From 675c6a9edb615b32da628eb0aec39c60dcb817cc Mon Sep 17 00:00:00 2001 From: Bucky Wilson Date: Mon, 25 Sep 2017 12:00:32 +1000 Subject: [PATCH 1/3] Create temporary password in-lieu of using default --- beef | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/beef b/beef index f6612c219..b1fff4c21 100755 --- a/beef +++ b/beef @@ -119,9 +119,12 @@ BeEF::Core::Console::Banners.print_loaded_modules BeEF::Core::Console::Banners.print_network_interfaces_count BeEF::Core::Console::Banners.print_network_interfaces_routes -# @note Warn on default credentials +# @note Warn and replace on default credentials if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef') print_warning "Warning: Default username and password in use!" + better_phrase = BeEF::Core::Crypto::secure_token(16) + config.set("beef.credentials.passwd", better_phrase) + print_info "Password for this instance: #{better_phrase}" end # @note create ~/.beef/ From b7fc40247cdd5ccd266bb2e20e1c588f1f1bf953 Mon Sep 17 00:00:00 2001 From: Bucky Wilson Date: Mon, 25 Sep 2017 12:24:23 +1000 Subject: [PATCH 2/3] Capture limited password stupidity --- beef | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/beef b/beef index b1fff4c21..ccbac1d38 100755 --- a/beef +++ b/beef @@ -120,7 +120,8 @@ BeEF::Core::Console::Banners.print_network_interfaces_count BeEF::Core::Console::Banners.print_network_interfaces_routes # @note Warn and replace on default credentials -if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef') +if config.get("beef.credentials.user").eql?('beef') && + [/beef[0-9]*/, /passw[o0]rd[0-9]*/].select{|pattern| pattern.match(config.get("beef.credentials.passwd"))}.any? print_warning "Warning: Default username and password in use!" better_phrase = BeEF::Core::Crypto::secure_token(16) config.set("beef.credentials.passwd", better_phrase) From 60108af6859d1bb1005aa1f028a111319cf324e5 Mon Sep 17 00:00:00 2001 From: Bucky Wilson Date: Mon, 25 Sep 2017 15:24:14 +1000 Subject: [PATCH 3/3] Passphrase issues made clearer. --- beef | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/beef b/beef index ccbac1d38..2ea7b65ca 100755 --- a/beef +++ b/beef @@ -122,10 +122,10 @@ BeEF::Core::Console::Banners.print_network_interfaces_routes # @note Warn and replace on default credentials if config.get("beef.credentials.user").eql?('beef') && [/beef[0-9]*/, /passw[o0]rd[0-9]*/].select{|pattern| pattern.match(config.get("beef.credentials.passwd"))}.any? - print_warning "Warning: Default username and password in use!" + print_warning "Warning: Default username and weak password in use!" better_phrase = BeEF::Core::Crypto::secure_token(16) config.set("beef.credentials.passwd", better_phrase) - print_info "Password for this instance: #{better_phrase}" + print_more "New password for this instance: #{better_phrase}" end # @note create ~/.beef/