Path: blob/master/modules/auxiliary/scanner/ipmi/ipmi_version.rb
19516 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Auxiliary::Report7include Msf::Auxiliary::UDPScanner89def initialize10super(11'Name' => 'IPMI Information Discovery',12'Description' => 'Discover host information through IPMI Channel Auth probes',13'Author' => [ 'Dan Farmer <zen[at]fish2.com>', 'hdm' ],14'License' => MSF_LICENSE,15'References' => [16['URL', 'http://fish2.com/ipmi/']17]18)1920register_options(21[22Opt::RPORT(623)23]24)25end2627def rport28datastore['RPORT']29end3031def scanner_prescan(batch)32print_status("Sending IPMI requests to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")33@res = {}34end3536def scan_host(ip)37vprint_status "#{ip}:#{rport} - IPMI - Probe sent"38scanner_send(Rex::Proto::IPMI::Utils.create_ipmi_getchannel_probe, ip, rport)39end4041def scanner_process(data, shost, sport)42info = Rex::Proto::IPMI::Channel_Auth_Reply.new.read(data) rescue nil4344# Ignore invalid responses45return unless info4647unless info.ipmi_command == 5648vprint_error "#{shost}:#{rport} - IPMI - Invalid response"49return50end5152# Ignore duplicate replies53return if @res[shost]5455@res[shost] ||= info5657banner = info.to_banner5859print_good("#{shost}:#{rport} - IPMI - #{banner}")6061report_service(62:host => shost,63:port => rport,64:proto => 'udp',65:name => 'ipmi',66:info => banner67)6869# Potential improvements:70# - Report a vulnerability if info.ipmi_user_anonymous has been set71# - Report a vulnerability if ipmi 2.0 and kg is set to default (almost always the case)72# - Report a vulnerability if info.ipmi_user_null has been set (null username)73end74end757677