Finding IPMI ip Address - ipmi

Currently I'm part of a CTF competition and I'm trying to get a flag from an IPMI server (specifically an Supermicro IPMI) to which I have to find a back-door of some kind. I have a guide for gaining back-door access, but I need the ip address of the server. The web address of the IPMI isn't preceded by an ip address like I've seen others (sorry for vagueness here but I can't provide certain info or I'll break the rules of the competition). If somebody could help me understand more about how web addresses of IPMI servers (like I said it's a Supermicro) work that would be so helpful. Participially, either getting the ip or methods that don't use it that I can use as an alternative (I have Kali installed btw).

If you can reach the target machine,
You can enter the input method on the machine...
# ipmitool lan print | grep "IP Address"

To clarify:
The server has a microprocessor which controls the system which is called BMC (Baseboard Management Controller). The BMC is a system on it's own, it has a limited linux running, and several interfaces and regarding IP it has different ports open and IPv4 and IPv6 address.
Either you have a DNS name which you can resolve or you have an IP address. The answer really depends on what information you really got. (maybe more exotic like serial number, MAC address, etc).
So I'm trying to give multiple choices:
If you have no other servers in this network you could scan the network
fping -a -g -q -m 10.200.0.0/24
If you have access to the server as root you can the command what #xiadong proposed
ipmitool lan print | grep "IP Address"

This is version how to get IPMI ip when ipmitool is installed and assume that /dev/ipmi0 exists ( loaded modules )
if [ -e /dev/ipmi0 ];then
IPMI_IP=$(ipmitool lan print | grep "IP Address " | cut -d: -f2 | tr -d [:blank:])
fi
echo $IPMI_IP
192.168.100.100

Related

Patching a closed source network application to read from file

So let me explain, I want to fuzz a closed source application named Y that implements a custom protocol let's name the protocol X. Y is written in C.
Is there a way to patch the send/read family functions to read from file instead of the socket?
Could this potentially work for the AFL/AFL++ fuzzer?
Keep in mind the application is developed for UNIX-like ecosystems.
Yes, you can do that easily by making bridges between named pipes (fifos) and TCP connections through netcat.
Create two files (named pipes):
mkfifo /tmp/program_input /tmp/program_output
Now, make a bridge between these files and the application.
In case the application is a TCP/IP Client, your bridge will be a TCP/IP Server:
tail -f /tmp/program_input | nc -kl 127.0.0.1 50000 | tee /tmp/program_output > /dev/null
Then you'll have to configure the application's peer IP address as the IP of the host where your bridge runs. Port also must match and is arbitrary. ("50000" in the example above.)
In case you can't change the IP address/TCP port the application uses, you'll have to map these on your router to the IP/port of your bridge application (see "port forwarding").
If the application is a TCP/IP Server, create a TCP/IP client as a bridge:
tail -f /tmp/program_input | nc <application_ip_address> <application_port> | tee /tmp/program_output > /dev/null
If you want to write something to the networking application you're analyzing, write to /tmp/program_input. Read /tmp/program_output to see its output.
I'm not too familiar with AFL/AFL++, but you can certainly communicate with the application directly or also make socket/file bridges for the fuzzer as well.

how can i fetch the names & ip addresses of machines connected in a same network using c?

for my project i have to fetch all devices name & their ip address which are connected in same network.
How to get the names and ips of all devices on my local network? somewhat similar to post but i have to use c code & this post is for ios only.
I know that ARP protocol use to map ip address with the mac address but exactly don't know how to scan all the ip's from there.
My aim is to get the output without any command line tool as nmap & arp command are also there which will give the network ip addresses but not in a proper way.
Can anybody tell me the way i can get all these details with or without code that would be really helpful.
Thanks,
you can socket raw c, Create two threads
Thread 1: ping all machines using ICMP.
Thread 2: Caputre all data comming to your interface (ex: eth0) then filter only ARP response.

Ettercap - ARP poisoning unsuccessful

Yesterday I successfully performed a MITM attack by ARP poisoning between my router and my Windows7 computer. I used Ettercap on a Linux machine.
However, today, running the same command does not work anymore. It looks like Ettercap cannot reach my computer, which IP is 192.168.0.17.
Here is what I got :
We can see that the only host added to the list is the router one (192.168.0.1)... What I don't understand is that it was working few hours ago.
I noticed also another thing.
using the command
sudo arpspoof -i wlp20s0 -t 192.168.0.17 192.168.0.1
The ARP poisonning DOES work this time. But now the problem is that it is acting like a DDOS on my victim... It completely loses internet connection.
And before it was not, it was working as expected.
So I guess something has changed on my victim computer but I cannot figure what.
Thank you.
IP forwarding is the ability for an operating system to accept incoming network packets on one interface, recognize that it is not meant for the system itself, but that it should be passed on to another network, and then forwards it accordingly.
From https://openvpn.net/faq/what-is-and-how-do-i-enable-ip-forwarding-on-linux/
When you perform MITM packets that don't match your IP are being sent to you and are not passed on correctly so the victim can reach out to the internet. With IP forwarding enabled your computer will reroute the packets correctly and the attacked computer will have access to the internet.
On Linux if I remember correctly:
echo 1 > /proc/sys/net/ipv4/ip_forward
will fo the job.
Arp replies are stored in cache, so first of all do some tricks here:
Remove arp cache from windpws with cmd.
(Cause the first priority is the cache and if host cant find the mac address it will generate an ARP request,then your router will repliy with ARP reply)
issue this command to see arp table:
arp -a
When you do Mitm with arp spoof and your computer looses internet connectivity it might be your DNS misconfiguration.
You ll need to enable dns server.
(If wan to brows web pages)
Try to do it with ettercap and enable arp poision and dns spoof module.

How to know if a Port is available for my application I am going to Install

I have a very doubt , plz correct me ..
I have a windows server and I need to install a application/product on it . This application/product uses certain ports, and I need to enter those ports while configuring this application.
So I need to know if say 19800 port is available or not.
what I did to know if 19800 is available or not:
1)netstat -na -- this gave me list of ports with status listening/established/Time_wait ..
I didnt find 19800 port in outout of netstat -na..
So does that mean 19800 port is not there and I need to ask window administrator team to open this port?
2)I think netstat -na gives the port which are in use or accepting some connections ..
It actually doesn't give you list of all the ports that the server have , because server generally have more than 60000 ports , and the output from netstat -na gives somewhere 100 entries..
3)what I dream is to know what all ports are there on this server , and if I find my port name I can assign that port to my application.
Thanks
rick
If you want to check, the availability of a PORT, you may use different approaches the simplest one in this case could be depending on your programming language you may do the following:
port_available = TRUE
try:
open(HOST,PORT)
exception PORT_NOT_AVAILABLE:
port_available = FALSE
Using the output from netstat and parsing it using text editor could be a nightmare.

In linux In which file ip address of my system is present

From which file ifconfig command takes input for displaying ip address, inet addr and h/w addr ?. I want this information for my presentation. Any file apart from /etc/network/interfaces is there ? Looking foreword for help.
It's in the manual man. just run command man ifconfig in your terminal and at bottom it says
it comes from these three files:
FILES
/proc/net/socket
/proc/net/dev
/proc/net/if_inet6
Hope it works.
IN computer to look up hostnames and IP addresses go to /etc/hosts file.
here ifconfig displays the status of the currently active interfaces you only view the information not access.

Resources