在 ZNHG600 设备上,由于固件更新,原先明文返回的 telecomadmin 账号密码现在被加密了。经过调试页面 JavaScript,发现前端对输入的密码进行了 MD5 加密,并以此进行鉴权。为了解决这个问题,可以使用 Chrome 或 Firefox 浏览器按 Ctrl+Shift+I 调出开发者工具,并粘贴以下代码执行。在登录框中输入加密后的密码,即可正常登录。
function getUserStatus(username, password) {
var loc = "./setlogin.cgi?";
var md5Usrname = hex_md5(username);
var md5Password = hex_md5(password);
loc += "checkusername=" + md5Usrname;
loc += "&checkpassword=" + md5Password;
if (window.XMLHttpRequest) {
objXMLHTTP = new XMLHttpRequest();
} else if (window.ActiveXObject) {
objXMLHTTP = new ActiveXObject("Microsoft.XMLHTTP");
}
if (objXMLHTTP != null) {
objXMLHTTP.open("GET", loc, false);
objXMLHTTP.send(null);
}
}
function onlogin() {
var reckey = "1804289383";
with (document.forms[0]) {
var sUserName = trim(user_name.value);
var sPassword = trim(password.value);
user_name.value = sUserName;
password.value = sPassword;
if (sPassword == "") {
alert("请输入密码");
password.focus();
return;
}
getTelecomStatus();
var telecomArr = telecomStatus.split("/");
var telecomName = trim(telecomArr[1]);
var md5Password = password.value;
if (telecomName == md5Password && telecomArr[0] == "Disabled") {
loc = "login.cgi";
var code = 'location="' + loc + '"';
eval(code);
return;
}
var key = Math.floor(Math.random() * 1000);
var str = "";
str += key + "/";
str += reckey + "/";
var md5Username = hex_md5(user_name.value);
var md5Passwd = hex_md5(password.value);
str += md5Username + ":" + md5Passwd;
var enstr = BASE64.encode(str);
getUserStatus(user_name.value, password.value);
checkuserresult();
if (supportSG == "0") {
if (registerid == 9) {
if (checkresult == 1) {
alert("已有用户登陆");
window.parent.location = "login.cgi";
return;
} else if (checkresult == 2) {
alert("登陆已锁定,请稍候再试");
window.parent.location = "login.cgi";
return;
} else if (checkresult == 3) {
alert("密码输入错误,请重新输入");
window.parent.location = "login.cgi";
return;
} else if (checkresult == 4) {
alert("密码错误三次,登陆已锁定,请一分钟之后再试");
window.parent.location = "login.cgi";
return;
} else if (checkresult == 5) {
alert("登陆已锁定,请稍候再试");
window.parent.location = "login.cgi";
return;
} else if (checkresult == 6) {
alert("密码输入错误,请重新输入");
window.parent.location = "login.cgi";
return;
}
}
} else {
if (checkresult == 1) {
document.getElementById("errormessage").style.display = "inline";
document.getElementById("errormessage").innerHTML = "<font color='red'>已有用户登陆</font>";
return;
} else if (checkresult == 2) {
document.getElementById("errormessage").style.display = "inline";
document.getElementById("errormessage").innerHTML = "<font color='red'>登陆已锁定,请稍候再试</font>";
return;
} else if (checkresult == 3) {
document.getElementById("errormessage").style.display = "inline";
document.getElementById("errormessage").innerHTML = "<font color='red'>密码输入错误,请重新输入</font>";
return;
} else if (checkresult == 4) {
document.getElementById("errormessage").style.display = "inline";
document.getElementById("errormessage").innerHTML = "<font color='red'>密码错误三次,登陆已锁定,请一分钟之后再试</font>";
return;
} else if (checkresult == 5) {
document.getElementById("errormessage").style.display = "inline";
document.getElementById("errormessage").innerHTML = "<font color='red'>登陆已锁定,请稍候再试</font>";
return;
} else if (checkresult == 6) {
document.getElementById("errormessage").style.display = "inline";
document.getElementById("errormessage").innerHTML = "<font color='red'>密码输入错误,请重新输入</font>";
return;
}
}
}
createCookie("Authorization", "Basic " + enstr);
setUserStatus(enstr);
document.forms[0].save.disabled = 1;
if (ie4 && window.event.keyCode == 13 && (window.event.srcElement.type != "reset") && (window.event.srcElement.type != "button")) {
window.event.keyCode = 0;
window.event.returnValue = false;
}
}使用上述代码后,即可正常登录 ZNHG600 设备。
评论已关闭