|
|
发表于 2018-11-14 16:40:59
|
显示全部楼层
可以确认GM219-S 硬件版本:HV1.0.00.052 为四川天邑代工的。。。找到了地区配置文件。。。找到了各种服务的默认的密码:
C3 z# ?+ s: h/ F. j5 w2 O0 ]8 A: `$ `8 A
<Account>/ q/ P% F" h1 E: I7 _7 D- r
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="aDm8H%MdA" display_mask="FF FF FF FF FF FF FF FF FF" />0 `/ x5 t! d$ h3 a7 E4 X8 k
<Entry1 Active="Yes" username="user" web_passwd="1234" display_mask="BF 00 0F 08 07 20 03 00 01" />. t& k6 P. N! m- ?
<Entry2 Active="Yes" username="user3" web_passwd="1234" display_mask="BF 00 07 08 07 10 03 00 01" />% A' X, x! y" ]! h
<TelnetEntry Active="No" telnet_username="admin" telnet_passwd="1234" telnet_port="23" />4 {- {$ F# h' ~' R
<FtpEntry Active="No" ftp_username="admin" ftp_passwd="1234" ftp_port="21" /> W; @9 d# R6 c1 V# m B! G
<HttpEntry Active="Yes" http_right="1" />$ g O8 ]5 X9 G" z; O. T
<ConsoleEntry Active="Yes" console_username="admin" console_passwd="1234" />
; `2 W& w: ?7 O' p' ~! E4 E I <CTDefParaEntry setDefValueFlag="1" />& B; u9 J( w ^7 z3 J
</Account>
2 D/ x+ S( g# ]$ [ G7 \4 j4 X- }/ n2 z Y8 ?
尝试固件里/boaroot/cgi-bin/目录下的一些页面。。。发现了一些web下的隐藏页面。。。相同硬件版本的可以去尝试:
