|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:7 y% D4 P/ L, U2 c- v* a5 W
" r: z6 @- e' L- S# r) W
<Account>
4 x o* v4 P" W: r <Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />3 j8 n; O; T3 G. t
<Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />7 t2 }6 t. ]- [) ~3 P
<Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />/ u$ y r! g8 N. p- {
<TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />
5 m' Z* X# D0 ] <FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />2 s' g5 r4 J; G7 T C
<HttpEntry Active="Yes" http_right="1" />
4 v3 d2 w/ S _' m7 i0 W) @ <ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
5 y) K+ b/ d* ?1 Y <CTDefParaEntry setDefValueFlag="1" />
& C3 m. H; T$ t" U; B, n: B2 C</Account>
6 I) |3 z0 g# { K! Y8 C6 k3 ]
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:# |9 r7 f3 {& S; g9 p9 U
# i7 D! N- `9 {3 Q" t% X
http://192.168.1.1/cqregister.asp$ X+ @/ E) T" h% z2 g, U
http://192.168.1.1/cqreset.asp0 t6 q+ I7 t$ O
http://192.168.1.1/cwmpsetting.asp
/ b% y3 j* }/ E& a' W4 vhttp://192.168.1.1/getGateWay.cgi+ Z8 X0 A4 U$ |4 J* _
3 A. E4 Y% j0 H! s
#getRomfileInfo就出现个下拉菜单2 y% ~% N3 W( `
http://192.168.1.1/getRomfileInfo.cgi9 }! j# q' Y/ v9 {6 m0 e: X! I
% h. B M: I" d
http://192.168.1.1/register.asp& Q: g9 E" p, o0 k+ r2 i
http://192.168.1.1/regprocess.asp+ a9 o# I$ ]5 B7 B5 L
http://192.168.1.1/regprocess.cgi
1 g) l" T) d6 U; T5 h2 a$ k) k( I% l, V5 P z2 T% O: ]
#恢复默认设置的命令不会丢移动下发的配置
# D+ _9 r' _4 X7 E, o* i) whttp://192.168.1.1/restorepurefactory.cgi u5 |4 g/ P4 D) l4 `% y- g' A
; _% ]$ E [" F8 m, P
http://192.168.1.1/telnet.asp7 B1 Y( _) G- A; }' u5 p( @
http://192.168.1.1/test_factory.asp3 {5 e/ T2 N/ ]# B
http://192.168.1.1/test_info.asp0 P# P: l6 O5 O5 n) T. g
http://192.168.1.1/test_version.asp
" T# t) s# B5 z* qhttp://192.168.1.1/upgrade.asp+ J7 m+ z/ v8 p% j# @
3 H! O p# T$ f' Q
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。
1 s/ r/ ]7 o( ~5 n1 X: h* Xapp-daily.asp
/ X! Q( S- {+ F: ~ T& q5 ]- x. xapp-ddns.asp$ C& t' p& M7 `& z$ j4 u; q
app-igmpset.asp& B( p k" P' V
app-natset.asp! e6 [9 `) N% e a8 f, A
app-upnp.asp8 v9 t: l: u, B0 U, M$ H( d( q
app-VoIP.asp
2 q- g0 X n- iapp-VoIP248.asp4 P6 {5 Y* K; f$ ]
app-VoIP248_Adv.asp( a) X& h! X/ Q0 x2 |; y
app-VoIPUser.asp/ F/ b5 K( P/ ]2 m5 K" g
app-VoIP_Adv.asp
& p) G8 s9 Y+ _3 G. e F, c- Kapp_ddnslist.cgi
# u* i/ R* z0 y4 Havalanch.asp( C) @. c; f! i9 g( v
byeBye.cgi
6 e: J! N5 N4 y% Qadv_vpn.asp) s$ i X& B5 ?6 a2 ^% n4 A
cqregister.asp* {; P$ `: \0 }( o/ G7 S
cqreset.asp' d# H6 V! X( J4 f$ ]9 o! b
adv_upnp.asp
: J6 J* ?+ w2 `5 Rcwmpsetting.asp$ v: M5 s+ X5 W; E y
diag-quickdiagnose.asp6 u5 I6 O$ m8 N. T; X
ErrMsg.asp
$ @0 F2 F2 y+ B- kgetGateWay.cgi1 f" }8 X. O G+ Z* Y
getPingResult.cgi; {% N$ @' r6 }7 o4 \* X1 E- A
getRomfileInfo.cgi
4 o* u6 b h8 _3 sgetTracentResult.cgi& f1 m7 c/ p+ G8 |
help.asp/ X+ ]5 H4 m9 `& K$ B
help_content.asp
6 v+ h. Z. E# E& ~1 eadv_qos.asp6 a$ V5 F3 n# K% ~+ { K9 \6 q
adv_dmz.asp& d$ S% m" i' g6 k5 C/ Z
index.asp
5 }2 G9 |' X& I4 Iindex2.asp! _4 @! }# A7 a9 K7 U
index3.asp- ` v( k4 e' v
InsertSimcardMsg.cgi
* X( _$ N. E9 a" ?7 bitms.cgi5 m: d) A5 g: z" g
adv_ddns.asp
4 v! U$ k3 q" O! S% lcontent.asp% T8 F; ?- E6 { [
laserforce.cgi9 t K# x0 f' a n2 r+ N) |# B5 H4 Y& Y
