IPMIPWN - IPMI cipher 0 attack tool.

IPMIPWN – IPMI cipher 0 attack tool.

There are a few good tools out there (Metasploit) to help you find and identify the IPMI cipher 0 vulnerability, but because its relatively trivial to exploit I have seen nothing that helps you pwn it. While it is easy to exploit, I have found I keep having to brush up on commands and junk every time I come across it which is where my tools comes in.


has been tesed on Kali 2.0, Rolling & Ubuntu 14.04

My IPMIPWN tool does all the real work for you, it will attempt to exploit the cipher 0 vulnerability using a list of predefined default user accounts and setup an backdoor account with a semi-random username and random password. All successful backdoors are logged in loot.log. This tool works best on Kali, it does require you to have ipmiutils “apt-get install ipmitool” and NMAP installed. Enjoy.

+ nmap
+ ipmiutils “sudo apt-get install ipmitool”



Source: https://github.com/AnarchyAngel