% r2 d9 f6 O" L% k, w+ n6 X4 `' s7 X8 \9 c
http://192.168.1.1/cqregister.asp! L0 `9 e& G) l/ r5 c0 `( X/ w
http://192.168.1.1/cqreset.asp: I5 N+ v G7 w( P' }, T
http://192.168.1.1/cwmpsetting.asp
% G4 p, Z% Z3 _http://192.168.1.1/getGateWay.cgi% t; L" V* \) W: u& l9 X
; \" ?7 l; k3 y#getRomfileInfo就出现个下拉菜单
5 T3 B1 [3 G7 d% z Jhttp://192.168.1.1/getRomfileInfo.cgi8 ?* i$ f8 x% K/ q' K5 N2 f
" e6 ]2 m9 B0 `http://192.168.1.1/register.asp
' U b3 G6 w6 G+ O5 {2 P: ^http://192.168.1.1/regprocess.asp4 {: n) S0 [$ \( H
http://192.168.1.1/regprocess.cgi2 k/ k$ f: M: D4 Z" W r1 P% y
8 C! |% C# ?( k0 _4 ~4 {( ]! T#恢复默认设置的命令不会丢移动下发的配置1 r( ^7 x1 D H7 \; d+ ?
http://192.168.1.1/restorepurefactory.cgi" a0 c- |% t6 ]+ K+ t" A2 f
8 C) n9 |7 r H9 S+ `* y, r9 }: E
http://192.168.1.1/telnet.asp
6 Y) R" W. _$ k& Phttp://192.168.1.1/test_factory.asp Z$ F7 m6 `2 I$ b3 ^) b# a
http://192.168.1.1/test_info.asp
' o* K. o7 b2 w3 c6 k- R! ]http://192.168.1.1/test_version.asp. u8 R- m% g, Q( w* N
http://192.168.1.1/upgrade.asp$ z, ~5 u/ _2 v) {" \& k
* B) q H: H( U# E! h. r# E$ Y
/boaroot/cgi-bin/目录下的所有文件。。。其他隐藏页面有兴趣自己去尝试。。。
6 r. i9 m1 _4 D% \; Z4 c" _app-daily.asp
( G6 y9 e- b T( {$ `app-ddns.asp( \+ D4 ` b: t
app-igmpset.asp
. b0 ^. Q& a$ C5 O1 Sapp-natset.asp% M Q" G8 k$ M1 X
app-upnp.asp/ g* o: @) }; p2 I8 p) b' u! s
app-VoIP.asp/ ~9 d" h- P% ]& j% h: O
app-VoIP248.asp# j. W6 s, a0 }2 I9 ^% t5 x# O5 R
app-VoIP248_Adv.asp. Y- L& G7 A. p$ Y. ?) k" K: ^
app-VoIPUser.asp: y8 e$ A$ V" w* \
app-VoIP_Adv.asp3 o! E& L* {3 ]" q
app_ddnslist.cgi/ C- t- ^( C+ v- t+ f7 r- z# m! ~
avalanch.asp9 S8 N" C! q5 |; Y
byeBye.cgi
9 A& B# u, X1 o3 V& E+ v) sadv_vpn.asp. e: i; ]) U+ d& u! ~
cqregister.asp
1 ?! j" T" D2 m+ i# u: xcqreset.asp- W' J$ w9 N6 E: \# i6 ^' a3 w
adv_upnp.asp/ y% m& @( s+ d$ E
cwmpsetting.asp
7 j M& [, a/ l7 J& o$ ~diag-quickdiagnose.asp
/ w$ Q. l3 f6 t5 L! E' @ErrMsg.asp
4 T: p* i0 j2 Y' B% v8 y2 RgetGateWay.cgi
9 {# o6 v; i2 A- c; lgetPingResult.cgi
4 N, F0 |- Z. p& Y9 R1 hgetRomfileInfo.cgi
1 M f; Y' s! X+ |" bgetTracentResult.cgi+ f. @) ]6 T5 M' c
help.asp8 n- `* [! E6 p
help_content.asp2 u; K; ]: }; g9 ?% w
adv_qos.asp5 [ ?* T# J3 X0 o8 j8 L
adv_dmz.asp/ N6 z E. ^. U' k: {0 L
index.asp& k# ?3 L @1 p# q
index2.asp0 J' h. g1 l* U: i; F/ L G) q4 T$ b
index3.asp3 f+ I, E/ N/ [# C; W: _7 S
InsertSimcardMsg.cgi
$ _7 z% Z+ Y! c0 {itms.cgi7 L( e5 A% r, K4 S& `
adv_ddns.asp1 V N! b( L* d! L
content.asp
9 s* g1 ?. F7 c& slaserforce.cgi
: N& Z. h7 G* h5 `- k+ W4 ]: flasernormal.cgi
# i) e5 a2 C4 e" _+ L/ Klogout.cgi
d0 U, y1 n' I/ c+ Hmag-account.asp' f: t8 d. J3 E. c: E- P
mag-diagnose.asp
8 Q" Y! A3 B* R) b6 Qmag-reset.asp* p6 T K# V% p: K& _: J
mag-syslogmanage.asp
0 i: @2 Z8 T7 omaintainreport.cgi. A/ O4 u1 S4 H& T' u7 W
net-binding.asp
. G" [+ t! ~) i" a: j' Wnet-dhcp.asp4 b }4 g* s7 h, n z5 W; K( E3 r
net-landingpage.asp- g4 l- n& j- I5 S
