hw_ctree.xml文件无法解密

ahww · 发表于 2024-10-21 23:51:01

改成与超密一样的字符串也不行。

358954592 · 发表于 2024-10-22 00:26:37

@Echo off
) u7 @6 {! Q% \
echo set sh=WScript.CreateObject("WScript.Shell") >tmp.vbs
# q3 K8 _1 y4 _% l. f' T" p
echo WScript.Sleep 1000 >>tmp.vbs
: O5 Y1 A. Y E1 Q$ z/ {6 _
echo sh.SendKeys "open 192.168.1.1{ENTER}" >>tmp.vbs6 l. H h5 h3 `
echo WScript.Sleep 1000 >>tmp.vbs
, W# d( `. W- l0 g/ Q- N5 S) R
echo sh.SendKeys "root{ENTER}" >>tmp.vbs; ?9 _3 J( T/ ^1 h9 _% e3 c' G
echo WScript.Sleep 1000 >>tmp.vbs$ N8 D' ~4 E8 V0 {2 g4 F/ ~. a
echo sh.SendKeys "adminHW{ENTER}" >>tmp.vbs
" N9 }+ l h9 O$ F2 a2 k
echo WScript.Sleep 1000 >>tmp.vbs
8 V4 ?/ B- c; Y |0 J8 k0 [
echo sh.SendKeys "su{ENTER}" >>tmp.vbs
% W5 ~' b' Z$ A+ O/ O6 ]* y1 {* W; w
echo WScript.Sleep 1000 >>tmp.vbs0 W( \/ a' G# u- A& b5 L1 L
echo sh.SendKeys "shell{ENTER}" >>tmp.vbs
7 w6 s% L5 E6 C2 C; h/ Y
echo WScript.Sleep 1000 >>tmp.vbs
' Y. ^# f; z- c: T$ ?* S
echo sh.SendKeys "cp /mnt/jffs2/hw_ctree.xml /mnt/jffs2/mycfg.xml.gz {ENTER}" >>tmp.vbs4 |$ ^4 E- Y1 w7 ]6 `# F3 n/ E6 Y
echo WScript.Sleep 1000 >>tmp.vbs
: O; d9 C8 C+ D. U! Q8 v& }
echo sh.SendKeys "cd /mnt/jffs2{ENTER}" >>tmp.vbs
* w0 b7 L- j& L. Z! D9 |) N; c* R
echo WScript.Sleep 1000 >>tmp.vbs
9 P0 ^" J3 U0 ^% {
echo sh.SendKeys "aescrypt2 1 mycfg.xml.gz tem{ENTER}" >>tmp.vbs( n) f" _/ B7 E% p
echo WScript.Sleep 1000 >>tmp.vbs6 v1 l& U) i% D! b! T# b. r
echo sh.SendKeys "gzip -d mycfg.xml.gz{ENTER}" >>tmp.vbs2 h2 d4 A( u3 r8 h) d) O: L# V
echo WScript.Sleep 1000 >>tmp.vbs
echo sh.SendKeys "grep WebUserInfoInstance mycfg.xml{ENTER}" >>tmp.vbs7 {# Q2 P1 @' E8 I% [
echo WScript.Sleep 1000 >>tmp.vbs L& i; ?0 f" U2 z( y
echo sh.SendKeys "rm mycfg.xml{ENTER}" >>tmp.vbs4 x8 H9 o* W: c' S
echo WScript.Sleep 1000 >>tmp.vbs
% `& Z3 l# f' \9 |3 z$ z8 s/ Z/ m
start telnet
, w, }9 i+ g! V
cscript //nologo tmp.vbs
# p6 j: c$ s y" L: Q
del tmp.vbs

复制代码

ahww · 发表于 2024-10-23 10:29:28

Marken888 发表于 2024-10-21 20:21
& B0 ^1 g' r+ s A$ \% Z这不清楚，听说加密方式是哈希值，还原不回去的，改成跟超密一样试试看吧 ...

试了，无效。

ahww · 发表于 2024-10-23 10:32:22

358954592 发表于 2024-10-22 00:26

我试试。

ahww · 发表于 2024-10-23 11:24:13

358954592 发表于 2024-10-22 00:26

不行，解出的密码部分仍是乱码或仍是加密的，如下：
<X_HW_WebUserInfoInstance InstanceID="1" UserName="root" Password="$2-{\>L;OTS5*&>#YL[BsO`ghKA<}TG#5]PEH[Gq|HvXVO2-vBfRGJD;2iK;$1f8&I*<E[$WqX"0"2Z@c~2o$_6scL#5q"~k=V3`,U$" UserLevel="1" Enable="1" ModifyPasswordFlag="1" Salt="01efce6ddd3feac23ed85bad" PassMode="3" Alias="cpe-1"/>
<X_HW_WebUserInfoInstance InstanceID="2" UserName="telecomadmin" Password="$2/(E|7D<JPDgbtLSQvg9W{/2^LKnb#P<Yn/Z18G2NPC%.4"OaL"|~ayHm`vCCV7<6Us^LZ)uSoH*wVWI&Rh<BL&p^JUj/N,S*]6E$$" UserLevel="0" Enable="1" ModifyPasswordFlag="0" Salt="d4e109ad12d6ed238fb8eee1" PassMode="3" Alias="cpe-2"/>

ahww · 发表于 2024-10-23 11:25:39

358954592 发表于 2024-10-22 00:26

试了，不行，密码部分仍是一长串各种各样的字符
<X_HW_WebUserInfoInstance InstanceID="1" UserName="root" Password="$2-{\>L;OTS5*&>#YL[BsO`ghKA<}TG#5]PEH[Gq|HvXVO2-vBfRGJD;2iK;$1f8&I*<E[$WqX"0"2Z@c~2o$_6scL#5q"~k=V3`,U$" UserLevel="1" Enable="1" ModifyPasswordFlag="1" Salt="01efce6ddd3feac23ed85bad" PassMode="3" Alias="cpe-1"/>
<X_HW_WebUserInfoInstance InstanceID="2" UserName="telecomadmin" Password="$2/(E|7D<JPDgbtLSQvg9W{/2^LKnb#P<Yn/Z18G2NPC%.4"OaL"|~ayHm`vCCV7<6Us^LZ)uSoH*wVWI&Rh<BL&p^JUj/N,S*]6E$$" UserLevel="0" Enable="1" ModifyPasswordFlag="0" Salt="d4e109ad12d6ed238fb8eee1" PassMode="3" Alias="cpe-2"/>

358954592 · 发表于 2024-10-23 14:35:28

本帖最后由 358954592 于 2024-10-23 20:07 编辑

还原后的密码是保存在hw_default_ctree.xml文件里的，把这个问价下载下来解析一下，
<X_HW_WebUserInfo NumberOfInstances="2">
<X_HW_WebUserInfoInstance InstanceID="1" ModifyPasswordFlag="0" UserName="useradmin" Password="r37us" UserLevel="1" Enable="1"/> \\光猫背后的用户名密码
<X_HW_WebUserInfoInstance InstanceID="2" ModifyPasswordFlag="0" UserName="telecomadmin" Password="nE7jA%5m" UserLevel="0" Enable="1"/> \\超级密码

改成你想要的密码，加密后上传。然后再恢复出厂设置。

账号		自动登录	找回密码
密码			注册

[教程] hw_ctree.xml文件无法解密

浏览过的版块