|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:8 o) n s4 X+ q4 g% m8 ~9 @
! L4 ^0 c% M, I" h<Account>* N9 p8 V3 }" s+ g% N8 M3 y) q
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" /># v+ ^: c2 F, t( g) a K
<Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />" ]# m4 k' o" o* D% m
<Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />
. b& w# n( H0 _3 T <TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />
3 c) r! O4 h* h( q" h ~ <FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />2 N4 G% e3 y8 d! O6 q
<HttpEntry Active="Yes" http_right="1" />9 Z! Y! g3 `$ S4 b# E& ^
<ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
* P6 C+ s6 p3 e+ V3 D6 L% M <CTDefParaEntry setDefValueFlag="1" />
, u* K' `' w& |' T- I</Account> 本地移动不改超密,所以我一直在找telnet的用户名和密码,试了telnet的默认账号密码发现不对应该是被运营商改了。。。移动的网在家就是看电视用。。。懒得拆机ttl。。。也没法下一步玩。。。也就不开新贴献丑了。。。
p' p; G' V/ u2 }) Z+ X* a+ U& g% r0 H( ?
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:% I6 m( p Y t" A: @) z" v
8 c8 g1 J- k; n: T1 D4 `* `4 r
http://192.168.1.1/cqregister.asp
* [- W X. ~% s; K$ d. i8 x' R% d3 @http://192.168.1.1/cqreset.asp" i4 V! C* k. W, }& ?5 h( l
http://192.168.1.1/cwmpsetting.asp2 |" _2 k/ K# A* l, P' K
http://192.168.1.1/getGateWay.cgi
1 V0 F8 ^% A+ X7 S
- _: `2 U9 S! X7 B9 G#getRomfileInfo就出现个下拉菜单
% I- G" I, P+ j9 m! J6 M1 q/ vhttp://192.168.1.1/getRomfileInfo.cgi
; l6 m. i- U2 _2 R+ ?0 d1 A0 m' W1 g' f
http://192.168.1.1/register.asp
# X/ x, H1 V) i1 Ghttp://192.168.1.1/regprocess.asp
" I7 E4 l2 |, Q. V# B" \5 fhttp://192.168.1.1/regprocess.cgi
: c6 y, G) A% B8 g! ^4 s$ Q8 o. S! R
#恢复默认设置的命令不会丢移动下发的配置- u. ]1 |$ u: Q1 F+ U
http://192.168.1.1/restorepurefactory.cgi' b6 `8 C/ f7 A1 R7 r! I# T
2 ^1 W( y4 Q* L1 E, H6 V
http://192.168.1.1/telnet.asp
0 D' W _" v5 L& \/ _) q# Whttp://192.168.1.1/test_factory.asp7 u7 i6 u+ e a2 a/ q
http://192.168.1.1/test_info.asp
+ |5 x3 X, C5 ^- o1 A- |! ihttp://192.168.1.1/test_version.asp
1 c x: P, Y$ Q9 m2 [8 i! Bhttp://192.168.1.1/upgrade.asp+ O& x' E" M& f! ]
0 ~6 L L$ ]" t! ~% ]) v
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。
1 f8 E% S/ I; |( W. R, o7 Z Y( H) @ N! [app-daily.asp
8 i6 T$ g0 g3 n+ r5 o, napp-ddns.asp
! H0 _0 V) A1 ]- s! b3 G3 japp-igmpset.asp
) h% {; T/ w& \* \, yapp-natset.asp
; }1 |+ L6 p# Y Kapp-upnp.asp
& r6 o5 h8 O# B7 Q6 H9 gapp-VoIP.asp
/ p! I9 R/ F4 d: ~( I% _app-VoIP248.asp" ~, ]' [3 h* d/ C# h* a
app-VoIP248_Adv.asp
! w) ^+ k) q& G1 Uapp-VoIPUser.asp
8 y3 z7 v8 z- O% ?5 n& s7 oapp-VoIP_Adv.asp
