HD Moore wrote an excellent article on penetration testing IPMI and BMC’s. The article is based on various work of Dan Farmer and provides Metasploit penetration testing examples.
Dan Farmer is known for his groundbreaking work on security tools and processes. Over the last year, Dan has identified some serious security issues with the Intelligent Platform Management Interface (IPMI) protocol and the Baseboard Management Controllers (BMCs) that speak it. This post goes into detail on how to identify and test for each of the issues that Dan identified, using a handful of free security tools. If you are looking for a quick overview of the issues discussed in this post, please review the FAQ. Dan has also put together an excellent best practices document that is a must-read for anyone working on the remediation side.
Please view the entire article here: A Penetration Tester’s Guide to IPMI and BMCs