Currently I'm part of a CTF competition and I'm trying to get a flag from an IPMI server (specifically an Supermicro IPMI) to which I have to find a back-door of some kind. I have a guide for gaining back-door access, but I need the ip address of the server. The web address of the IPMI isn't preceded by an ip address like I've seen others (sorry for vagueness here but I can't provide certain info or I'll break the rules of the competition). If somebody could help me understand more about how web addresses of IPMI servers (like I said it's a Supermicro) work that would be so helpful. Participially, either getting the ip or methods that don't use it that I can use as an alternative (I have Kali installed btw).
Asked
Active
Viewed 4.0k times
3 Answers
3
To clarify:
The server has a microprocessor which controls the system which is called BMC (Baseboard Management Controller). The BMC is a system on it's own, it has a limited linux running, and several interfaces and regarding IP it has different ports open and IPv4 and IPv6 address.
Either you have a DNS name which you can resolve or you have an IP address. The answer really depends on what information you really got. (maybe more exotic like serial number, MAC address, etc).
So I'm trying to give multiple choices:
If you have no other servers in this network you could scan the network
fping -a -g -q -m 10.200.0.0/24If you have access to the server as root you can the command what @xiadong proposed
ipmitool lan print | grep "IP Address"
scopchanov
- 7,966
- 10
- 40
- 68
Florian Berndl
- 1,136
- 8
- 27
0
This is version how to get IPMI ip when ipmitool is installed and assume that /dev/ipmi0 exists ( loaded modules )
if [ -e /dev/ipmi0 ];then
IPMI_IP=$(ipmitool lan print | grep "IP Address " | cut -d: -f2 | tr -d [:blank:])
fi
echo $IPMI_IP
192.168.100.100
Petr Schönmann
- 11
- 3