Footprinting IPMI

setescientos · September 1, 2023, 6:38pm

props to you bro, i was looking for a way to specifically do this entirely within the MSF and this was IT. i appreciate your input.

Cyb1rious · September 28, 2023, 9:32am

Thank you!

Fetzen · October 4, 2023, 2:14pm

hm… nothing work for me … I tried
$ hashcat -a 0 -m 0 crackhash.txt rockyou.txt
but I get this …

Hashfile ‘crackhash.txt’ on line 1 (hash): Token length exception
Hashfile ‘crackhash.txt’ on line 2 (hash): Token length exception

if I try
hashcat -m 7300 -a 3 ./crackhash.txt rockyou.txt
I get as resault…
Hashfile ‘./crackhash.txt’ on line 1 (hash): Separator unmatched
No hashes loaded.

Can anyone help me?

Userroot · November 7, 2023, 5:20pm

Spoiler
I’m not sure how to protect against exploiters like other forum users do, but I’d like to point out that it’s also possible to achieve this using the following approach:

hashcat -m 7300 myhash.txt -a 0 /usr/share/wordlists/rockyou.txt --show

Grantstreet · December 19, 2023, 2:32pm

Had the same issue with token length exception.
Tip: use --username as a parameter in the hashcat command. It defines that there is a username in the hash you are trying to crack.

After that it solved the issue.

Darkstorm · January 17, 2024, 10:11am

Just use metasploit scanner/ipmi/ipmi_dumphashes and in options choose wordlist /usr/share/wordlists/rockyou.txt you will get answer you should check by default rockyou.txt not extracted so extract it and use

kmaxo901 · January 21, 2024, 9:18pm

You the boss

afrohacker · January 29, 2024, 6:17pm

Hashcat doesnt seem like the easiest to use. I was stuck on this until I found your comment. Thank you!

dadbod · February 17, 2024, 5:34pm

I was stuck on this lab for a few days. After reading ALOT of everyone post, thought id just provide some clear guidance. This can be completed via hashcat or Metasploit, and I’m sure a lot of other ways. If you utilize msfconsole as instructed, and run the IPMI_DUMPHASHES module, you can easily get the cleartext password. Set your RHOSTS and change your pass file if the default pass_file is not working. Earlier in the footprinting series, we installed Seclist. Id recommend navigating to that folder, and identifying the Password directory. Maybe you’ll see something related to hashes in there. Hope this helps!

gg2 · March 5, 2024, 4:11am

I used metasploit but the dictionary provided did not give me the key in plain text, I changed the dictionary for another one and it did.

hngmn · March 25, 2024, 8:44am

Man, this was perfect. Thanks mate!

koyanek · April 3, 2024, 11:17am

I solved it.

Read this link it will help you.

R4F4U · May 30, 2024, 8:25am

hashcat -m 7300 hash.txt -a 3 ?1?1?1?1?1?1?1?1 -1 ?d?u

th3poet · July 29, 2024, 9:15pm

just use this with Metasploit (scanner/ipmi/ipmi_dumphashes)
set PASS_FILE /usr/share/wordlists/rockyou.txt

killerxkiller · October 4, 2024, 11:14pm

thanks I wasn’t using --show

Jokester · November 27, 2024, 2:06pm

use rockyou.txt

Topic		Replies	Views
Cracking Common Hashes --- CRACKING PASSWORDS WITH HASHCAT Academy starting-point , academy	7	1431	January 27, 2025
In the IPMI of Footprinting Module, how to get the plaintext from the hash recieved? HTB Content	6	1057	October 6, 2024
Password Attacks - Skill Assessment Academy	40	3808	January 28, 2024
Academy - Cracking Passwords with Hashcat Off-topic	12	2711	February 2, 2023
Password in Sunday Machines	10	1453	September 29, 2018

Footprinting IPMI

Related topics