hw_ctree.xml文件无法解密

ahww · 发表于 2024-10-21 23:51:01

改成与超密一样的字符串也不行。

358954592 · 发表于 2024-10-22 00:26:37

@Echo off
( v1 q5 u- q; K( M
echo set sh=WScript.CreateObject("WScript.Shell") >tmp.vbs
: T: e& f: k7 I' L2 i
echo WScript.Sleep 1000 >>tmp.vbs
7 L/ e$ t K+ G1 I
echo sh.SendKeys "open 192.168.1.1{ENTER}" >>tmp.vbs
6 o4 A$ C3 Q8 G
echo WScript.Sleep 1000 >>tmp.vbs
2 D1 Q3 w% J- p) c3 _8 Y |
echo sh.SendKeys "root{ENTER}" >>tmp.vbs
, c) x8 c d; Q$ t$ b
echo WScript.Sleep 1000 >>tmp.vbs
9 _! h# [8 F1 J( O+ A( h
echo sh.SendKeys "adminHW{ENTER}" >>tmp.vbs
, w2 I7 b. H5 x7 ~, J
echo WScript.Sleep 1000 >>tmp.vbs
5 Q* T+ y8 T% C1 S3 @' p
echo sh.SendKeys "su{ENTER}" >>tmp.vbs
, t7 n i" n+ T7 x" _2 ~
echo WScript.Sleep 1000 >>tmp.vbs
' Y$ f6 m4 }. u+ C
echo sh.SendKeys "shell{ENTER}" >>tmp.vbs
. R7 d1 {3 r9 P) @7 y
echo WScript.Sleep 1000 >>tmp.vbs
: k6 c @+ j" [; p
echo sh.SendKeys "cp /mnt/jffs2/hw_ctree.xml /mnt/jffs2/mycfg.xml.gz {ENTER}" >>tmp.vbs' Z6 A' A( R2 ]- ?' Z
echo WScript.Sleep 1000 >>tmp.vbs; O6 w& O$ S2 F: U1 n# p
echo sh.SendKeys "cd /mnt/jffs2{ENTER}" >>tmp.vbs) o' I' v" ]! o% m8 _ @
echo WScript.Sleep 1000 >>tmp.vbs
& x; I I+ A1 ^2 Z
echo sh.SendKeys "aescrypt2 1 mycfg.xml.gz tem{ENTER}" >>tmp.vbs2 R: Z! S, J1 E0 r0 H
echo WScript.Sleep 1000 >>tmp.vbs
6 O1 y# E: B+ T8 y4 Y9 K
echo sh.SendKeys "gzip -d mycfg.xml.gz{ENTER}" >>tmp.vbs" V6 \: l, `' {4 R; i. ?" h" s6 V. L
echo WScript.Sleep 1000 >>tmp.vbs
! _' y# X8 A; n6 [2 v
echo sh.SendKeys "grep WebUserInfoInstance mycfg.xml{ENTER}" >>tmp.vbs0 H, N& T6 D$ r$ K5 n
echo WScript.Sleep 1000 >>tmp.vbs
# T% p9 }) m$ c5 T9 Y% _' V
echo sh.SendKeys "rm mycfg.xml{ENTER}" >>tmp.vbs' a- S& |2 V+ f- @1 g
echo WScript.Sleep 1000 >>tmp.vbs5 s/ P2 k8 a- f: P. j: C# g
start telnet
. g0 t6 V- r& U- I' w0 @
cscript //nologo tmp.vbs
$ P, k$ |/ c7 Z) v+ v
del tmp.vbs

复制代码

ahww · 发表于 2024-10-23 10:29:28

Marken888 发表于 2024-10-21 20:219 b2 ~5 j$ K7 _8 t
这不清楚，听说加密方式是哈希值，还原不回去的，改成跟超密一样试试看吧 ...

试了，无效。

ahww · 发表于 2024-10-23 10:32:22

358954592 发表于 2024-10-22 00:26

我试试。

ahww · 发表于 2024-10-23 11:24:13

358954592 发表于 2024-10-22 00:26

不行，解出的密码部分仍是乱码或仍是加密的，如下：
<X_HW_WebUserInfoInstance InstanceID="1" UserName="root" Password="$2-{\>L;OTS5*&>#YL[BsO`ghKA<}TG#5]PEH[Gq|HvXVO2-vBfRGJD;2iK;$1f8&I*<E[$WqX"0"2Z@c~2o$_6scL#5q"~k=V3`,U$" UserLevel="1" Enable="1" ModifyPasswordFlag="1" Salt="01efce6ddd3feac23ed85bad" PassMode="3" Alias="cpe-1"/>
<X_HW_WebUserInfoInstance InstanceID="2" UserName="telecomadmin" Password="$2/(E|7D<JPDgbtLSQvg9W{/2^LKnb#P<Yn/Z18G2NPC%.4"OaL"|~ayHm`vCCV7<6Us^LZ)uSoH*wVWI&Rh<BL&p^JUj/N,S*]6E$$" UserLevel="0" Enable="1" ModifyPasswordFlag="0" Salt="d4e109ad12d6ed238fb8eee1" PassMode="3" Alias="cpe-2"/>

ahww · 发表于 2024-10-23 11:25:39

358954592 发表于 2024-10-22 00:26

试了，不行，密码部分仍是一长串各种各样的字符
<X_HW_WebUserInfoInstance InstanceID="1" UserName="root" Password="$2-{\>L;OTS5*&>#YL[BsO`ghKA<}TG#5]PEH[Gq|HvXVO2-vBfRGJD;2iK;$1f8&I*<E[$WqX"0"2Z@c~2o$_6scL#5q"~k=V3`,U$" UserLevel="1" Enable="1" ModifyPasswordFlag="1" Salt="01efce6ddd3feac23ed85bad" PassMode="3" Alias="cpe-1"/>
<X_HW_WebUserInfoInstance InstanceID="2" UserName="telecomadmin" Password="$2/(E|7D<JPDgbtLSQvg9W{/2^LKnb#P<Yn/Z18G2NPC%.4"OaL"|~ayHm`vCCV7<6Us^LZ)uSoH*wVWI&Rh<BL&p^JUj/N,S*]6E$$" UserLevel="0" Enable="1" ModifyPasswordFlag="0" Salt="d4e109ad12d6ed238fb8eee1" PassMode="3" Alias="cpe-2"/>

358954592 · 发表于 2024-10-23 14:35:28

本帖最后由 358954592 于 2024-10-23 20:07 编辑

还原后的密码是保存在hw_default_ctree.xml文件里的，把这个问价下载下来解析一下，
<X_HW_WebUserInfo NumberOfInstances="2">
<X_HW_WebUserInfoInstance InstanceID="1" ModifyPasswordFlag="0" UserName="useradmin" Password="r37us" UserLevel="1" Enable="1"/> \\光猫背后的用户名密码
<X_HW_WebUserInfoInstance InstanceID="2" ModifyPasswordFlag="0" UserName="telecomadmin" Password="nE7jA%5m" UserLevel="0" Enable="1"/> \\超级密码

改成你想要的密码，加密后上传。然后再恢复出厂设置。

账号		自动登录	找回密码
密码			注册

[教程] hw_ctree.xml文件无法解密