From 2a717ad841c1ee1ee4e9c350f37a85d133ce2a10 Mon Sep 17 00:00:00 2001
From: Conor Horan-Kates <conor.code@gmail.com>
Date: Thu, 30 Jun 2016 21:49:46 -0700
Subject: [PATCH] moving story time around

---
 revolabs-flx_uc_1000/README.md   | 8 ++++++++
 revolabs-flx_uc_1000/bf_login.rb | 7 -------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/revolabs-flx_uc_1000/README.md b/revolabs-flx_uc_1000/README.md
index 7f893c6..031c03c 100644
--- a/revolabs-flx_uc_1000/README.md
+++ b/revolabs-flx_uc_1000/README.md
@@ -4,6 +4,14 @@ found this device in a conference room, found the IP from an unauthenticated men
 
 ## story time
 
+from the page that loaded when you first hit http://<device>, i noticed `app.js`
+
+in it, i found:
+```json
+ sys.password:
+  - defaultVal: "7386",
+  - pattern: /^(\d{4,})$/,
+```
 
 
 ## tools
diff --git a/revolabs-flx_uc_1000/bf_login.rb b/revolabs-flx_uc_1000/bf_login.rb
index f8848fa..6bf7d10 100644
--- a/revolabs-flx_uc_1000/bf_login.rb
+++ b/revolabs-flx_uc_1000/bf_login.rb
@@ -1,12 +1,5 @@
 #!/usr/bin/env ruby
 ## bf_login.rb - brute force the login for the revolabs flx UC 1000
-#
-# http://<device>/app/app.js exposes:
-# sys.password:
-#  - defaultVal: "7386",
-#  - pattern: /^(\d{4,})$/,
-#
-# so when the default works, we only have to try 9998 other possibilities
 
 require 'json'
 require 'net/http'