Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/scanner/ipmi/ipmi_version.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##456class MetasploitModule < Msf::Auxiliary7include Msf::Auxiliary::Report8include Msf::Auxiliary::UDPScanner910def initialize11super(12'Name' => 'IPMI Information Discovery',13'Description' => 'Discover host information through IPMI Channel Auth probes',14'Author' => [ 'Dan Farmer <zen[at]fish2.com>', 'hdm' ],15'License' => MSF_LICENSE,16'References' =>17[18['URL', 'http://fish2.com/ipmi/']19]20)2122register_options(23[24Opt::RPORT(623)25])2627end2829def rport30datastore['RPORT']31end3233def scanner_prescan(batch)34print_status("Sending IPMI requests to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")35@res = {}36end3738def scan_host(ip)39vprint_status "#{ip}:#{rport} - IPMI - Probe sent"40scanner_send(Rex::Proto::IPMI::Utils.create_ipmi_getchannel_probe, ip, rport)41end4243def scanner_process(data, shost, sport)44info = Rex::Proto::IPMI::Channel_Auth_Reply.new.read(data) rescue nil4546# Ignore invalid responses47return unless info48unless info.ipmi_command == 5649vprint_error "#{shost}:#{rport} - IPMI - Invalid response"50return51end5253# Ignore duplicate replies54return if @res[shost]5556@res[shost] ||= info5758banner = info.to_banner5960print_good("#{shost}:#{rport} - IPMI - #{banner}")6162report_service(63:host => shost,64:port => rport,65:proto => 'udp',66:name => 'ipmi',67:info => banner68)6970# Potential improvements:71# - Report a vulnerability if info.ipmi_user_anonymous has been set72# - Report a vulnerability if ipmi 2.0 and kg is set to default (almost always the case)73# - Report a vulnerability if info.ipmi_user_null has been set (null username)7475end76end777879