Saturday, March 12, 2016


There are a few good tools out there (Metasploit) to help you find and identify the IPMI cipher 0 vulnerability, but because its relatively trivial to exploit I have seen nothing that helps you pwn it. While it is easy to exploit, I have found I keep having to brush up on commands and junk every time I come across it which is where my tools comes in.

My IPMIPWN tool does all the real work for you, it will attempt to exploit the cipher 0 vulnerability using a list of predefined default user accounts and setup a backdoor account with a semi-random username and random password. All successful backdoors are logged in loot.log. This tool works best on Kali, it does require you to have ipmiutils "apt-get install ipmitool" and NMAP installed. Enjoy.

Get IPMIPWN from GitHub

Thursday, March 3, 2016

My Own DROWN Detection Tool

I had to find a quick way to detect the DROWN vulnerability on a large enterprise level network, so this goes more into the vulnerability management realm, but I was tasked with it none the less and I thought others might get some use from my work here as well.

I didn't like the scanning tool from and most of the systems in scope were internal so I couldn't use their online version either. First I tried OpenSSL but the version that comes with Kali 2 does not support SSLv2 even thought the help menu says it does. I was going to try and recompile OpenSSL to add SSLv2 support but that was proving to be a pain in the ass.

That's when I made a little bash script that uses NMAP and TestSSLServer to detect SSLv2 support on port 443 of a web server. All you need to do is provide a list of IPs and it goes to work, unlike all the other tools available at the moment, the output is clear and easy to understand. It does lack features and support for other ports. If the tool proves popular I will be happy to add both. Enjoy and happy hacking :)

Get the DROWN Detection Tool from GitHub.

**UPDATE: Thanks to ngharo for the code contribution. Already merged your changes into master!