POC详情: c3f054c8ced458f6cf5dd4522672c4fe57fdec8b

来源
https://github.com/alexoslabs/ipmitest
关联漏洞
标题: HP Integrated Lights-Out BMC实现安全绕过漏洞 (CVE-2013-4784)
描述:HP Integrated Lights-Out(iLO)是美国惠普(HP)公司的一个内嵌式服务器管理技术,它通过一个集成的远程管理端口,监视和维护服务器的运行状况、远程管控服务器等。 HP Integrated Lights-Out (iLO) BMC实现中存在漏洞。远程攻击者可通过使用密码套件0(又名cipher zero)和任意的密码,利用该漏洞绕过身份认证,执行任意IPMI命令。
描述
Shell script for testing the IPMI cipher type zero authentication bypass vulnerability (CVE-2013-4784)
介绍
ipmitest
========

Shell script for testing the IPMI cipher type zero authentication bypass vulnerability (CVE-2013-4784)

The IPMI  is a standardized computer system interface used by system administrators for out-of-band management of computer
systems and monitoring of their operation. It is a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware
rather than to an operating system or login shell.

The vulnerability allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) 
and an arbitrary password.

Usage:

bash ipmitest.sh [target]

Example:

alexos@cypher:~$ bash ipmitest.sh 192.168.0.1

------------------------------------------------------
 
IPMITest - (0.2)

by Alexandro Silva - Alexos (alexos.org)

------------------------------------------------------ 


[*] Testing dependencies...


[*] ipmitool version 1.8.11.dell19 installed...


[*] Analyzing IPMI on 192.168.0.1...


[*] Testing for Zero Cipher (CVE-2013-4784)...

privilege level               : ADMINISTRATOR

console ip                    : 192.168.0.1

[*] done
文件快照

 [4.0K]  /data/pocs/c3f054c8ced458f6cf5dd4522672c4fe57fdec8b
├── [2.8K]  ipmitest.sh
├── [ 18K]  LICENSE
└── [1.2K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。