This expect script secures SuperMicro IPMI implementations which are vulnerable to viewing the IPMI password in plaintext on port 49152.
#!/usr/bin/expect -f
# This script secures SuperMicro IPMI implementations which are vulnerable
# to viewing the IPMI password in plaintext on port 49152. It does this by
# using the shell available in some SuperMicro BMCs to drop traffic to port
# 49152 in iptables.
# See
# for more details on the vulnerability.
# Usage ./supermicro-psblock-fix.expect $IPMI_HOST <$IPMI_PASSWORD>
# e.g. ./supermicro-psblock-fix.expect
# ./supermicro-psblock-fix.expect PASSWORD123
set timeout 30
set IPMI [lindex $argv 0]
set PASSWORD [lindex $argv 1]
set PROMPT ->
set PORT 49152
# Default password to "ADMIN" (SuperMicro default) if one isn't passed in
if { [string length $PASSWORD] == 0 } {
spawn ssh -o StrictHostKeyChecking=no $USER@$IPMI
expect "password: "
send -- "$PASSWORD\r"
expect {
"#" {
# In most cases, the BMCs which drop straight a shell do not support
# using the TCP module for iptables, which is no bueno.
puts "\nERROR: Unsupported firmware version."
exit 1
-exact $PROMPT {}
send -- "shell sh\r"
expect {
"#" {
send -- "iptables-save | grep -q '\\-A INPUT -p tcp -m tcp --dport $PORT -j DROP' && echo 'OK'\r"
expect {
"OK\r\n#" {
puts "\niptables rule is already in place."
"#" {
send -- "iptables -I INPUT -m tcp -p tcp --dport $PORT -j DROP\r"
expect "#"
send -- "iptables-save > /nv/ipctrl/rultbl.sav\r"
expect "#"
puts "\nSuccessfully blocked port $PORT in iptables!"
"shell command not support now." {
puts "\nERROR: Accessing the shell is not available on this BMC."
exit 1
timeout {
puts "\nERROR: Timeout accessing shell on the BMC."
exit 1
