Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "ipmi"
Have defective supermicro server, but the ipmi is working and could tell me what's going on.
Only problem is, I don't have access to it since the last owner didn't provide it to me.
So I thought let's try metasploit.
Setup local network with a second server, connect to local* address.
"Welcome to intel integrated BMC web console"
What? Its a Supermicro, did the owner reflash the ipmi? What the heck.
Msf: scan adress ....
ipmi found bla bla bla.
Msf: zero cipher scan.
... Voulnerable to zero cipher.
Was pretty happy but the doubt kept creeping in.
On my WS that isn't connected to the ipmi of my server, I go to that ip address.
"Welcome to intel BMC ......"
What are the odds that some fucker has his ipmi open to the public on that exact same address that my board was configured to.
Well, actually pretty high I guess.
That didn't go as planned.
But yeah.... IPMI is fancy.
IF PEOPLE USED IT PROPERLY
More like... FUCK <COMPANY>
USING 10 YEAR OLD SERVERS
HOW THE FUCK DO WE SUPPORT THIS
SWITCHES ARE OUT OF DATE BY AGES
WE NEED TO UPDATE EVERYTHING
Software at least anyway.3
Fuck ipmi. Seriously, such a crappy experience. And fuck supermicro for offering almost no tools to work with said ipmi.
I wish we could just replace our entire stock of motherboards for models with the newer versions of ipmi that at least offers a HTML5 remote console, the java version will kill me one day -_-"3