GHSA-5qfx-g363-pvpg — Vulnetix

GHSA-5qfx-g363-pvpg PUBLISHED

Exploit Intelligence

CVE-2013-4786 Go exploitation tool (github-poc)
CVE-2013-4786 Go exploitation tool (github-poc)
Dumps password hashes from IPMI RPC server, so they can be cracked by external tool such as hashcat. If none is supplied, nselib/data/usernames.lst will be used. The script works by exploiting vulnerability CVE-2013-4786, where in standard communication, attacker can obtain, for every known user, hash containing password, which can be later used for offline cracking. Furthermore, if tried username is not valid, it can be recognised from the communication. (nmap-nse)
Dumps password hashes from IPMI RPC server, so they can be cracked by external tool such as hashcat. If none is supplied, nselib/data/usernames.lst will be used. The script works by exploiting vulnerability CVE-2013-4786, where in standard communication, attacker can obtain, for every known user, hash containing password, which can be later used for offline cracking. Furthermore, if tried username is not valid, it can be recognised from the communication. (nmap-nse)

Timeline

CVE Published
Aug 15, 2019 PoC Published
Apr 9, 2026 Security Advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›