From b7fc40247cdd5ccd266bb2e20e1c588f1f1bf953 Mon Sep 17 00:00:00 2001 From: Bucky Wilson Date: Mon, 25 Sep 2017 12:24:23 +1000 Subject: [PATCH] Capture limited password stupidity --- beef | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/beef b/beef index b1fff4c21..ccbac1d38 100755 --- a/beef +++ b/beef @@ -120,7 +120,8 @@ BeEF::Core::Console::Banners.print_network_interfaces_count BeEF::Core::Console::Banners.print_network_interfaces_routes # @note Warn and replace on default credentials -if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef') +if config.get("beef.credentials.user").eql?('beef') && + [/beef[0-9]*/, /passw[o0]rd[0-9]*/].select{|pattern| pattern.match(config.get("beef.credentials.passwd"))}.any? print_warning "Warning: Default username and password in use!" better_phrase = BeEF::Core::Crypto::secure_token(16) config.set("beef.credentials.passwd", better_phrase)