Do you find yourself in the position where you just bought a piece of server kit (new or used) and you do not know what the IPMI password is, and you don't have a OS/screen to reset it, or it's set to some static IP that you don't know?

benjojo@benjojo.co.uk

Do you find yourself in the position where you just bought a piece of server kit (new or used) and you do not know what the IPMI password is, and you don't have a OS/screen to reset it, or it's set to some static IP that you don't know?

Please enjoy this small (70MB) image you can put on a USB stick and blindly boot the machine into, assuming the USB boots, it will set the IPMI to a known value, and set the network back to "normal" values (no VLAN and DHCP)

Enjoy! (and report back if you find it worked on things not already confirmed in the readme)

GitHub - benjojo/headless-ipmi-reset: A USB Stick to wipe a IPMI and return it to pre set standards

A USB Stick to wipe a IPMI and return it to pre set standards - benjojo/headless-ipmi-reset

GitHub (github.com)

hoffmanlabs@infosec.exchange

@benjojo There’s an IPMI brute-force around, if that's not what you're doing here.

CVE-2013-4786

(support.hpe.com)

This is reportedly unfixable on various HP servers.

“HPSBHF02981 rev.4 - HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)”

TL;DR: ask nicely for a weakly-hashed IPMI password, then crack it offline.

On at least some of these boxes, the iLO command that blocks this access:

MP:CM> sa -lanipmi d

#openvms #itanium #security #ipmi