hw_ctree.xml文件无法解密

ahww · 发表于 2024-10-21 23:51:01

改成与超密一样的字符串也不行。

358954592 · 发表于 2024-10-22 00:26:37

@Echo off
echo set sh=WScript.CreateObject("WScript.Shell") >tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "open 192.168.1.1{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "root{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "adminHW{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "su{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "shell{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "cp /mnt/jffs2/hw_ctree.xml /mnt/jffs2/mycfg.xml.gz {ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "cd /mnt/jffs2{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "aescrypt2 1 mycfg.xml.gz tem{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "gzip -d mycfg.xml.gz{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "grep WebUserInfoInstance mycfg.xml{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "rm mycfg.xml{ENTER}" >>tmp.vbs
echo WScript.Sleep 1000 >>tmp.vbs
start telnet
cscript //nologo tmp.vbs
del tmp.vbs

复制代码

ahww · 发表于 2024-10-23 10:29:28

Marken888 发表于 2024-10-21 20:21
这不清楚，听说加密方式是哈希值，还原不回去的，改成跟超密一样试试看吧 ...

试了，无效。

ahww · 发表于 2024-10-23 10:32:22

358954592 发表于 2024-10-22 00:26

我试试。

ahww · 发表于 2024-10-23 11:24:13

358954592 发表于 2024-10-22 00:26

不行，解出的密码部分仍是乱码或仍是加密的，如下：
<X_HW_WebUserInfoInstance InstanceID="1" UserName="root" Password="$2-{\>L;OTS5*&>#YL[BsO`ghKA<}TG#5]PEH[Gq|HvXVO2-vBfRGJD;2iK;$1f8&I*<E[$WqX"0"2Z@c~2o$_6scL#5q"~k=V3`,U$" UserLevel="1" Enable="1" ModifyPasswordFlag="1" Salt="01efce6ddd3feac23ed85bad" PassMode="3" Alias="cpe-1"/>
<X_HW_WebUserInfoInstance InstanceID="2" UserName="telecomadmin" Password="$2/(E|7D<JPDgbtLSQvg9W{/2^LKnb#P<Yn/Z18G2NPC%.4"OaL"|~ayHm`vCCV7<6Us^LZ)uSoH*wVWI&Rh<BL&p^JUj/N,S*]6E$$" UserLevel="0" Enable="1" ModifyPasswordFlag="0" Salt="d4e109ad12d6ed238fb8eee1" PassMode="3" Alias="cpe-2"/>

ahww · 发表于 2024-10-23 11:25:39

358954592 发表于 2024-10-22 00:26

试了，不行，密码部分仍是一长串各种各样的字符
<X_HW_WebUserInfoInstance InstanceID="1" UserName="root" Password="$2-{\>L;OTS5*&>#YL[BsO`ghKA<}TG#5]PEH[Gq|HvXVO2-vBfRGJD;2iK;$1f8&I*<E[$WqX"0"2Z@c~2o$_6scL#5q"~k=V3`,U$" UserLevel="1" Enable="1" ModifyPasswordFlag="1" Salt="01efce6ddd3feac23ed85bad" PassMode="3" Alias="cpe-1"/>
<X_HW_WebUserInfoInstance InstanceID="2" UserName="telecomadmin" Password="$2/(E|7D<JPDgbtLSQvg9W{/2^LKnb#P<Yn/Z18G2NPC%.4"OaL"|~ayHm`vCCV7<6Us^LZ)uSoH*wVWI&Rh<BL&p^JUj/N,S*]6E$$" UserLevel="0" Enable="1" ModifyPasswordFlag="0" Salt="d4e109ad12d6ed238fb8eee1" PassMode="3" Alias="cpe-2"/>

358954592 · 发表于 2024-10-23 14:35:28

本帖最后由 358954592 于 2024-10-23 20:07 编辑

还原后的密码是保存在hw_default_ctree.xml文件里的，把这个问价下载下来解析一下，
<X_HW_WebUserInfo NumberOfInstances="2">
<X_HW_WebUserInfoInstance InstanceID="1" ModifyPasswordFlag="0" UserName="useradmin" Password="r37us" UserLevel="1" Enable="1"/> \\光猫背后的用户名密码
<X_HW_WebUserInfoInstance InstanceID="2" ModifyPasswordFlag="0" UserName="telecomadmin" Password="nE7jA%5m" UserLevel="0" Enable="1"/> \\超级密码

改成你想要的密码，加密后上传。然后再恢复出厂设置。

账号		自动登录	找回密码
密码			注册

[教程] hw_ctree.xml文件无法解密