CVE-2013-4784 PoC — HP Integrated Lights-Out BMC实现安全绕过漏洞

Source

Associated Vulnerability

Description

Shell script for testing the IPMI cipher type zero authentication bypass vulnerability (CVE-2013-4784)

Readme

ipmitest
========

Shell script for testing the IPMI cipher type zero authentication bypass vulnerability (CVE-2013-4784)

The IPMI  is a standardized computer system interface used by system administrators for out-of-band management of computer
systems and monitoring of their operation. It is a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware
rather than to an operating system or login shell.

The vulnerability allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) 
and an arbitrary password.

Usage:

bash ipmitest.sh [target]

Example:

alexos@cypher:~$ bash ipmitest.sh 192.168.0.1

------------------------------------------------------
 
IPMITest - (0.2)

by Alexandro Silva - Alexos (alexos.org)

------------------------------------------------------ 


[*] Testing dependencies...


[*] ipmitool version 1.8.11.dell19 installed...


[*] Analyzing IPMI on 192.168.0.1...


[*] Testing for Zero Cipher (CVE-2013-4784)...

privilege level               : ADMINISTRATOR

console ip                    : 192.168.0.1

[*] done

File Snapshot

 [4.0K]  /data/pocs/c3f054c8ced458f6cf5dd4522672c4fe57fdec8b
├── [2.8K]  ipmitest.sh
├── [ 18K]  LICENSE
└── [1.2K]  README.md

0 directories, 3 files

Remarks