d
http://192.168.1.1/restorepurefactory.cgi
0 z( A4 v5 J2 @7 k1 _# h8 c' {# |$ j) t. u3 K+ |
http://192.168.1.1/telnet.asp$ f. J; B, T$ _) e- F! l6 [
http://192.168.1.1/test_factory.asp
7 h& R; u9 D# Mhttp://192.168.1.1/test_info.asp. M+ ~) P o8 \- b6 l
http://192.168.1.1/test_version.asp
" q: S& i% C+ ~% S$ m! lhttp://192.168.1.1/upgrade.asp
" f) m; Z5 {2 Y* \. F, Y
9 j/ K# ?1 R4 u6 |5 L Q/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。
Z" E3 d0 V6 oapp-daily.asp9 `% O+ P4 W' n) t
app-ddns.asp
# u' D$ X& w1 u8 f' A: fapp-igmpset.asp
2 i9 C' c/ X aapp-natset.asp! @$ A& H) C, Z% U$ m; @' b, Y2 L5 k
app-upnp.asp
4 u' m6 i9 Y, _9 K' ?* B2 @3 S: B9 Capp-VoIP.asp6 Q9 L$ A8 L) D# s3 _. z# r
app-VoIP248.asp" O9 i+ E5 O. q% n0 Z
app-VoIP248_Adv.asp6 O; H! a' K6 b, p
app-VoIPUser.asp7 x2 B; G/ V/ |9 q/ a+ _6 R2 ?
app-VoIP_Adv.asp" A$ f9 g6 J7 c% a
app_ddnslist.cgi* { E, M( s' e+ ]2 R
avalanch.asp/ \6 k" p$ @0 H* d
byeBye.cgi
1 H5 F# }" o' p) r& }/ e+ `adv_vpn.asp$ S5 D" P h$ o9 i: O
cqregister.asp
0 L9 Q6 i E; k0 \2 s8 ~8 _cqreset.asp
3 {" T$ ~8 C' p4 z/ wadv_upnp.asp
1 \5 ?% Y8 p: K5 b: F2 _. Dcwmpsetting.asp
4 k$ z6 i. k1 T. M6 {$ fdiag-quickdiagnose.asp d/ P$ X- A* [/ n4 b$ R
ErrMsg.asp
. F: I8 g2 U( Z2 c. bgetGateWay.cgi
* H. I+ D4 F1 C) YgetPingResult.cgi6 D' S) z- }8 l9 q0 B
getRomfileInfo.cgi9 w# `) E" W# T% v/ Z5 q! A% ?
getTracentResult.cgi
' a9 {3 e& z) R% z( nhelp.asp
' D! O5 x6 B1 p. T! v+ o8 q" @help_content.asp1 L9 s- i6 X: v! a- ^
adv_qos.asp* K: T' U8 D1 z1 n0 @2 v8 m# f' L
adv_dmz.asp- }/ Q/ p/ F; B. n8 W! p
index.asp! K0 w4 O5 l) n1 ^0 M# D
index2.asp
5 }6 v( q: b) @6 r7 |index3.asp
, W' G/ Y- z/ |+ YInsertSimcardMsg.cgi. p6 h4 Q/ R1 s/ v Y! O
itms.cgi, a/ f; y+ \* B7 H+ U
adv_ddns.asp
$ d* U4 ^8 x7 c0 S" C. Gcontent.asp2 A2 ~, E$ y& f( A- ?
