Making HTTP requests to identify vulnerable supermicro IPMI/BMC controllers
The Nmap Scripting Engine has a library to handle requests and other common functions of an HTTP client. With the http
NSE library, NSE developers can accomplish many tasks, from information gathering to vulnerability exploitation of web applications.
This recipe will show you how to use the http
NSE library to send an HTTP request to identify vulnerable supermicro IPMI/BMC controllers.
How to do it...
Some supermicro IPMI/BMC controllers allow unauthenticated access to a configuration file (/PSBlock
) that stores plain text administrative credentials. Let's write a simple NSE script to detect these vulnerable controllers.
For now, let's ignore the documentation tags and keep it simple:
- Create the file
supermicro-psblock.nse
and start by filling up the NSE script basic information fields:
description = [[ Attempts to download an unprotected configuration file containing plain-text user credentials in vulnerable...