Addison Wesley was kind enough to permit the distribution of the PDF of our (wietse and myself) book on analysis of systems… using forensics as an excuse. It can be found on my main security page.
Feb 052013
security
Jan 292013
I pull together some thoughts and stuff on IPMI. Just for you. http://fish2.com/ipmi/
Jan 262013
Not all packets are equal. If you send a single UDP packet to port 623 that contains an “Get Channel Authentication Capabilities” (see secion 22.13 of the IPMI v2 spec), you’ll get back a packet that has some interesting features. You can get this by parsing the output of “ipmitool -v -v -H 10.0.0.1 -U user -P password lan print”, but more systems have python than ipmitool, so I […]
Nov 112012
Since I didn’t find it anywhere else… Avocent, who makes a heck of a lot of BMCs, and at times (like with Dell’s iDRAC, at least version 6) keeps encrypted passwords in (well, quite possible/probable OEM dependent) “/flash/data0/etc/avctpasswd” (don’t be fooled by the /etc/passwd file) using SHA1 hashed passwords converted into Base64. I surmise this file is used to protect the real passwords that are stored in clear text […]
Nov 112012
Looking at a file (manuf_sign_cert.sh): # This script is run on every iDRAC at manufacturing time. # to create a certificate with a derived CN using the # service tag so it can be authenticated by a provisioning server # for zero touch deployment. # # Files used: # 1) d_h_ssl_manuf.cnf # 2) ROOTCAPK.PEM (loaded by mdiags via dynamic partition) […] ENCRYPTED_CA_PRIV_KEY=”/tmp/MFGDRV/ROOTCAPK.PEM” […] #decrypt the signing key if ! […]