A Penetration Tester’s Guide to IPMI and BMCs

HD Moore wrote an excellent article on penetration testing IPMI and BMC’s. The article is based on various work of Dan Farmer and provides Metasploit penetration testing examples.

Dan Farmer is known for his groundbreaking work on security tools and processes. Over the last year, Dan has identified some serious security issues with the Intelligent Platform Management Interface (IPMI) protocol and the Baseboard Management Controllers (BMCs) that speak it. This post goes into detail on how to identify and test for each of the issues that Dan identified, using a handful of free security tools. If you are looking for a quick overview of the issues discussed in this post, please review the FAQ. Dan has also put together an excellent best practices document that is a must-read for anyone working on the remediation side.

A Penetration Tester’s Guide to IPMI and BMCs

Please view the entire article here: A Penetration Tester’s Guide to IPMI and BMCs


Did this post helped you solve a problem? Or dit you find it interesting? Support Sysadmins of the North with a direct donation via Paypal of by bank wire transfer IBAN: NL31 ABNA 0432217258 (Jan Reilink). Just $ 5,- or € 5,- is more than enough, thanks!

Support SAOTN.ORG


303 views

Leave a Reply

Your email address will not be published. Required fields are marked *