lasernormal.cgi
' e; P+ L6 U7 b3 U% O9 N8 Qlogout.cgi: y. B! q" K0 z
mag-account.asp
- @0 L& t8 h6 p f6 G& Smag-diagnose.asp
8 A1 G8 o1 S/ `# R; g+ Wmag-reset.asp
2 s9 w3 Y# g' @8 nmag-syslogmanage.asp
8 _7 a- r$ U2 J! t+ {maintainreport.cgi
" m" A* t/ U2 \4 J |/ u' N% qnet-binding.asp" O, y9 _: A. o) M
net-dhcp.asp0 S; R, f4 ~( h: l# {5 a
net-landingpage.asp
* z; ?1 m+ P6 xnet-phoneapp.asp+ ^$ A- T! J$ e4 g. s
net-qos.asp
5 O1 }! v2 A3 F1 G- g& Cnet-route6add.asp7 I8 {& g t0 r/ t
net-routeadd.asp
/ I5 Z6 [) F) w7 I3 v+ tnet-routeset.asp
% V) z4 a8 y3 [8 {! znet-time.asp
7 |+ l* k4 m1 @' s% ?' Dnet-tr069.asp
3 m1 j5 b* _) F, ^net-wanset.asp0 H! [ b4 K( p: O
net-wlan.asp
8 G: H9 g( `0 c* r! Pnet-wlan11ac.asp- w8 e- V* p; J ?+ E+ d
net-wlanshare.asp
3 k, e2 p5 g( I4 c+ dnormal_access.asp
/ |0 J( I" R; F- D i; rnormal_internet_wan.asp
; K8 _1 b/ A; H7 o0 d9 ^. X* a0 Dnormal_manage.asp
3 L: h- d6 [) _2 h" `. enormal_manage_password.asp
* c& m/ x6 i/ u0 [$ Enormal_network.asp
9 p; b+ w' J/ G9 X Fnormal_security.asp2 \& N' n! C- {; ]( w
normal_sys.asp+ N# `1 @8 q. e) ^0 u9 f
parentControl.asp0 H% t4 b/ M, Q, ^; j9 j) s; f
pushviewfinish.asp
+ k: ^- c/ G% W' O) y1 w0 N% Epushviewupgrade.asp6 k+ V: s& E9 A0 n! n
qos-clsedit.asp& Z0 K* d3 d0 r
qos-comvlan.asp
, b0 p) v, y) fqos-dslimit.asp# v% C* u# S" g. W6 o4 ~
redirect.cgi
}- s7 r2 j& lredirect_cancel.cgi. w& A% O: W! w
refresh.asp
7 r. _- g$ U& J( Z' q3 nregister.asp
* h. P2 a! W- ~( vregprocess.asp
' |0 R5 y4 x6 fregprocess.cgi+ o6 Y; Z$ H( l
regstatus.asp
4 e. f E1 j( B: qRemoteUPGMsg.cgi8 a0 D8 R2 m7 E
reset.asp
$ s$ f& r. I6 K' Y8 tresetscreen.asp0 ~; X) O7 e- N( N; t
restorepurefactory.cgi
4 ]* k/ B- M$ k# X' O9 Tsec-addmacfilter.asp8 w. _& u: R* h
sec-addportfilter.asp" r2 @& _6 D/ Y# X( @' h; P
sec-firewall.asp
4 K9 g9 f8 Z: \, csec-macfilter.asp
2 Z6 u6 Z8 q p4 Z/ Isec-portfilter.asp n& I" X1 i/ \' L, q
sec-protocolfilter.asp
) E" C" W4 Z% y7 x3 [3 A5 ~sec-urlfilter.asp f8 i" b: ~* S. C) V% _) `8 ~) T
sec_macfilterlist.cgi
, y$ r& z) V3 u: J* i7 Csec_portfilterinlist.cgi- @' @ y% m! u) @3 h" W/ t8 M' U1 M
sec_portfilteroutlist.cgi/ a! }+ v5 F; j# \: ?! o
sec_urlfilterlist.cgi
# F8 L# J" s% k, f" F i) B K& Mselfcheck.asp' X& K3 D# I0 A& S
showhis.cgi/ @; U5 W; }/ B/ r. {, L) a- v- h
showusb.cgi0 v. c4 @0 c# @- g
sta-acs.asp% x: x. c% n7 S+ U7 o" }7 ~% ?
sta-device.asp3 E* V6 K, M( [# M" [) m1 [
sta-network.asp
7 X1 f. v- x5 qsta-position.asp
8 S9 }7 k3 f3 g# G+ u! O4 v1 esta-user.asp
: J" s; {& q: o4 zsta-VoIP.asp
3 P/ N$ H! W# g) i3 nsta-VoIP248.asp
7 [% h0 P2 J) Q! bstate_bandwidth.asp
3 Q9 f7 r' o9 F% u& \' tstate_device.asp
" w7 u9 V8 Q; S; ]2 D( U# Mstate_gateway.asp+ ]: P: F/ H3 e
state_overview.asp
+ U) i% v4 A a q4 nstore.asp
5 [7 ` U4 q- X# e& c* p+ y6 Y% Bsyslog.cgi
" ]7 l/ \! c; x) ?+ _3 w/ C+ Atelnet.asp( D& |6 R; M% F" N1 w2 ^
test_factory.asp9 K$ j U" Z4 N7 ?# s; B
test_info.asp
" }* B. x, B4 Q, ^( Htest_version.asp7 ], V4 p1 |0 k7 F1 {
uindex.asp
# i+ y6 _4 d% y- r( q' _( A7 {UpdateMsg.cgi
, T3 M% r( @4 _+ Q7 x9 P; W, _3 kupgrade.asp
4 A+ ]5 b% p7 A, s# rwifi.asp
由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。
& b$ ]! C2 k- h7 S
4 N+ y1 @) B, \4 [0 {1 ^) }+ N& U. m& c
1 R8 I/ y9 Z6 }" x# e5 g# Y |
|
/1 
44152102000001
