shotgun scanning

 art, hack, ipmi, perl, philosophy  Comments Off on shotgun scanning
Jun 242013
shotgun scanning

UDP scanning has always been slow. Slower than slow, slower than molasses, really fucking slow. So when I started being interested in scanning for IPMI out in the wild, which runs on UDP 623, I first fired up trusty ol’ nmap… but bless it’s heart, it’s a cautious, robust scanner that is outrun by crippled snails on UDP scanning. So I thought… well, most scans don’t really need a request-response-follow-up… […]

one packet auditing

 hack, ipmi, python, security  Comments Off on one packet auditing
Jan 262013

Not all packets are equal. If you send a single UDP packet to port 623 that contains an “Get Channel Authentication Capabilities” (see secion 22.13 of the IPMI v2 spec), you’ll get back a packet that has some interesting features. You can get this by parsing the output of “ipmitool -v -v -H -U user -P password lan print”, but more systems have python than ipmitool, so I […]