Rechercher
Switch Language

HP iLO talk at Recon Brx 2018

Rédigé par Fabien Perigaud - 07/02/2018 - dans Exploit - Téléchargement
Since we presented our vulnerability in HP Integrated Lights-Out (iLO) 4 to Recon Brussels, we are now releasing the slides and tools that were developed during our study.

The slides are available here.

The vulnerability we identified (CVE-2017-12542) has been patched by HP in iLO 4 versions 2.53 and 2.54. Again, we highly recommend applying the patch, as exploitation is pretty straightforward.

Demonstration video

In case you missed the talk, we also made the demonstration videos available. The first one contains a reusable authentication bypass exploit:

demo1_connection_bypass

 

Then, we show that we can execute code on the host, giving us cleartext credentials:

demo2_dump_users

 

Finally, we show that we can compromise the host operating system through DMA:

demo3_host_pwn

Tooling

During the presentation, we presented several tools we made to dissect the firmware and load it into IDA, as well as an iLO network scanner. These tools have been made available on this github repository.

Autres publications

Quantum readiness: Introduction to Modern Cryptography

This article is the first of a series of articles regarding Post-Quantum Cryptography in 2024. It builds upon Synacktiv's 2021 article, "Is it post quantum time yet?", by presenting the evolutions tha ...
Alexandre Brenner , Benjamin Sepe - 18/04/2024 - Cryptographie

Nous contacter

01 45 79 74 75
contact@synacktiv.com
Clé GPG

PARIS

5 boulevard Montmartre
75002 Paris

TOULOUSE

4 Rue du Pont Guilhemery
31000 Toulouse

LYON

56 rue Smith
69002 Lyon

RENNES

7D Rue de Châtillon
35000 Rennes

LILLE

7 Boulevard Louis XIV
59000 Lille
Copyright © Synacktiv 2024