• IPMI communicates over port 623 UDP.
• IPMI is a tool that lets administrators manage and monitor servers remotely, even when they are powered off or not responding. It operates separately from the computer’s OS, using a direct network connection to the hardware.
• IPMI connects directly to the hardware of the system through a network, allowing remote control, monitoring, and even system upgrades without needing to be physically near the server.
• IPMI is typically used in three ways:
  • Before the OS has booted to modify BIOS settings
  • When the host is fully powered down
  • Access to a host after a system failure

To function, IPMI requires the following components:

• Baseboard Management Controller (BMC) - A micro-controller and essential component of an IPMI
• Intelligent Chassis Management Bus (ICMB) - An interface that permits communication from one chassis to another
• Intelligent Platform Management Bus (IPMB) - extends the BMC
• IPMI Memory - stores things such as the system event log, repository store data, and more
• Communications Interfaces - local system interfaces, serial and LAN interfaces, ICMB and PCI Management Bus

Footprinting the Service

Nmap

• sudo nmap -sU --script ipmi-version -p 623 ilo.inlanfreight.local

Metasploit Version Scan

• use auxiliary/scanner/ipmi/ipmi_version (auxiliary/scanner/ipmi/ipmi_version).