Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Baseboard Management Controllers (BMC) are used for the remote monitoring of systems. Typically, this is a specialized chip on a server on a different wired connection than the server. It can be used to change/update level items like UEFI or give console access to the server.

Since this can be accessed remotely, ensuring that the BMC device is secure is incredibly important. One way of accessing this is via the IPMI protocol. This device has a web interface for interacting with this. The first vulnerability is a command injection within the email notification functionality. This does require administrative login to setup though.

The next three vulnerabilities are all reflected XSS bugs. Using this, an attacker can trick a user to visit their maliciously crafted link to create a user account or perform other bad actions.

Paired together, these vulnerabilities allow for a one-click RCE. By chaining the XSS to create an account into the command injection, RCE is gained. Overall, the bugs are pretty standard and nothing special. The interesting part to me is the impact and the target that is being hit.