VDB
GHSA-5qfx-g363-pvpg
GHSA-5qfx-g363-pvpg
PUBLISHED
Exploit Intelligence
- CVE-2013-4786 Go exploitation tool (github-poc)
- CVE-2013-4786 Go exploitation tool (github-poc)
- Dumps password hashes from IPMI RPC server, so they can be cracked by external tool such as hashcat. If none is supplied, nselib/data/usernames.lst will be used. The script works by exploiting vulnerability CVE-2013-4786, where in standard communication, attacker can obtain, for every known user, hash containing password, which can be later used for offline cracking. Furthermore, if tried username is not valid, it can be recognised from the communication. (nmap-nse)
- Dumps password hashes from IPMI RPC server, so they can be cracked by external tool such as hashcat. If none is supplied, nselib/data/usernames.lst will be used. The script works by exploiting vulnerability CVE-2013-4786, where in standard communication, attacker can obtain, for every known user, hash containing password, which can be later used for offline cracking. Furthermore, if tried username is not valid, it can be recognised from the communication. (nmap-nse)
Timeline
- CVE Published
- Aug 15, 2019 PoC Published
- Apr 9, 2026 Security Advisory