# TEWA-708E/G

## 思路

1. 寻找备份页面URL的参数，从而进入备份页面
2. 备份配置文件
3. 解密配置文件，得到账号密码

## tewa-708e破解流程

1.
2. 路由器插入u盘，fat32文件系统。
3. 常规用户登陆[http://192.168.1.1:8080](http://192.168.1.1:8080/)
4. 切换到 管理-设备管理
5. 浏览器进入调试模式，在console处，从top切换到MD\_Device\_user.html

在console内执行

```
`http://192.168.1.1:8080/usbbackup.cmd?action=backupeble&sessionKey=${sessionKey}`
```

&#x20;**如果上述方式执行失败**，根据[KoolShare](https://koolshare.cn/forum.php?mod=redirect\&goto=findpost\&ptid=166510\&pid=2227183)坛友的做法也可以尝试执行下列代码<br>

```
usbsubarea = {
  selectedIndex: 0,
  value: "never_mind...",
  options:[
    {value: "usb1_1"}
  ]
};

btnApply();
```

1. 在u盘内得到ctce8\_TEWA-708E.cfg文件
2. 使用[routerpassview](http://www.nirsoft.net/utils/router_password_recovery.html)或者[附件的xor](https://github.com/jonirrings/xor/releases)解密， 使用方法参考[#4](https://github.com/jonirrings/xor/issues/4)
3. 在解密后文件内找到TeleComAccount，下面的Password内即为超密
4. 如果需要打开telnet，超级用户登陆后，打开 <http://192.168.1.1:8080/enableTelnet.html> 即可启用telnet

原文

{% embed url="<https://github.com/jonirrings/xor#%E6%80%9D%E8%B7%AF>" %}

{% embed url="<https://github.com/jonirrings/xor#%E5%85%B6%E4%BB%96%E5%87%A0%E4%B8%AA%E7%9B%B8%E8%BF%91%E5%9E%8B%E5%8F%B7%E7%9A%84%E7%A0%B4%E8%A7%A3>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kamto.gitbook.io/kam-bk/tewa-708e-g.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.