|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:' \3 q- y8 s2 o9 Q# k: ^
2 b+ a/ c2 d5 B5 K) a<Account>
" t3 _ x: K9 j. p1 e <Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />
6 i7 @% u: e! }7 s0 ?4 d <Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" /># M r: y3 F5 A5 A5 t
<Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" /># r) n5 b/ |5 F+ T4 D( O: A
<TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />, H. ?! R2 e1 \6 v% ~& x z2 T3 B6 ^
<FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" />" x& _- |0 ~+ N6 K9 X
<HttpEntry Active="Yes" http_right="1" />" @1 q/ ~7 b5 j: j8 p F& e i& H7 w
<ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />2 y0 |' G6 A0 B" [
<CTDefParaEntry setDefValueFlag="1" />% _' w: o( M( J% J# a4 ^1 v! F+ q! ]
</Account>
, v) R: x. X6 j: x6 L1 T" B! _
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:: ^% U. S- [: Y5 T
0 C. E6 ?1 q* x
http://192.168.1.1/cqregister.asp
& V5 n4 T! p6 h) O8 I7 {7 mhttp://192.168.1.1/cqreset.asp0 r$ c$ [* t i1 _
http://192.168.1.1/cwmpsetting.asp
2 X- q; H: ^3 g# Qhttp://192.168.1.1/getGateWay.cgi, j. }0 R7 k I1 `) B. b
. [) q1 G- Z2 v8 g8 U. P/ s#getRomfileInfo就出现个下拉菜单
1 V. y' q; ^0 Z& thttp://192.168.1.1/getRomfileInfo.cgi% s1 h) L" A. x' ^# e' v T
3 w( | h5 d1 t4 W5 R
http://192.168.1.1/register.asp$ n- L( G* e& Y; J0 D
http://192.168.1.1/regprocess.asp/ ] A1 V" B# ~; w4 _9 G' Y
http://192.168.1.1/regprocess.cgi% `( \& v( n, l& A. J
* _, }9 E3 ~$ ~
#恢复默认设置的命令不会丢移动下发的配置6 {7 P$ q1 v* H! X6 X
http://192.168.1.1/restorepurefactory.cgi1 ~' F) ?) C% v
R* ^0 l7 v4 {) t: Vhttp://192.168.1.1/telnet.asp* g5 K/ e! E* t- A
http://192.168.1.1/test_factory.asp
( o- P% h0 c% H0 h: i p1 ohttp://192.168.1.1/test_info.asp
/ d. G( X4 F. R, \9 J! e; c3 `http://192.168.1.1/test_version.asp
- k; T' H8 T. x) Rhttp://192.168.1.1/upgrade.asp# t g/ F0 d8 J6 }4 a
) O0 F; t- |) T4 x
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。
9 o; \2 I' _5 F; j% Napp-daily.asp: Z/ }% J+ M4 z- Q! h
app-ddns.asp
9 p( C$ g9 R9 M& C" v; m" u) n/ bapp-igmpset.asp; @$ R% W" {% \$ D( R- d: j
app-natset.asp
/ Q/ x% E" k7 E2 {% mapp-upnp.asp( P7 k6 s$ T5 f0 F
app-VoIP.asp/ D" v4 U7 I4 H7 y' ?! o% C
app-VoIP248.asp
# R" L8 w& O( G, _# O" ^7 mapp-VoIP248_Adv.asp2 D4 W4 j, ` A: I( z+ ?% s
app-VoIPUser.asp9 Y- y: V$ f3 U9 Y' F7 o) x
app-VoIP_Adv.asp
, z6 p0 ]. ^7 c! L& xapp_ddnslist.cgi
' d* X. j- b4 l; O) Ravalanch.asp4 K) `% D, Y# {8 P) a
byeBye.cgi
" ?7 E3 M3 p9 q5 F) o$ l7 Iadv_vpn.asp% m: F; {; y! z% j, ?
