So there has been quite a bit of news around a vulnerability in some of Supermicro's Baseboard Management Controllers (BMC) which allows an attack to remotely retrieve the admin credentials for the BMC system remotely (and in plain text). You can find the original write up by CARI.Net, as well as SANS and Arstechnica.

Most recommendations that have been provided about assessing if you have vulnerable systems have involved netcat (nc), which has to be one of the best tools in a sysadmins utility belt, however, speaking from experience, it has the drawback that some anti-virus products don't like it, which results in security people complaining. There is another way, and that is to use PowerShell.

It is pretty simple to use the Invoke-WebRequest CMDLet, specifying a the URI you want to test. The URL in this case will be HTTP://<your server>:49152/PSBlock. If we can't connect, or receive a 404 file not found, then we are probably ok, if we receive content back, then we need to take a closer look!

So what does our PowerShell expression look like?

If you get content returned, then you really do need to investigate further. Hopefully this is a good example of also how to use Invoke-WebRequest.

Kieran Jacobsen

Jun 24 Assessing the impact of Supermicro BMC vulnerability with PowerShell

Jul 1 Sending SYSLOG messages from PowerShell

Jun 18 Creating GUIDs with PowerShell

Related Posts

Apr 20 Apr 20 Exploiting MS15-034 with PowerShell

Apr 4 Apr 4 Password Hashing with BCrypt and PowerShell - Part 1

Apr 11 Apr 11 Password Hashing with BCrypt and PowerShell - Part 2

Apr 20
Apr 20 Exploiting MS15-034 with PowerShell

Apr 4
Apr 4 Password Hashing with BCrypt and PowerShell - Part 1

Apr 11
Apr 11 Password Hashing with BCrypt and PowerShell - Part 2