net-phoneapp.asp
. u6 B8 Q+ G/ enet-qos.asp
: Q P) E# r# z& tnet-route6add.asp# ^" {3 M& ?. [# k% b4 O9 O$ |
net-routeadd.asp
% ^. }8 V* Z3 x! Unet-routeset.asp. p' N6 E4 m) N% `
net-time.asp" ~6 y% d5 @' A0 Z: G9 k- k' ~
net-tr069.asp
* t' v9 d( p. ]. X8 Y) knet-wanset.asp
6 q5 q4 E4 w+ e9 e/ z% tnet-wlan.asp+ k8 _4 C. e, d2 H, G
net-wlan11ac.asp
7 u3 h# _* j6 [; T' Bnet-wlanshare.asp
6 D4 R) p) s5 H# ]6 ^( J# ^normal_access.asp
& n. C% q7 b2 O3 f- ?normal_internet_wan.asp
6 C+ ^7 Z" O @) o4 u9 s: } Unormal_manage.asp2 r+ r# @- }5 Y, _; q; t
normal_manage_password.asp
0 ]5 @/ Z0 n8 z }normal_network.asp
/ e) n1 }, C+ a7 j# F& _normal_security.asp% x% X& B Z! R$ [" n0 A6 m
normal_sys.asp+ `6 e+ e; i( I* x. W
parentControl.asp3 t' Y% U: l% U& ?2 t
pushviewfinish.asp" ~4 A1 N* [* n, R1 M! C3 _- H
pushviewupgrade.asp
% y% Q1 O. C3 B5 h' x0 \7 ~qos-clsedit.asp$ v% y+ \; a+ [4 c+ |
qos-comvlan.asp# K) r' l0 y J' O# j% ~
qos-dslimit.asp$ T) k: ^5 p5 \1 d2 m
redirect.cgi, h: w/ O+ X1 N
redirect_cancel.cgi) u1 D4 `6 ~ {2 B* ~; J( |! l
refresh.asp
) U* o0 Q- u0 eregister.asp! w# S0 F. Y* `' M% c5 @
regprocess.asp
- y' J8 Z- E" cregprocess.cgi
% U" g ~0 h- W$ Eregstatus.asp) P8 S7 E' K# r# I1 v- f
RemoteUPGMsg.cgi
7 {$ r ^: X/ Z4 y* p. n5 d+ ureset.asp( m% }; A5 W) ~" Z% |7 F) O
resetscreen.asp$ G; Z, C8 }# g" e4 o' J9 [1 O5 P
restorepurefactory.cgi7 A4 D' |: L7 q2 A& X! V; g/ Z
sec-addmacfilter.asp' S$ I2 N6 D& ^5 E# J$ x8 p8 M
sec-addportfilter.asp2 U2 m- q" ?% j6 Y; d
sec-firewall.asp D. h+ J) m6 \! J
sec-macfilter.asp7 S2 @4 a- ]! }: E4 P! }
sec-portfilter.asp9 z$ t+ p+ r: E
sec-protocolfilter.asp2 Z! m" n! v+ ~. B) a4 @
sec-urlfilter.asp
6 U0 Z/ q" P, c( I! @* w) U9 csec_macfilterlist.cgi p9 K# b9 \! V ?( M
sec_portfilterinlist.cgi5 S$ f5 H4 L- T B
sec_portfilteroutlist.cgi! e, H: L: x+ O
sec_urlfilterlist.cgi
3 ?$ D6 Z9 F5 t6 rselfcheck.asp o. ^$ y3 g* d$ z% B
showhis.cgi7 u: n( l" [, e7 X% [
showusb.cgi+ \1 @' h1 I Q! _- x6 s: X, s
sta-acs.asp: I* l) t) K, R$ }. @
sta-device.asp/ W* \3 q/ J' V* [; s% M
sta-network.asp: [2 y1 p$ @$ z1 r: r/ B& A. r
sta-position.asp5 z7 x2 _; X8 f" w- b, T
sta-user.asp
/ U5 }( y+ Y4 msta-VoIP.asp
3 r6 F# b N# c6 |sta-VoIP248.asp0 {% g4 P8 b& x5 D8 r, i" D
state_bandwidth.asp1 B' h; j0 T9 l$ U Q
state_device.asp
% `8 d" G9 }) K! j; R% b1 Jstate_gateway.asp
6 J% v7 A6 N/ U hstate_overview.asp. a0 Y8 X; g$ ^+ o1 n
store.asp
( R+ f6 c n9 q! D- h$ Y0 H/ lsyslog.cgi
9 _" }1 H& G! L, ~0 U; ptelnet.asp
% k9 [4 | ]# T5 I+ `* Htest_factory.asp$ g" z. w; I: \) l+ I, [
test_info.asp
% n E3 R) [9 p r0 ~test_version.asp' p- z3 o) H0 n3 f8 ]
uindex.asp/ k8 O# s, u. C# U. s
UpdateMsg.cgi5 l; ]4 X" T# k1 E. S1 F' [
upgrade.asp+ Q/ f& A7 y" K
wifi.asp
0 W8 b4 l- s) ]5 _7 c由于没拿到telnet账户密码。。。也就到此为止了。。。期待有大神出现。。。8 i) H: ]" }4 V
- C, H9 a+ O- d# A
' \" c- J7 x1 j4 U5 D" D$ A
2 ^6 M8 D* w. O. I6 M! }
|
|
/1 
44152102000001