$ e8 m* @) N$ C" `, Tapp_ddnslist.cgi
0 d0 a1 V8 y; E) W: F) Iavalanch.asp. Y( B" V$ z! h
byeBye.cgi
3 ~ S, z- p! Radv_vpn.asp
# J) I3 o% E* H$ w0 m( k, p3 x% s) A& l/ Pcqregister.asp, e: t" X$ e7 ~8 i4 K1 `5 Q' h/ }9 G
cqreset.asp
' `# S7 ], O2 E/ V. y" }* Y' c$ madv_upnp.asp
# ]9 o; T2 E/ T" ncwmpsetting.asp1 ]# ~% c1 j7 o4 d# P; d: N5 k: W. }
diag-quickdiagnose.asp
7 |9 W2 q* I9 F& aErrMsg.asp
: Y- C. J7 P+ o- h0 e/ EgetGateWay.cgi4 X, x8 Z6 z' [3 `1 M3 {
getPingResult.cgi6 |/ I2 p @( g4 n) H, `1 p* G
getRomfileInfo.cgi
8 X2 b. n4 `1 [getTracentResult.cgi: A0 n" U! G; h+ u( R! }8 o
help.asp
$ b: p/ O @7 O2 v& V8 @help_content.asp' j2 a* [; `' r2 C
adv_qos.asp2 Z7 |5 X& x& V' Y5 k, L' n
adv_dmz.asp
% ?0 ~* j6 z3 q3 J5 L o- q$ J+ d2 Qindex.asp5 [) M8 s* G( m! `% x- R' r
index2.asp# d! |/ I0 C+ I
index3.asp; c% l1 {1 b) r. |6 B! f& E
InsertSimcardMsg.cgi
/ @9 c7 t" D. O% J+ ^itms.cgi) k K [- s, y: Q" q5 `: T
adv_ddns.asp# N5 d# ~" _3 q) J. |
content.asp
h: [# G6 ? U4 alaserforce.cgi
& M8 y" F6 Z9 S, i5 U8 `lasernormal.cgi( I- h. X/ w6 s9 ]" B. r5 O
logout.cgi. `6 r0 J" m. ?+ Q
mag-account.asp
5 g+ U( M9 d9 B4 }( Ymag-diagnose.asp
( n) D' K/ l' L& O' I4 u& ]$ \1 hmag-reset.asp
; U# U4 ^# O, x& s- X6 t+ Pmag-syslogmanage.asp; B6 X2 n! O, X9 B6 D. U, @
maintainreport.cgi
0 Z( h; e4 ^. y4 ~: m, D6 K* Tnet-binding.asp# u, @" }3 L( u/ B7 P
net-dhcp.asp
+ k( x% C( L- F8 Z2 w6 \6 rnet-landingpage.asp
& L1 R, V1 C* B- e3 dnet-phoneapp.asp1 T$ s3 n2 {6 g/ f8 d/ O2 B7 a
net-qos.asp
/ T) ^. h: m* E! S- [net-route6add.asp
1 s3 k4 Q. ` y1 m% dnet-routeadd.asp. o6 H, n, Y. C# g" l
net-routeset.asp
) [# V/ ?# O5 W, ~+ }9 c4 Inet-time.asp
b, W. i& q9 Q3 G9 J/ nnet-tr069.asp
5 F( u' C" f( K! s lnet-wanset.asp5 u+ _( T5 N4 r8 ?* A
net-wlan.asp
. q- L! C/ }' |7 jnet-wlan11ac.asp
8 {" C6 i. @7 W) a! @% v- T/ Enet-wlanshare.asp6 q4 S: p. z; b
normal_access.asp" h ^$ _! \# G% t6 \
normal_internet_wan.asp6 X1 w, J3 e2 l
normal_manage.asp' D! W" L, z! G) U3 Q
normal_manage_password.asp
% d9 R4 ~+ E R. C; ?8 Nnormal_network.asp
) Q f( S8 e2 G/ bnormal_security.asp
; G7 y* O; o) _/ Ynormal_sys.asp4 I) G& {7 H$ B- W0 K
parentControl.asp8 I4 E9 @ B2 M, }1 T- X
pushviewfinish.asp+ a0 ]) L9 \/ I) X! k: F6 P0 S3 S7 S
pushviewupgrade.asp; _3 z1 E* Y, x( O) `4 B: i
qos-clsedit.asp
! h4 C \$ q# m& G: Hqos-comvlan.asp+ s$ G4 b7 k$ w% ?, M" B
qos-dslimit.asp/ V7 s* s8 w: r4 y
redirect.cgi1 l& W0 Q' Z1 i7 R' Q1 E" K* Y
redirect_cancel.cgi
. \. ^) K/ |' T% }. u) zrefresh.asp5 v2 o2 J0 v' `# {3 ?
