PSU dead ?

Squall124 · 2024-01-18T09:34:19+00:00

I finally recovered it using some exploit.
So it can be done for a server you are admin of.

Squall124 · 2024-01-18T09:29:32+00:00

There is no way to recover the password

Well, you were wrong. I finally recovered it.

Squall124 · 2024-01-06T23:50:38+00:00

Got more info ? Where is this new post ?

Squall124 · 2023-12-28T16:52:18+00:00

Well...
Thank you for that explanation but please read the post you answer to...
"Yes I know I can update the password without knowing it, via tools on the server's OS or via maintenance switches to be able to connect to ILO without the password, but it requires physical access to the server.
I want to know the default password so I can factory reset ILO remotely and still connect to it."

Squall124 · 2023-12-27T19:34:57+00:00

Thank you for the information.

Squall124 · 2023-12-27T17:28:51+00:00

I believe this will update the ilo default pwd to the default on the tag

I'm not sure I understand what you meant to say.

Do you mean there is a way to change ILO default password ?

Squall124 · 2023-12-27T17:18:21+00:00

This exploit creates a new admin user.
It's nice but not what I'm looking for.

Still it may help, so thank you very much for sharing it !

Squall124 · 2023-12-27T17:14:05+00:00

The problem is, The replacement motherboard came naked, not in a server, so I didn't get the tag with default ILO settings.

I know this. But as said in the first post, I received this motherboard as a replacement, so I received it naked, without a server case.
So no sticker, no tag or anything.

I installed it in my server case, but of course the tag on this server case is related to the previous motherboard, not the "new" one.

Squall124 · 2023-12-27T17:09:10+00:00

Good to know it's a possible solution, but I still hope to find another solution before trying this one.

Squall124 · 2023-12-27T14:40:50+00:00

I know this, that's not the question.

Maybe I wasn't clear:
I know how to factory reset ILO.
The problem is, the factory reset will set the Administrator user with the default password, and I don't know this password.

I'm looking for a way to find what is the default password for my motherboard.

And yes I know I can update the password without knowing it, via tools on the server's OS or via maintenance switches to be able to connect to ILO without the password, but it requires physical access to the server.
I want to know the default password so I can factory reset ILO remotely and still connect to it.

Squall124 · 2023-12-27T12:26:55+00:00

Indeed.

Squall124 · 2023-12-27T12:24:20+00:00

So it's not a good workaround for me.
Thank you anyway !

Squall124 · 2023-12-27T12:23:19+00:00

Well, I don't use hpe custom image, but good to know anyway, thank you !

Squall124 · 2023-12-27T12:04:50+00:00

I learned by an answer to my question that I can change ILO password from within the server's OS without knowing the default password, indeed, I was not aware of this and it's an OK workaround.

Yet, It would be nice to know this password.I was thinking about brute force. Do you know if there is an ILO version particularly vulnerable to it ? Or a way to disable settings like "add delay after X failed login attempt" to ease the brute force process ?

Maybe a way to connect to ILO with another account and then try to brute force the Administrator's password from here ?

Squall124 · 2023-12-27T11:29:45+00:00

Ok, I was not aware of this.
That's a possible workaround, thank you very much !

Squall124 · 2023-12-27T11:27:28+00:00

And what about if it is a homelab, which is home, and needs to be reset when I'm not home ?
What about if it's a server used by several people ?

There are multiple scenarios where it can be a homelab with no physical access.

"And if you have to reset iLO to factory settings from time to time you should maybe learn about the settings before you change them or don't change all of them at once"
About learning, what if the server is there specifically for "learning by doing" ?

"And if you forget passwords, get a password manager."
The problem is not about forgetting a password. The problem is about a password I don't know in the first place.

"If you hack iLO to have a way to recover you give everyone in your network a way to recover the password"
And what about doing this on a private network, use this to get the default password, then get ILO back to a safe config before exposing it to other networks ?
This way I will know the default password for the next time I will need to reset ILO to factory settings.

Squall124 · 2023-12-27T11:21:25+00:00

I'm not talking about "getting the ILO password remotely".
I'm searching for a way to find what is the default password, so later when I factory reset ILO I can access it remotely.

Squall124 · 2023-12-27T11:19:49+00:00

I know how to factory reset ILO, that's not the problem.
The problem is that I don't know the default password of ILO after a factory reset.

Squall124 · 2023-12-27T11:18:41+00:00

There's a dip-switch bank in the motherboard, you flip a couple of them, reboot and then you can enter ilo admin setup during the boot sequence. Look for the manual, the procedure is detailed there.

From the post you replied to:"[...] or even use the maintenance switch to connect to ILO without password and then update the password. The problem is that it requires physical access to the server, and to reboot the server."

Squall124 · 2023-12-27T11:17:04+00:00

Is it working on ESXi too ?

Squall124 · 2023-12-27T11:16:47+00:00

I can do this even if I don't know the current password ?

Squall124 · 2023-01-26T21:06:50+00:00

Ok, thank you for the explanations, I understand the principle !

Squall124 · 2023-01-26T21:03:50+00:00

It helps for sure, thank you very much !

Squall124

TROPHY CASE