Trouble.org

You're in trouble now

Category: ipmi

  • Darpa, redux, redux, reduxxx

    I’d been asked about my 2nd CFT proposal… here it is, in all it’s wordy glory: darpa-reduxxx.   Thanks as always to the DARPAnians and Mudge for the opportunity. Thanks to my IPMI paper sucking my life away I’m behind schedule, but it was always an excuse to play with and understand the tech, not…

  • I, I, PM, I, MI, I, IPMI, I

    I pull together some thoughts and stuff on IPMI. Just for you. http://fish2.com/ipmi/

  • one packet auditing

    Not all packets are equal. If you send a single UDP packet to port 623 that contains an “Get Channel Authentication Capabilities” (see secion 22.13 of the IPMI v2 spec), you’ll get back a packet that has some interesting features. You can get this by parsing the output of “ipmitool -v -v -H 10.0.0.1 -U…

  • avctpasswd

    Since I didn’t find it anywhere else… Avocent, who makes a heck of a lot of BMCs, and at times (like with Dell’s iDRAC, at least version 6) keeps encrypted passwords in (well, quite possible/probable OEM dependent) “/flash/data0/etc/avctpasswd” (don’t be fooled by the /etc/passwd file) using SHA1 hashed passwords converted into Base64. I surmise this…

  • … passwords in shell scripts….

    Looking at a file (manuf_sign_cert.sh): # This script is run on every iDRAC at manufacturing time. # to create a certificate with a derived CN using the # service tag so it can be authenticated by a provisioning server # for zero touch deployment. # # Files used: # 1) d_h_ssl_manuf.cnf # 2) ROOTCAPK.PEM (loaded…

  • lsof lite (III/III)

    Finally one that looks at a process and tells you what ports its listening to. WPCM450 /tmp]$ ps |grep ssh  1263 root       4532 S   /sbin/sshd -g 60  9730 root       9412 S   sshd: root@pts/0     10571 root       3556 R   grep ssh [WPCM450 /tmp]$…