h4ck/revolabs-flx_uc_1000/README.md

# revolabs flx UC1000

found this device in a conference room, found the IP from an unauthenticated menu on the dialer, which was accessible from the wireless 'Guest' network. it also has USB ports, so potentially available without network access.

## story time

from the page that loaded when you first hit http://<device>, i noticed `app.js`

in it, i found:
```json
 sys.password:
  - defaultVal: "7386",
  - pattern: /^(\d{4,})$/,
```


## tools
name | description
-----|-------------
[bf_login.rb](bf_login.rb) | brute forces the PIN on the web interface
initial revolabs flx UC1000 commit 2016-07-01 04:50:14 +02:00			`# revolabs flx UC1000`

no plan survives first contact with the enemy 2016-07-01 06:25:13 +02:00			`found this device in a conference room, found the IP from an unauthenticated menu on the dialer, which was accessible from the wireless 'Guest' network. it also has USB ports, so potentially available without network access.`
initial revolabs flx UC1000 commit 2016-07-01 04:50:14 +02:00
			`## story time`

moving story time around 2016-07-01 06:49:46 +02:00			from the page that loaded when you first hit http://<device>, i noticed `app.js`

			`in it, i found:`
			```json
			`sys.password:`
			`- defaultVal: "7386",`
			`- pattern: /^(\d{4,})$/,`
			```
initial revolabs flx UC1000 commit 2016-07-01 04:50:14 +02:00

			`## tools`
			`name \| description`
oh markdown 2016-07-01 04:53:50 +02:00			`-----\|-------------`
			`[bf_login.rb](bf_login.rb) \| brute forces the PIN on the web interface`