Was just noticing the shell option in ipmitool.. wondered if you could echo a set of commands to it via stdin, and sure enough… the final bit is sending it a ctrl^D via \003 and echo -e. This sends a chassis power status as well as a sol, channel, and mc info to BMC – $ echo -e "chassis power status\nsol info\nchannel info 0\nmc info\n\004" | ipmitool -I lanplus […]
I’d had this sitting around for awhile and thought I’d take another look at it; in this I simply toss out an IPMI Get Device ID command and see what happens. This is an interesting one; the GUID is a Vendor Specific ID – the specification says that it’s “a unique number per device”, and that “a Device GUID should never change over the lifetime of the device”, which makes […]
Or… Notes on the IPMI Protocol Security Model. I wrote in Sold Down the River about the curious aspects of channels and authentication and users and all that stuff. Here’s a slimmed down model… and as a bonus a program that iterates through all the channels, users types, and authentication for a host, which is quite a bit of checking. mega_chan.py In any case I’m almost certain that I […]
I wrote a small paper surveying the scene of IPMI in the wild – Sold Down the River – the title of which might give you some clue as to make on the situation. Used to be folks used guns to rob us… computers make everything so much easier!
I’ve long wanted a Get Channel Cipher Suite command w/o authentication, so I wrote a script to do so; those interested can get it here: https://github.com/zenfish/ipmi/blob/master/ipmi-get-ciphers.py Actually none of the various ipmi tools seem to have this option; I’ve found it useful to use when looking at systems; it emits output similar (if not identical) to ipmitool… spotting those running cipher 0 becomes very, very clear. I should have […]