h4ck/revolabs-flx_uc_1000
2016-06-30 21:49:46 -07:00
..
bf_login.rb moving story time around 2016-06-30 21:49:46 -07:00
README.md moving story time around 2016-06-30 21:49:46 -07:00

revolabs flx UC1000

found this device in a conference room, found the IP from an unauthenticated menu on the dialer, which was accessible from the wireless 'Guest' network. it also has USB ports, so potentially available without network access.

story time

from the page that loaded when you first hit http://, i noticed app.js

in it, i found:

 sys.password:
  - defaultVal: "7386",
  - pattern: /^(\d{4,})$/,

tools

name description
bf_login.rb brute forces the PIN on the web interface