laserforce.cgi
1 W3 m& V) I- N( n3 l4 A" \lasernormal.cgi
; ~' Q2 {2 T, [- Vlogout.cgi
, t) G q y. }3 kmag-account.asp" a. I; A$ H$ [4 K3 z6 s
mag-diagnose.asp$ L' R y6 O3 | {
mag-reset.asp
& c n/ X- c7 O9 Imag-syslogmanage.asp
9 ]3 ^5 l f! smaintainreport.cgi
" B/ T0 h; L0 R$ P$ ?& n. |% vnet-binding.asp
, ?. l' B& C+ Y( r) e. |6 e2 `net-dhcp.asp
* r* k4 F; I/ R8 [: b8 znet-landingpage.asp
* o9 s$ m9 A `net-phoneapp.asp% L0 c; \6 t9 l. ?3 Y) ~9 ~* y
net-qos.asp8 A$ J+ x: V# ^& q- V- ]- c
net-route6add.asp
, s5 Q2 \# y6 s) g+ F2 ?/ Mnet-routeadd.asp
" k" k Z! _: w3 p% o: l' onet-routeset.asp
. e/ J9 r5 Z1 |net-time.asp, a7 v2 u. s% k+ Y4 P. @
net-tr069.asp, B* \5 i' Z- V( R/ N: }
net-wanset.asp
% B( X1 }4 h" E; u" lnet-wlan.asp: n* w7 @# y. x* i% q
net-wlan11ac.asp
2 |7 M& r% R& V p; S7 Z( e- Y% a8 ~net-wlanshare.asp. k: l0 q8 p1 c$ y+ f- |/ A
normal_access.asp
+ b. w* R! T1 T( unormal_internet_wan.asp' j$ P& s5 S, z+ E& M
normal_manage.asp$ i! n' \/ n4 d5 l A
normal_manage_password.asp
+ w9 x9 I; e K0 Cnormal_network.asp
/ m+ S/ W. c) r, Tnormal_security.asp
' a; e6 w: m8 ^# W& B8 D8 ?' Snormal_sys.asp/ y1 g4 ?. L4 i# c9 c
parentControl.asp2 P9 b' j' O( a& T4 o
pushviewfinish.asp
* h Z& T. x( q5 y; ypushviewupgrade.asp
2 w* ?8 I) C/ q) ~3 Z6 Jqos-clsedit.asp) N7 b1 j8 Z4 x0 ?, k( `/ K
qos-comvlan.asp! [ R, q( C' Z! p! f3 \1 Z
qos-dslimit.asp
3 W1 u* f& ~ Z9 Jredirect.cgi( _7 J1 ?6 M' q' }) Y/ `
redirect_cancel.cgi% L: n' X7 O* H+ _$ [
refresh.asp4 q M9 e; l+ u3 E3 X& W; @. O; W; }
register.asp0 v8 X+ e3 S* Y, y9 t
regprocess.asp
9 v! ^) t# P" {7 V o, {regprocess.cgi
5 v- r7 X# H) f( n4 U/ Fregstatus.asp
+ Q* c$ v6 o$ QRemoteUPGMsg.cgi
$ v) k2 F) n2 T9 B0 N: Mreset.asp
3 M% A; r) v# l7 v. @/ Zresetscreen.asp
+ k% b5 d# }- k) y$ X( Prestorepurefactory.cgi/ G% E! x1 c0 `1 x
sec-addmacfilter.asp5 I4 B. ~9 Y# S( F0 o
sec-addportfilter.asp
' Z: L4 O" a/ @. Bsec-firewall.asp1 Z! m6 [5 i# `# [/ Y
sec-macfilter.asp
2 a( | N; Z# ?8 } s4 Jsec-portfilter.asp
8 [" }* m/ R: G* C" J! w$ v! Xsec-protocolfilter.asp" _+ b! r; J4 R+ w9 w7 @
sec-urlfilter.asp/ `; }9 U' d% p' J+ ` V$ g1 p
sec_macfilterlist.cgi
) S1 V- x) \9 xsec_portfilterinlist.cgi! R; z: F9 G& M
sec_portfilteroutlist.cgi
1 n1 J& n& H2 I+ Lsec_urlfilterlist.cgi
8 V$ n5 y+ J, @ k& vselfcheck.asp
+ Y$ t* J1 F. P2 {showhis.cgi4 Q& \- T' r4 I: d8 }" S( W
showusb.cgi1 X$ ^, J9 J' H
sta-acs.asp
4 {0 z2 ` B# d- jsta-device.asp9 h: q- W7 w) W, j$ [
sta-network.asp3 q- b5 D( x M9 O) w6 L
sta-position.asp; H0 k/ y4 S, r9 \9 b. H
sta-user.asp
9 J ^9 T$ G. t& G- ~. psta-VoIP.asp8 y* Y4 r. x( z
sta-VoIP248.asp& A! F5 G( N9 {! D, u5 s5 G2 L
state_bandwidth.asp
0 D) e. h6 V+ }( Z0 sstate_device.asp1 ~9 w( h9 r% y! j& W* u0 G
state_gateway.asp. \0 `5 V6 p e) g
state_overview.asp
) Z2 o) d9 b! G+ ~" O: ~' @9 i6 Qstore.asp: J; S# y7 \" W6 ?0 Q: w
syslog.cgi2 T( I7 g5 Y5 L4 L7 c( M- d( Y
telnet.asp; j1 _* [2 w+ h# x
test_factory.asp% w6 t' y m: ~6 \5 i6 m/ Q
test_info.asp# u) A3 z9 F" e. C$ K& u
test_version.asp2 [. a+ F, t \2 q4 F
uindex.asp! H4 U' D ^1 @ ~
UpdateMsg.cgi
- m8 r: T% I# R! Cupgrade.asp. u3 L2 b7 {; `& S7 k+ D
wifi.asp
由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。
0 N* Z2 u E( ~& i ]
4 t# ?' E0 X5 `$ m! ^5 }8 O) x! Y6 L
( M+ Z6 c/ O0 P" A
|
|
/1 
粤公网安备44152102000001号 
