A trivial utility to dump password/account information from a special file found on a SM BMC (see this R7 post about the PSBlock file.) (Later edit – put a new version on github that fixes a bug) #!/usr/bin/env python # usage: $0 file # # (try to) Dump out passwords/accounts from a SM binary file; # usually this is in /conf or /vm on the BMC, and goes by […]
Some misc ramblin’ notes/data on IPMI & SSL Certificates. So I used the SSL observatory software (oddly written, but still cool) to scan for certificates on a bit over 300K systems suspected of running IPMI (which in turn were had from HD Moore of Rapid 7 – thanks HD!) and who were on the net. In case anyone else was interested in using the SSL Observatory stuff, it’s pretty simple once […]
UDP scanning has always been slow. Slower than slow, slower than molasses, really fucking slow. So when I started being interested in scanning for IPMI out in the wild, which runs on UDP 623, I first fired up trusty ol’ nmap… but bless it’s heart, it’s a cautious, robust scanner that is outrun by crippled snails on UDP scanning. So I thought… well, most scans don’t really need a request-response-follow-up… […]
Well, not really. Actually I.tar.gz. In the gzip’d tar there are 3 files; little IPMI/BMC configuration file sucker, a suggested set of security recommendations that could be checked, and an even smaller program to parse the first program’s output. Because… well, no good reason, actually, one is in python3 and the other in python2. I guess I’m testing your readiness. The programs are pretty heavily commented, especially ipmifreely.py, so […]
Now, a few words on looking for things. When you go looking for something specific, your chances of finding it are very bad. Because of all the things in the world, you’re only looking for one of them. When you go looking for anything at all, your chances of finding it are very good. Because of all the things in the world, you’re sure to find some of them. […]