moving story time around

revolabs-flx_uc_1000/README.md

@@ -4,6 +4,14 @@ found this device in a conference room, found the IP from an unauthenticated men
 
 ## story time
 
+from the page that loaded when you first hit http://<device>, i noticed `app.js`
+
+in it, i found:
+```json
+ sys.password:
+  - defaultVal: "7386",
+  - pattern: /^(\d{4,})$/,
+```
 
 
 ## tools

revolabs-flx_uc_1000/bf_login.rb

@@ -1,12 +1,5 @@
 #!/usr/bin/env ruby
 ## bf_login.rb - brute force the login for the revolabs flx UC 1000
-#
-# http://<device>/app/app.js exposes:
-# sys.password:
-#  - defaultVal: "7386",
-#  - pattern: /^(\d{4,})$/,
-#
-# so when the default works, we only have to try 9998 other possibilities
 
 require 'json'
 require 'net/http'