Subverting your server through its BMC: the HPE iLO4 case

Presented at REcon Brussels 2018, Feb. 4, 2018, 3 p.m. (60 minutes).

iLO is the server management solution embedded in almost every HP servers for more than 10 years. It provides every feature required by a system administrator to remotely administer a server without having to reach it physically. Such features include power management, remote system console, remote CD/DVD image mounting, as well as many monitoring indicators. We’ve performed a deep dive security study of HP iLO4 (known to be used on the family of servers HP ProLiant Gen8 and ProLiant Gen9 servers). Our talk aims at covering the following points: Firmware unpacking and memory space understanding GreenHills OS Integrity internals: kernel object model virtual memory process isolation Review of exposed attack surface: www, ssh, etc. Vulnerability discovery and exploitation Demonstration of a new exploitation technique that allows to compromise the host server operating system through DMA.


Presenters:

Links:

Similar Presentations: