IPMI is now supported. This method will attempt to dump hashes to vulnerable IPMI servers. By default, a built in user list is used unless specified in which case a user list can be queried from the domain
Successful hash output is written to $PWD\PME\IPMI
| Parameter | Value | Description |
|---|---|---|
| -Domain | Domain | Target domain to grab targets or a user list from |
| -SuccessOnly | N/A | Shows only successful attempts to console |
| -Option | IPMI:DomainUsers | Uses domain users as a user list against IPMI targets |
| -Option | IPMI:admin | Specify a single username to try against IPMI targets |
Standard targeting user the built in user list
PsMapExec -Targets [Targets] -Method IPMI
 (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
Using a list of domain users as a user list, targeting all domain joined systems
PsMapExec -Targets All -Method IPMI -Option IPMI:DomainUsers.png)