From df9f58f34ec9b328e64a57700ad8adf155459c55 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 8 Sep 2016 17:30:39 +0000
Subject: [PATCH] UDP payload and service probe for IPMI (ASF-RMCP) on port 623

---
 nmap-payloads       |  6 ++++++
 nmap-service-probes | 10 +++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/nmap-payloads b/nmap-payloads
index 8e51a01c8..f573fd68f 100644
--- a/nmap-payloads
+++ b/nmap-payloads
@@ -139,6 +139,12 @@ udp 520
   "\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
   "\x00\x00\x00\x00\x00\x00\x00\x10"
 
+# IPMI
+# RMCP Get Channel Auth Capabilities
+udp 623
+  "\x06\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x20\x18"
+  "\xc8\x81\x00\x38\x8e\x04\xb5"
+
 # serialnumberd. This service runs on Mac OS X Server. This probe
 # requests the serial number of another server. In response we expect a
 # packet starting with "SNRESPS:", followed by some data whose purpose
diff --git a/nmap-service-probes b/nmap-service-probes
index 1b5e80a73..932da062d 100644
--- a/nmap-service-probes
+++ b/nmap-service-probes
@@ -5393,7 +5393,7 @@ match imond m|^ERR\r\nERR\r\n$| p/imond fli4l router config/ d/router/
 # <27>Dec 19 17:37:37 inetd\[28433\]: execv /usr/openv/netbackup/bin/bpjava-msvc: No such file or directory
 match inetd m|^<\d+>[A-Z][a-z][a-z] +\d+ \d+:\d+:\d+ inetd\[\d+\]: execv (/[-.\\/\w]+): (\w[\s\w.,-]+)$| p/inetd/ i/failed to exec $1: $2/
 
-match ipmi-rmcp m|^\0\0\0\x02\t\0\0\0\x01\0\0\0\0\0\0\0\0$| p/SuperMicro IPMI RMCP/ cpe:/o:supermicro:intelligent_platform_management_firmware/
+match asf-rmcp m|^\0\0\0\x02\t\0\0\0\x01\0\0\0\0\0\0\0\0$| p/SuperMicro IPMI RMCP/ cpe:/o:supermicro:intelligent_platform_management_firmware/
 
 # Diverse IRC bot
 match ircbot m|^ \r\nSorry, that nickname format is invalid\.\r\r\n$| p/Diverse IRC bot/
@@ -14981,3 +14981,11 @@ ports 1883
 sslports 8883
 
 match mqtt m|^\x20\x02\x00.$|
+
+##############################NEXT PROBE##############################
+# RMCP Get Channel Auth Capabilities
+Probe UDP ipmi-rmcp q|\x06\0\xff\x07\0\0\0\0\0\0\0\0\0\x09\x20\x18\xc8\x81\0\x38\x8e\x04\xb5|
+rarity 9
+ports 623
+
+softmatch asf-rmcp m|^\x06\0\xff\x07\0\0\0\0\0\0\0\0\0\x10|