Capture limited password stupidity

2017-09-25 12:24:23 +10:00
parent 675c6a9edb
commit b7fc40247c
1 changed files with 2 additions and 1 deletions
--- a/3
+++ b/3
@@ -120,7 +120,8 @@ BeEF::Core::Console::Banners.print_network_interfaces_count
 BeEF::Core::Console::Banners.print_network_interfaces_routes

 # @note Warn and replace on default credentials
-if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef')
+if config.get("beef.credentials.user").eql?('beef') &&
+   [/beef[0-9]*/, /passw[o0]rd[0-9]*/].select{|pattern| pattern.match(config.get("beef.credentials.passwd"))}.any?
  print_warning "Warning: Default username and password in use!"
  better_phrase = BeEF::Core::Crypto::secure_token(16)
  config.set("beef.credentials.passwd", better_phrase)