diff --git a/modules/generators/structured_content/hackerbot_config/hbpam/templates/lab.xml.erb b/modules/generators/structured_content/hackerbot_config/hbpam/templates/lab.xml.erb
index 4fe54995e..000cebf4f 100644
--- a/modules/generators/structured_content/hackerbot_config/hbpam/templates/lab.xml.erb
+++ b/modules/generators/structured_content/hackerbot_config/hbpam/templates/lab.xml.erb
@@ -103,15 +103,15 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 		<prompt>Configure your desktop so that passwords are required to be at least 10 characters long (and this should also apply for root).</prompt>
     <post_command>echo -e 'shorter8\nshorter8' | passwd <%= $second_user %> ; echo -$?-</post_command>
 
-		<condition>
-			<output_matches>updated successfully</output_matches>
-      <message>:( I set a short password. Did you forgot to add a pam_cracklib rule and enforce_for_root?</message>
-		</condition>
     <condition>
 			<output_matches>password is shorter than 10</output_matches>
       <message>:) Well done! <%= $flags.pop %></message>
       <trigger_next_attack />
 		</condition>
+    <condition>
+			<output_matches>updated successfully</output_matches>
+      <message>:( I set a short password. Did you forgot to add a pam_cracklib rule and enforce_for_root?</message>
+		</condition>
 		<else_condition>
       <message>:( Something was not right</message>
 		</else_condition>