Post · bonfire.cafe

Post

Ok, so I have this HP-server in my garage that I've had for years.
I decided to plug it in, add drives and connect the iLO port.

Ofcourse, I have forgotten the iLO password - and I dont have a monitor that I can use to reset it via the BIOS.

I do remember this vulnerability from a couple of years ago, that where I could get the password (or change it) for the Administrator user with a curl post request.
But I can't find it.

Help

#linux #curl #hp #ilo #infosec #vulnerability_research #vulnerability #askfedi #askfediverse

Stanislas :NotLikeThis:

@angristan@mstdn.io · 2 weeks ago

@selea 👀 https://github.com/skelsec/CVE-2017-12542/blob/master/exploit_1.py

GitHub

CVE-2017-12542/exploit_1.py at master · skelsec/CVE-2017-12542

Test and exploit for CVE-2017-12542. Contribute to skelsec/CVE-2017-12542 development by creating an account on GitHub.

:debian: 𝚜𝚎𝚕𝚎𝚊 :opensuse:

@selea@social.linux.pizza · 2 weeks ago

@angristan

That's it was that one I was looking for.
Sadly, I was a good boy back then and actually patched the iLO - so the machine is not vulnerable

Stanislas :NotLikeThis:

@angristan@mstdn.io · 2 weeks ago

@selea hahaha

:debian: 𝚜𝚎𝚕𝚎𝚊 :opensuse:

@selea@social.linux.pizza · 2 weeks ago

@angristan

Thank you!

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.34 no JS en

Automatic federation enabled