search

623 - IPMI

Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently.

hashtag
Metasploit

hashtag
Find version

msf > use auxiliary/scanner/ipmi/ipmi_version
msf auxiliary(ipmi_version) > set RHOSTS 10.0.0.0/24
msf auxiliary(ipmi_version) > run
[*] Sending IPMI requests to 10.0.0.0->10.0.0.255 (256 hosts)
[+] 10.0.0.22:623 - IPMI - IPMI-2.0 UserAuth(auth_user,non_null_user) PassAuth(md5,md2)Level(1.5,2.0)

hashtag
Dump hashes

use auxiliary/scanner/ipmi/ipmi_dumphashes 
set rhosts [TARGETS] 
run

hashtag
Common default credentials

Product Name

Default Username

Default Password

HP Integrated Lights Out (iLO)

Administrator

<factory randomized 8-character string>

Dell Remote Access Card (iDRAC, DRAC)

root

calvin

IBM Integrated Management Module (IMM)

USERID

PASSW0RD (with a zero)

Fujitsu Integrated Remote Management Controller

admin

admin

Supermicro IPMI (2.0)

ADMIN

ADMIN

Oracle/Sun Integrated Lights Out Manager (ILOM)

root

changeme

ASUS iKVM BMC

admin

admin

Resources: https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/arrow-up-right

hashtag
Zero cipher authentication bypass

Zero cipher authentication bypass resulting in administrative access

hashtag
Check if vulnerable

hashtag
Connect

The Linux ipmitool client is used to interact with the service and bypass authentication (via the -C 0 option).

We will set the root user account password to abc123 via IPMI.

Previous512/513/514 - R ServicesNext873 - RSYNC

Last updated