Teach you to successfully break through the functions of Telecom Limited router (RG100A-BA)

In this article I will crack the routing method to share with you, here I use the route model for RG100A-BA, not this model also suggest you to see, I estimate the telecommunications without line by the crack mentality are similar, interested friends don't miss

Search through the Internet to know that the wireless router of broadband gift is a hidden Super Administrator account, this account of the corresponding permissions is a lot of very useful hidden functions, I tried the online default password ne7ja%5m, my route is not available, and the network is not off the routing of the Crack method ( Except for the dismantling of the machine). Here I will crack the route of the way to share with you, here I use the route model for RG100A-BA, not this model also suggest you to see, I estimate that the telecommunications without line by the crack mentality are similar.

First of all, before you crack your route, decisively pull the phone line out, because one of the telecom routing defaults is to report your routing settings every once in a while, and sync the routing settings to the server, and someone on the internet says that your router will be blocked if you crack, so for security reasons, unplug the phone line a little better.

Below the use of telecommunications provided to your user account to enter the router (here my route IP address for http://192.168.1.1), the account is generally useradmin. When we enter, we open the HTTP://192.168.1.1/. backupsettings.conf this link, this link refers to the router's configuration file, when you open him, the browser will download the file by default, if you use IE, you may be prompted not to get this file, then you just use the download tool, download the link above, download the use of Notepad Open this file, search password, find two password clip of that string of characters (looking from the beginning, the first is), that is the password, my is telecomadminxxxxx, this is the password of the super tube, the account number defaults to Telecomadmin. Use this account password to login to the remote control page, the remote control server address change, casually changed to a non-existent URL on it. But my router has not found the Save button, in fact, this is because the telecom will be on the page some of the buttons hidden away, we simply open the remote control of the original page can be modified, the URL is: http://192.168.1.1/tr69cfg.html.

To prevent the telecom from changing back again, we need to get rid of the password of the super tube and the ordinary user (perhaps telecommunications will also use this method to obtain the password of the super tube, for the sake of insurance), the ordinary user password can be changed directly in the router user management. And the super tube password needs to modify in the configuration file, modify the method can use the Super Tube account login, find a USB backup, insert u disk to the router, the configuration file with a copy down, open the search for the password of the super tube, search to replace the password you want to change it. The password is then changed with the backup page's recovery configuration. (My router is backed up by the configuration file is encrypted, if you will decrypt the word is not over, decrypt the configuration file, modify the configuration, the final must be encrypted to recover.) But there's a simpler way, is directly modified to download the backupsettings.conf file, this is the use of the configuration file, directly inside the original password replaced, you can play to change the role of the password, but my router upload page is still hidden from the telecom, need to open the hidden page: http ://192.168.1.1/updatesettings.html can be uploaded. )

After the modification should have been out of the clutches of telecommunications, unless the telecommunications secretly in your route installed a hidden backdoor. Take a closer look, the function of this route is still a lot of Nan, everyone in the change before please remember a little, must find a notepad will be the original data records, or modify the wrong, not even the internet on the tragedy.

Write here, I guess everyone will have to ask: I, how do you find the address of the configuration file, how to find the hidden page of the Nan? Oh, here's the idea of cracking:

First look at the landing page source code, to see if the source code contains a super tube password, in my Route landing page and no password. The following landing useradmin account number, continue to view the source code, in the source I found a place in the name of the Super pipe telecomadmin, it seems that telecom did not change the super Tube account number, but the password in the source code does not mention. However, when switching to different pages found that the Web site has been http://192.168.1.1/main.html, which means that all the pages are checked to see through the main.html load, see is not the original page, that is to say main.html is just a framework. Below find all the original page open look, find the address of the original page just right click on the button on main to select Properties, which have the page source address. However, after the opening found that all content with the original from main see the same, this represents the main did not filter out the information of the Web page, but found in the search process, there are some of the web address front has a CT, we try to remove the CT after the visit to the Web page, sure enough, In the Device Information page found in different places with main, the uplink rate, downlink rate, card ID and so on information, it seems that there is no error, which also indicates that telecommunications did not prohibit useradmin users access to hidden pages. But found a hidden page still did not find the super tube password, how to do?

Do not know if you have no attention, in the login account, submitted to the landing site for Http://192.168.1.1/login.html?username=useradmin&password=XXXXX, this is a typical dynamic page submission method , that is, the super Tube account password is stored in the database, in the site source code is impossible to find. At the beginning I did not notice that the Web page prompts me to log out of date, please login, and then I use Opera when landing card on this page, it was found that it is using data.

Since the use of the database, we began to try to download the database to get the password of the super tube, since it is to submit data to the database, it must be the use of grab tools to obtain data submission address, after grasping the package found that the address submitted for http://192.168.1.1/ Backupsettings.conf It appears that this route is not using database files. Here's how to download it (remember to log in to download it) and get the password by downloading it in the browser.

Below the use of the Super Tube account login, landing time to grab a bag to see, you will find a lot of surprises. The address of all hidden pages in the packet will be displayed yo! This route's crack is done.

Here for your convenience, provide some of the hidden page addresses that your router rg100a-ba might use:

Click to close the import configuration file location http://192.168.1.1/updatesettings.html

Close Remote Control page: http://192.168.1.1/tr69cfg.html

Feature Selection page: Http://192.168.1.1/scsrvcntr.cmd?action=view

Configuration file Address: http://192.168.1.1/backupsettings.conf

ATM PVC Configuration: http://192.168.1.1/cfgatm.html

Load Certificate page: http://192.168.1.1/certloadsigned.html

Import CA Certificate: http://192.168.1.1/certimport.html

Create a new certificate request: http://192.168.1.1/certadd.html

ADSL ber Test start: http://192.168.1.1/berstart.html

ADSL ber test results: http://192.168.1.1/berstop.html

WAN Service Configuration Wizard: http://192.168.1.1/wansrvc.html

WAN Statistical Data Report: http://192.168.1.1/statswan.html

Access time limit: http://192.168.1.1/todmngrview.html

Interface groupings: http://192.168.1.1/portmap.html