IPMI

IPMI is now supported. This method will attempt to dump hashes to vulnerable IPMI servers. By default, a built in user list is used unless specified in which case a user list can be queried from the domain

Successful hash output is written to $PWD\PME\IPMI

Optional Parameters

Parameter	Value	Description
-Domain	Domain	Target domain to grab targets or a user list from
-SuccessOnly	N/A	Shows only successful attempts to console
-Option	IPMI:DomainUsers	Uses domain users as a user list against IPMI targets
-Option	IPMI:admin	Specify a single username to try against IPMI targets

Standard targeting user the built in user list

PsMapExec -Targets [Targets] -Method IPMI

Using a list of domain users as a user list, targeting all domain joined systems

PsMapExec -Targets All -Method IPMI -Option IPMI:DomainUsers