623 - IPMI
Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently.
Metasploit
Find version
Dump hashes
Common default credentials
Resources: https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/
Zero cipher authentication bypass
Zero cipher authentication bypass resulting in administrative access
Check if vulnerable
Connect
The Linux ipmitool client is used to interact with the service and bypass authentication (via the -C 0 option).
We will set the root user account password to abc123 via IPMI.
Last updated