cqregister.asp
' |" u% x9 q' H4 J7 q* Rcqreset.asp9 L3 U, {! o9 T' j" d* h! F
adv_upnp.asp9 `( Y. {2 B7 {' `9 |
cwmpsetting.asp3 y- b) H3 w2 \3 P# e
diag-quickdiagnose.asp
5 m- @. P! g* m% dErrMsg.asp
u' U, H: j5 K" g; M/ HgetGateWay.cgi# Q' b* j& h" v; a* w* ^+ h
getPingResult.cgi+ g9 B P8 J2 s* a
getRomfileInfo.cgi
. W/ L9 p: ^# \' w9 F+ igetTracentResult.cgi- H0 H; P( m) F
help.asp7 w# I) W2 x2 J$ H5 A
help_content.asp, n! l8 N" G) a8 V8 m4 @& G
adv_qos.asp9 v6 N# q6 {1 N3 |5 f0 ?
adv_dmz.asp
3 G% e9 V7 g1 z4 `index.asp3 _. x. E- j+ }* F7 V
index2.asp
8 n* _5 r: T; u8 h2 findex3.asp& `- z5 t- A `6 C5 l
InsertSimcardMsg.cgi
6 T; j5 P- p6 P' X& ?9 Ditms.cgi0 }; v7 |& K) F/ b z6 f
adv_ddns.asp1 [9 P* L8 Y$ H4 m% j
content.asp
" W# V3 ^% f8 X4 Llaserforce.cgi
5 c( T' O* N) r+ g* w3 l$ Flasernormal.cgi
# a1 b6 g9 H5 n$ S& Slogout.cgi
@/ N$ b6 x! _; J7 C/ pmag-account.asp. u2 D4 \: V% h6 Q3 H
mag-diagnose.asp9 F1 n( h! n& F& K
mag-reset.asp
6 ]# S) g0 R L, Q1 x" D/ I* A5 kmag-syslogmanage.asp
4 w+ b1 s- L+ ^) a Gmaintainreport.cgi% _" k- q- U6 f4 \" r5 E
net-binding.asp
) K/ l( N, V& ?5 o/ O( m1 Lnet-dhcp.asp" t {* J8 e0 W: y, F/ `) n
net-landingpage.asp
6 M j$ m; }& I/ z$ _: |$ wnet-phoneapp.asp
4 C9 c/ c! @ Ynet-qos.asp
/ A9 h i! h3 `' J* S* g" M9 X" M, }& Tnet-route6add.asp8 S1 V4 K- P8 J0 G
net-routeadd.asp
4 p# a& A e( k1 ynet-routeset.asp
) J5 z* C8 | n- V" ]) \* nnet-time.asp
1 \* F/ j) O% d* \5 i* rnet-tr069.asp
- E: W6 x- D$ R& Gnet-wanset.asp
9 Q5 x7 m" G! F0 n) Cnet-wlan.asp
6 z# k8 p) I: F- T# I# }. nnet-wlan11ac.asp; M0 @% q# \4 V0 i/ B
net-wlanshare.asp
5 t1 h8 s5 t7 ^4 {normal_access.asp
+ H" _$ a/ M; @5 Q B9 G- W6 Hnormal_internet_wan.asp
0 _5 @; c5 k; r8 F; G1 O/ j/ J2 nnormal_manage.asp4 [: d% n+ t O: ` a( ^7 c; D3 E
normal_manage_password.asp# }5 s3 z$ G) i1 @) ~
normal_network.asp
7 U1 g1 R }! P0 q: F" P* A( jnormal_security.asp% \( z$ ?* l1 K9 @ d) N
normal_sys.asp
) H: L. h6 L# ?7 N' E! ZparentControl.asp
4 {* b5 q% K& r1 m1 Ppushviewfinish.asp: R o9 R4 ~% d/ v7 M% d
pushviewupgrade.asp" l, R% Q% p8 j4 N+ M2 U8 V' u9 l& a
qos-clsedit.asp