register.asp
3 @& z' ]5 K0 b* Cregprocess.asp
' F: R: K4 j$ @7 c: M# Z% lregprocess.cgi7 m7 Q( `) K3 F
regstatus.asp# d7 @+ k3 G: S! O* W: F
RemoteUPGMsg.cgi
3 ?( X8 a: q3 N7 @8 B# Q8 X% C. ureset.asp
3 E* R% |# u! U; W$ y2 n5 Y% Mresetscreen.asp. Z5 K# f4 H) F2 t/ {
restorepurefactory.cgi
7 n8 E* Z9 ^4 E8 e1 I% Asec-addmacfilter.asp
1 ^+ U+ ~5 x# Y+ M2 I" @sec-addportfilter.asp
$ V6 ]# h/ O. g$ d- L% _6 }. [4 Ysec-firewall.asp; l9 y" G3 E4 s
sec-macfilter.asp
* I7 l+ [3 ^7 L% t1 L# v3 ~2 Osec-portfilter.asp. M5 A8 t s" L' u3 j1 x1 a
sec-protocolfilter.asp
' {, g5 S0 j3 V4 Xsec-urlfilter.asp5 Z7 d5 r4 j( J9 u, U- T
sec_macfilterlist.cgi
: L3 l" _9 a2 ?% Msec_portfilterinlist.cgi
2 z# j& k/ `+ M9 H( T4 n( ^2 O8 xsec_portfilteroutlist.cgi6 A" |8 {# c( h, g) n! u
sec_urlfilterlist.cgi
& f/ |( y% G; V2 Qselfcheck.asp
. C( T: K$ W1 E/ F) ^) N( h2 K% Tshowhis.cgi% J9 N8 Q! E0 P# ]5 Y1 u
showusb.cgi
8 l& O" b" `- p% K" Ksta-acs.asp
2 [8 f. Q4 ]- B8 U2 }, j8 esta-device.asp. g9 B! @1 k5 p3 l
sta-network.asp9 b! h2 R J0 Z& Y9 b# F4 |
sta-position.asp' z. c/ b( K& l( {" ~
sta-user.asp: f: X3 T; s! s4 z/ B: T
sta-VoIP.asp' ~# Z" F$ [7 y- J! r5 x- k9 C" T
sta-VoIP248.asp4 q+ h' S3 g5 a% {2 o4 i2 c9 j
state_bandwidth.asp. G, X& b; b" K, n! i
state_device.asp" s! |! Q4 y* H' L2 Y+ k
state_gateway.asp2 j- ~5 j; P1 d3 l* V, w: @
state_overview.asp
8 i" \3 r/ E! V% F/ xstore.asp
/ ]! A9 y4 q! z2 G( H4 f0 ?syslog.cgi* r4 C' J/ q$ X8 w# A' d( V3 m( p4 [& o
telnet.asp
) Q' N; r9 a' ]1 ?test_factory.asp b& e, d* F) F/ {0 `
test_info.asp! b- p% c2 B. C2 q
test_version.asp, R6 h0 @. z' g4 u% B
uindex.asp
* B( h( Z6 A! b. A0 X; IUpdateMsg.cgi6 n6 \$ u1 q& E5 S
upgrade.asp
* e- q2 m1 j& N" ~wifi.asp # u4 R5 E: ?; ]+ y7 u' d7 P/ e
由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。' J$ d+ J @2 ]* a: n
% W1 ?2 o: Y) \
6 c5 \5 J+ L. J% R4 ~4 ~" ?; p, y6 Z/ M/ J5 l
|
|