|
|
今年 ZNHG600 偷偷摸摸更新了固件使用以前的方法获取到的 telecomadmin 的账号密码对密码已经被加密了,之前是明文返回的。
debug了一下页面js发现是前端对输入的密码进行了md5 之后的鉴权和原来一致。
使用chrome或者firefox浏览器的话可以按 ctrl+shift+i 调出开发者工具粘贴下面的代码回车执行后在登陆框中输入加密后的密码进行登陆
- function getUserStatus(username,password){var loc="./setlogin.cgi?";var md5Usrname=hex_md5(username);var md5Password=(password);loc+="checkusername="+md5Usrname;loc+="&checkpassword="+md5Password;if(window.XMLHttpRequest){objXMLHTTP=new XMLHttpRequest()}else{if(window.ActiveXObject){objXMLHTTP=new ActiveXObject("Microsoft.XMLHTTP")}}if(objXMLHTTP!=null){objXMLHTTP.open("GET",loc,false);objXMLHTTP.send(null)}}function onlogin(){var reckey="1804289383";with(document.forms[0]){var sUserName=trim(user_name.value);var sPassword=trim(password.value);user_name.value=sUserName;password.value=sPassword;if(sPassword==""){alert("请输入密码");password.focus();return}getTelecomStatus();var telecomArr=telecomStatus.split("/");var telecomName=trim(telecomArr[1]);var md5Password=password.value;if(telecomName==md5Password&&telecomArr[0]=="Disabled"){loc="login.cgi";var code='location="'+loc+'"';eval(code);return}var key=Math.floor(Math.random()*1000);var str="";str=key+"/";str+=reckey+"/";var md5Username=hex_md5(user_name.value);var md5Passwd=(password.value);str+=md5Username+":"+md5Passwd;var enstr=BASE64.encode(str);getUserStatus(user_name.value,password.value);checkuserresult();if(supportSG=="0"){if(registerid==9){if(checkresult==1){alert("已有用户登陆");window.parent.location="login.cgi";return}else{if(checkresult==2){alert("登陆已锁定,请稍候再试");window.parent.location="login.cgi";return}else{if(checkresult==3){alert("密码输入错误,请重新输入");window.parent.location="login.cgi";return}else{if(checkresult==4){alert("密码错误三次,登陆已锁定,请一分钟之后再试");window.parent.location="login.cgi";return}else{if(checkresult==5){alert("登陆已锁定,请稍候再试");window.parent.location="login.cgi";return}else{if(checkresult==6){alert("密码错误,请重新输入");window.parent.location="login.cgi";return}}}}}}}else{if(checkresult==1){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>已有用户登陆</font>";document.getElementById("errormessage1").style.display="inline";document.getElementById("errormessage1").innerHTML="";return}else{if(checkresult==2){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>登陆已锁定,请稍候再试</font>";document.getElementById("errormessage1").style.display="inline";document.getElementById("errormessage1").innerHTML="";return}else{if(checkresult==3){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>密码输入错误,请重新输入</font>";document.getElementById("errormessage1").style.display="inline";document.getElementById("errormessage1").innerHTML="";return}else{if(checkresult==4){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>密码错误三次,登陆已锁定,</font>";document.getElementById("errormessage1").style.display="inline";document.getElementById("errormessage1").innerHTML="<font color='red'>请一分钟之后再试</font>";return}else{if(checkresult==5){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>登陆已锁定,请稍候再试</font>";document.getElementById("errormessage1").style.display="inline";document.getElementById("errormessage1").innerHTML="";return}else{if(checkresult==6){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>密码输入错误,请重新输入</font>";document.getElementById("errormessage1").style.display="inline";document.getElementById("errormessage1").innerHTML="";return}}}}}}}}else{if(checkresult==1){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>已有用户登陆</font>";return}else{if(checkresult==2){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>登陆已锁定,请稍候再试</font>";return}else{if(checkresult==3){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>密码错误,请重新输入</font>";return}else{if(checkresult==4){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>密码错误三次,登陆已锁定,请一分钟之后再试</font>";return}else{if(checkresult==5){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>登陆已锁定,请稍候再试</font>";return}else{if(checkresult==6){document.getElementById("errormessage").style.display="inline";document.getElementById("errormessage").innerHTML="<font color='red'>密码错误,请重新输入</font>";return}}}}}}}createCookie("Authorization","Basic "+enstr);setUserStatus(enstr);document.forms[0].save.disabled=1;if(ie4&&window.event.keyCode==13&&(window.event.srcElement.type!="reset")&&(window.event.srcElement.type!="button")){window.event.keyCode=0;window.event.returnValue=false}}};
就可以正常登陆了
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?立即注册
×
评分
-
查看全部评分
|
简体中文
繁體中文
English
日本語
Deutsch
한국 사람
بالعربية
TÜRKÇE
português
คนไทย
IP卡
狗仔卡
发表于 2021-6-2 21:47
置顶卡
沉默卡
喧嚣卡
顶贴卡
显身卡