Script http-hp-ilo-info

Script types: portrule
Categories: safe, discovery
Download: https://svn.nmap.org/nmap/scripts/http-hp-ilo-info.nse

Script Summary

Attempts to extract information from HP iLO boards including versions and addresses.

HP iLO boards have an unauthenticated info disclosure at <ip>/xmldata?item=all. It lists board informations such as server model, firmware version, MAC addresses, IP addresses, etc. This script uses the slaxml library to parse the iLO xml file and display the info.

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

• nmap --script hp-ilo-info -p 80 <target>
  

• nmap --script hp-ilo-info -sV <target>
  

Script Output

PORT   STATE SERVICE
80/tcp open  http
| ilo-info:
|   ServerType: ProLiant MicroServer Gen8
|   ProductID: XXXXXX-XXX
|   UUID: XXXXXXXXXXXXXXXX
|   cUUID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
|   ILOType: Integrated Lights-Out 4 (iLO 4)
|   ILOFirmware: X.XX
|   SerialNo: ILOXXXXXXXXXX
|   NICs:
|     NIC 1:
|       Description: iLO 4
|       MacAddress: 12:34:56:78:9a:bc
|       IPAddress: 10.10.10.10
|       Status: OK
|     NIC 2:
|       Description: iLo 4
|       MacAddress: 11:22:33:44:55:66
|       IPAddress: Unknown
|_      Status: Disabled

Requires

• http
• slaxml
• stdnse
• shortport

---

Author:

• Rajeev R Menon

License: Same as Nmap--See https://nmap.org/book/man-legal.html