Moved BeEF credentials from admin_ui extension to the main config.yaml. Updated both admin_ui and RESTful API to reflect the changes.

2012-04-15 10:53:08 +01:00
parent 49af6ad443
commit 364575592a
4 changed files with 10 additions and 8 deletions
--- a/config.yaml
+++ b/config.yaml
@@ -39,9 +39,8 @@ beef:
        session_cookie_name: "BEEFSESSION"
        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
        web_server_imitation:
-                        enable: false
-                        #supported: apache, iis
-                        type: "apache"
+            enable: false
+            type: "apache" #supported: apache, iis

    database:
        # For information on using other databases please read the
@@ -60,6 +59,11 @@ beef:
        db_passwd: "beef123"
        db_encoding: "UTF-8"

+    # Credentials to authenticate in BeEF. Used by both the RESTful API and the Admin_UI extension
+    credentials:
+        user:   "beef"
+        passwd: "beef"
+
    crypto_default_value_length: 80

    # You may override default extension configuration parameters here
--- a/core/main/rest/handlers/admin.rb
+++ b/core/main/rest/handlers/admin.rb
@@ -54,7 +54,7 @@ module BeEF
          begin
            data = JSON.parse request.body.read
            # check username and password
-            if not (data['username'].eql? config.get('beef.extension.admin_ui.username') and data['password'].eql? config.get('beef.extension.admin_ui.password') )
+            if not (data['username'].eql? config.get('beef.credentials.user') and data['password'].eql? config.get('beef.credentials.passwd') )
              BeEF::Core::Logger.instance.register('Authentication', "User with ip #{request.ip} has failed to authenticate in the application.")
              halt 401
            else
--- a/extensions/admin_ui/config.yaml
+++ b/extensions/admin_ui/config.yaml
@@ -17,9 +17,7 @@ beef:
    extension:
        admin_ui:
            name: 'Admin UI'
-            enable: true 
-            username: "beef"
-            password: "beef"
+            enable: true
            favicon_file_name: "favicon.ico"
            favicon_dir: "/images"
            login_fail_delay: 1
--- a/extensions/admin_ui/controllers/authentication/authentication.rb
+++ b/extensions/admin_ui/controllers/authentication/authentication.rb
@@ -69,7 +69,7 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
    end
    
    # check username and password
-    if not (username.eql? config.get('beef.extension.admin_ui.username') and password.eql? config.get('beef.extension.admin_ui.password') )
+    if not (username.eql? config.get('beef.credentials.user') and password.eql? config.get('beef.credentials.passwd') )
      BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has failed to authenticate in the application.")
      return
    end