Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TEWA-872G开启telnet #23

Open
sleepwalkera opened this issue Aug 21, 2023 · 6 comments
Open

TEWA-872G开启telnet #23

sleepwalkera opened this issue Aug 21, 2023 · 6 comments

Comments

@sleepwalkera
Copy link

sleepwalkera commented Aug 21, 2023
edited
Loading

遇到个新型号,既往的方法都无法成功。可以用超密CMCCAdmin : aDm8H%MdA登陆,无法直接开启telnet。
可构造curl请求(注意:密码必须设置为包含特殊字符、字母、数字三种组合的8位长度以上,token从超密登陆后的cookie中取):

curl 'http://192.168.1.1/setObjs' \
  -H 'Accept: */*' \
  -H 'Accept-Language: zh-CN,zh;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'Cookie: token=ab61d37ba5ce58abf1978f50745fa0e6' \
  -H 'Origin: http://192.168.1.1' \
  -H 'Referer: http://192.168.1.1/' \
  -H 'X-Requested-With: XMLHttpRequest' \
  --data-raw '[{"TelnetEnable":true,"TelnetWANEnable":false,"TelnetUserName":"user","TelnetPassword":"!q12345678","fullPath":"InternetGatewayDevice.DeviceInfo.X_CMCC_ServiceManage."}]' \
  --compressed \
  --insecure
@jonirrings
Copy link
Owner

TelnetPassword会不会有后端验证,必须要按照他要求的至少8位来设置?

@sleepwalkera
Copy link
Author

果然有后端验证,按照注释要求设置了包含字母、数字和特殊字符的8位密码,成功开启telnet了

@sleepwalkera
Copy link
Author

另外问一下,应该如何修改/var/udhcpd/udhcpd.conf文件的内容,直接修改后重启就恢复原状了。初步跟了一下,/var/udhcpd这个目录似乎是运行/etc/rc3.d/S25mount-fs时创建的。再往后不知道厂商的rom咋写入的udhcpd.conf。

S25mount-fs.log

@jonirrings
Copy link
Owner

一般而言,/var/目录下的好多文件都是动态创建的……得去找跟对应文件相关的各个服务启动脚本才行……这个我爱莫能助了,只能你那儿慢慢翻启动脚本

@canronglan
Copy link

你好,福建联通 ,TEWA-870G-C,用你这个方法,缺少了cookie的获取,我用f12网络刷新也没有cookie,这该如何破?

@jonirrings
Copy link
Owner

@canronglan 如果是cookie的话,常规网络流量会自带的,属于http头部内容。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sleepwalkera @jonirrings @canronglan