From 364575592ae6821ccc65eb7aa7d807529a0537e4 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@gmail.com>
Date: Sun, 15 Apr 2012 10:53:08 +0100
Subject: [PATCH] Moved BeEF credentials from admin_ui extension to the main
 config.yaml. Updated both admin_ui and RESTful API to reflect the changes.

---
 config.yaml                                            | 10 +++++++---
 core/main/rest/handlers/admin.rb                       |  2 +-
 extensions/admin_ui/config.yaml                        |  4 +---
 .../controllers/authentication/authentication.rb       |  2 +-
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/config.yaml b/config.yaml
index 97658800e..669bb5bdd 100644
--- a/config.yaml
+++ b/config.yaml
@@ -39,9 +39,8 @@ beef:
         session_cookie_name: "BEEFSESSION"
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
-                        enable: false
-                        #supported: apache, iis
-                        type: "apache"
+            enable: false
+            type: "apache" #supported: apache, iis
 
     database:
         # For information on using other databases please read the
@@ -60,6 +59,11 @@ beef:
         db_passwd: "beef123"
         db_encoding: "UTF-8"
 
+    # Credentials to authenticate in BeEF. Used by both the RESTful API and the Admin_UI extension
+    credentials:
+        user:   "beef"
+        passwd: "beef"
+
     crypto_default_value_length: 80
 
     # You may override default extension configuration parameters here
diff --git a/core/main/rest/handlers/admin.rb b/core/main/rest/handlers/admin.rb
index ac1e6c046..c5ffd9f08 100644
--- a/core/main/rest/handlers/admin.rb
+++ b/core/main/rest/handlers/admin.rb
@@ -54,7 +54,7 @@ module BeEF
           begin
             data = JSON.parse request.body.read
             # check username and password
-            if not (data['username'].eql? config.get('beef.extension.admin_ui.username') and data['password'].eql? config.get('beef.extension.admin_ui.password') )
+            if not (data['username'].eql? config.get('beef.credentials.user') and data['password'].eql? config.get('beef.credentials.passwd') )
               BeEF::Core::Logger.instance.register('Authentication', "User with ip #{request.ip} has failed to authenticate in the application.")
               halt 401
             else
diff --git a/extensions/admin_ui/config.yaml b/extensions/admin_ui/config.yaml
index 0e29a226a..dde46ca70 100644
--- a/extensions/admin_ui/config.yaml
+++ b/extensions/admin_ui/config.yaml
@@ -17,9 +17,7 @@ beef:
     extension:
         admin_ui:
             name: 'Admin UI'
-            enable: true 
-            username: "beef"
-            password: "beef"
+            enable: true
             favicon_file_name: "favicon.ico"
             favicon_dir: "/images"
             login_fail_delay: 1
diff --git a/extensions/admin_ui/controllers/authentication/authentication.rb b/extensions/admin_ui/controllers/authentication/authentication.rb
index ad94d452e..f07a4f94e 100644
--- a/extensions/admin_ui/controllers/authentication/authentication.rb
+++ b/extensions/admin_ui/controllers/authentication/authentication.rb
@@ -69,7 +69,7 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
     end
     
     # check username and password
-    if not (username.eql? config.get('beef.extension.admin_ui.username') and password.eql? config.get('beef.extension.admin_ui.password') )
+    if not (username.eql? config.get('beef.credentials.user') and password.eql? config.get('beef.credentials.passwd') )
       BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has failed to authenticate in the application.")
       return
     end