/ B$ L# a: {4 M4 y/ Uqos-comvlan.asp! ]8 H, e: t! z: m& c% u% B/ P2 y$ {
qos-dslimit.asp
$ s, T6 ]0 p J/ p4 p+ Kredirect.cgi
- I1 T- R9 T! R6 \redirect_cancel.cgi
# S/ ?- ?- h- r8 p j6 r+ g& rrefresh.asp
7 O( F9 `: V) v/ Nregister.asp/ p& Y: y. M2 l) b
regprocess.asp( o& E' H4 N" e. {7 a( S' m* i1 j
regprocess.cgi
+ r3 n# [4 y3 `1 h; L/ {! s5 Hregstatus.asp! W4 s" i% j: _
RemoteUPGMsg.cgi
% ]% k1 h Z- treset.asp; H! A5 _& u4 x. n1 P
resetscreen.asp
) r3 y8 y W* _- t# ?* m8 Q- [restorepurefactory.cgi
/ m% ?7 t* @ Lsec-addmacfilter.asp
& p, A9 |5 ^9 w- |5 Y4 W7 Lsec-addportfilter.asp
; V4 ^) p O9 g( k" x/ g( j3 Asec-firewall.asp
# K. d# e. f9 N) s6 p& Bsec-macfilter.asp
. E! `' y1 ?& t4 ] C, ^/ Jsec-portfilter.asp9 v4 _' l0 l. u, {
sec-protocolfilter.asp6 G& e. E& V5 N
sec-urlfilter.asp
3 n& t6 i0 h0 H9 r9 Zsec_macfilterlist.cgi
. L# v' R u* o* rsec_portfilterinlist.cgi8 g9 J1 Q- t2 { {( p0 h8 u- a
sec_portfilteroutlist.cgi, E3 o- B7 `% i6 M+ w4 I" x$ i
sec_urlfilterlist.cgi/ Y2 }- z8 I9 x1 ?+ Q
selfcheck.asp3 J$ Z0 F: N- X" p8 r. L6 \/ Z6 K
showhis.cgi
8 I5 J# V# n; A) x$ eshowusb.cgi/ W) Z( f0 Q/ ?9 b
sta-acs.asp( u% w/ [ ~4 U& \7 t! @. W0 K
sta-device.asp9 V8 o5 ~; |7 B$ K4 J5 l
sta-network.asp
) `9 m; A. G. ?& lsta-position.asp
9 V' X( e; g+ [sta-user.asp
* r& R6 Q3 Q- b- X. ]' ^; b. |sta-VoIP.asp$ V4 U0 t8 T f9 \/ X+ V# _1 L
sta-VoIP248.asp5 |6 X! }* t* C L) r
state_bandwidth.asp
& k8 t3 l# v1 j2 mstate_device.asp$ _$ E- m9 J) e$ ?
state_gateway.asp" a! Q8 F6 ^7 H! H' r
state_overview.asp: x5 s" K1 i; U' d2 ]. i+ ^( M5 [
store.asp1 g k2 J# R7 L& D
syslog.cgi
" {; O0 A: G9 @% u6 gtelnet.asp
2 J' D* G) A; i* ~1 `; {test_factory.asp
- a! C( }, b; w! wtest_info.asp0 A- ?9 ~5 v) d: {; c9 o
test_version.asp
( O \* }/ Q: V, m+ F2 Auindex.asp
. ~7 {: S1 g* x; H; B2 o6 fUpdateMsg.cgi
2 f: ]. P# J# L2 z4 _% Eupgrade.asp4 j0 v1 H# L" F) k% t
wifi.asp
2 v- ^5 x, |% r$ U4 z7 [' s由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。7 i( _" [+ J6 S# \/ t9 q4 k6 H5 e
# z) m. }9 B2 \* D0 m! v
S% g1 f6 B0 O% _
& k. l& ?# Y. A: W( m8 e. v |
|
粤公网安备44152102000001号 
