Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This expect script secures SuperMicro IPMI implementations which are vulnerable to viewing the IPMI password in plaintext on port 49152.
#!/usr/bin/expect -f
# This script secures SuperMicro IPMI implementations which are vulnerable
# to viewing the IPMI password in plaintext on port 49152. It does this by
# using the shell available in some SuperMicro BMCs to drop traffic to port
# 49152 in iptables.
#
# See http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/
# for more details on the vulnerability.
#
# Usage ./supermicro-psblock-fix.expect $IPMI_HOST <$IPMI_PASSWORD>
# e.g. ./supermicro-psblock-fix.expect 10.0.0.2
# ./supermicro-psblock-fix.expect 10.0.0.2 PASSWORD123
set timeout 30
set IPMI [lindex $argv 0]
set PASSWORD [lindex $argv 1]
set USER ADMIN
set PROMPT ->
set PORT 49152
# Default password to "ADMIN" (SuperMicro default) if one isn't passed in
if { [string length $PASSWORD] == 0 } {
set PASSWORD ADMIN
}
spawn ssh -o StrictHostKeyChecking=no $USER@$IPMI
expect "password: "
send -- "$PASSWORD\r"
expect {
"#" {
# In most cases, the BMCs which drop straight a shell do not support
# using the TCP module for iptables, which is no bueno.
puts "\nERROR: Unsupported firmware version."
exit 1
}
-exact $PROMPT {}
}
send -- "shell sh\r"
expect {
"#" {
send -- "iptables-save | grep -q '\\-A INPUT -p tcp -m tcp --dport $PORT -j DROP' && echo 'OK'\r"
expect {
"OK\r\n#" {
puts "\niptables rule is already in place."
}
"#" {
send -- "iptables -I INPUT -m tcp -p tcp --dport $PORT -j DROP\r"
expect "#"
send -- "iptables-save > /nv/ipctrl/rultbl.sav\r"
expect "#"
puts "\nSuccessfully blocked port $PORT in iptables!"
}
}
}
"shell command not support now." {
puts "\nERROR: Accessing the shell is not available on this BMC."
exit 1
}
timeout {
puts "\nERROR: Timeout accessing shell on the BMC."
exit 1
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.