IPMI

IPMI is now supported. This method will attempt to dump hashes to vulnerable IPMI servers. By default, a built in user list is used unless specified in which case a user list can be queried from the domain

Successful hash output is written to $PWD\PME\IPMI

Optional Parameters

ParameterValueDescription

-Domain

Domain

Target domain to grab targets or a user list from

-SuccessOnly

N/A

Shows only successful attempts to console

-Option

IPMI:DomainUsers

Uses domain users as a user list against IPMI targets

-Option

IPMI:admin

Specify a single username to try against IPMI targets

Standard targeting user the built in user list

PsMapExec -Targets [Targets] -Method IPMI

Using a list of domain users as a user list, targeting all domain joined systems

PsMapExec -Targets All -Method IPMI -Option IPMI:DomainUsers

Last updated