IBM HMC / RSA Password Reset Tool (RSApwdSet.vbs)

IBM HMC / RSA are the management interface used in IBM Servers. Simliar to HP Intergrated Lights Out (iLo) and Dell (DRAC)

HMC’s passwords are subject to same security rules as the other passwords and that they need to be changed as per security policy required frequency.

The only way to change RSA/ASM is to logon onto each of the RSA/ASM Device via a Web Browser and configure a different password. This is very time consuming and not a option for a large server fleet. (If you know of another method, Please email me.) Which leaves a HUGE hole in your Security Governance.

I have created RSApwdSet.vbs program to reset the password for the first Login profile of a IBM Remote Supervisor or IBM Advanced System Management.

The program has been secured to work on only authorised subnets and tested on eServer xSeries 360 – Remote Supervisor Adapter I.

“HTML Injection” method used to develop this script. You will need to use Firefox and some other tools to extend the function  of this script to new versions of RSA Passwords..

List of Firefox Plugins:

  • DOM Inspector
  • Tamper Data
  • Web Developer Tool Kit
  • Firebug
  • Chicken Foot
  • Bugmenot

Please share any updates and improvements on this code and provide credit for the code..  🙂


RSApwdSet.vbs

Click to download -> RSAPWDSET3


'____________________________________________________________________________________________________________

'

' Created by Roshan Ratnayake ____________________________________________________________________________________________________________

'

'REVISON HISTORY

'

'	08/10/08		- initial script

'

'____________________________________________________________________________________________________________

'

' TO DO

'

'	- Configure success return error codes

'	- Create GUI

'	- User option to select Login Profile number

'	- Put Supported Subnets into a arrary

'   	- implement subnet mask options for user input to cacluate subnet

'

' USAGE:

'

' CSCRIPT RSApwdSet2.vbs -ip10.1.1.1 -s255.255.255.0 -lUSERID -pwPASSW0RD -pw2PASSW0RD

' Use Option Explicit to avoid incorrectly typing the name of an existing variable or to avoid confusion in code where the scope of the variable is not clear.

'OPTION EXPLICIT

' Constants

' RSA or ASM Login Profile number

CONST strLOGINPROFILEID = 2

'Declare variables

DIM strSupportedSubnet,ip,subnetmask,loginprofile,pw,pw2,compareArrary

' Supported subnets

strSupportedSubnet = ARRAY("10.1.1.1")

'Start Program Excution

HandleCommandLineParameters

CompareSubnet

WSCRIPT.QUIT

SUB CompareSubnet

FOR EACH compareArrary IN strSupportedSubnet

IF compareArrary=Subnet(ip, subnetmask)  THEN

wscript.echo "SUBNET ACCEPTED       : "&Subnet(ip, subnetmask)

SetPassword

END IF

NEXT

END SUB

'Set the RSA or ASM Password

SUB SetPassword

DIM objXMLHTTP, xml

Set xml = CreateObject("Microsoft.XMLHTTP")

xml.Open "GET", "http://"&ip&"", False,"USERID","PASSW0RD"

xml.Send

xml.Open "GET", "http://"&ip&"/private/login.ssi?WEBINDEX="&strLOGINPROFILEID&"&JUNK=1", False,loginprofile,pw

xml.Send

xml.Open "POST", "http://"&ip&"/private/login.ssi?WEBINDEX="&strLOGINPROFILEID&"&JUNK=1", False,loginprofile,pw

xml.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"

xml.Send "USER="&strLOGINPROFILEID&"&OLDID="&loginprofile&"&EMPTYPW=0&userid="&loginprofile&"&authorization=0&passwd="&pw2&"&pw2="&pw2&"&dialback=0&dbnumber=&Screen=%2Fprivate%2Floginprofiles.ssi&JUNK=1"

Set XML=Nothing

END SUB

'Read in command line parameters

SUB HandleCommandLineParameters

IF wscript.arguments.count = 5 THEN

ip=MID(wscript.arguments.item(0),4)

wscript.echo "DEVIC IP              : "& ip

subnetmask=MID(wscript.arguments.item(1),3)

wscript.echo "DEVIC SUBNET MASK     : "&subnetmask

loginprofile=MID(wscript.arguments.item(2),3)

wscript.echo "USERID                : "&loginprofile

pw=MID(wscript.arguments.item(3),4)

wscript.echo "LOGIN PASSWORD        : "&pw

pw2=MID(wscript.arguments.item(4),5)

wscript.echo "NEW PASSWORD          : "&pw2

ELSE

ShowUsage

END IF

END SUB

' Show the help of the program

SUB ShowUsage()

WSCRIPT.ECHO "RSAPWDSET.exe version 0.1"

WSCRIPT.ECHO "Copyright  (C) IBM Corp. 2008. All Rights Reserved."

WSCRIPT.ECHO "Support Email: nosupport@nowhere.com"

WSCRIPT.ECHO "Author: Roshan Ratnayake"

WSCRIPT.ECHO ""

WSCRIPT.ECHO "RSApwdSet resets password for the first Login profile of a IBM Remote Supervisor or IBM Advanced System Management ."

WSCRIPT.ECHO ""

WSCRIPT.ECHO "For security reason this program is restricted to work on selected subnet / ip rage."

WSCRIPT.ECHO " "

WSCRIPT.ECHO "TESTED IBM SERVERS - "

WSCRIPT.ECHO "eServer xSeries 360   - Remote Supervisor Adapter I"

WSCRIPT.ECHO ""

WSCRIPT.ECHO "Usage: RSApwdSet -ip<rsa ip address> -s<subnet mask> -l<rsa login profile> -pw<rsa password> -pw2<new rsa password> -c<check rsa access>"

WSCRIPT.ECHO ""

WSCRIPT.ECHO "INSTRUCTIONS"

WSCRIPT.ECHO ""

WSCRIPT.ECHO "1. Omit the brackets"

WSCRIPT.ECHO "2. Use DOS FOR Command to loop through a text file containing multiple RSA/ASM IP address. "

WSCRIPT.ECHO "      Example: FOR /F tokens=1 %%a in (%IPLIST%) DO RSApwdSet -ip%1 ....,etc"

WSCRIPT.ECHO "      *** GUI will be provided with next version update."

WSCRIPT.ECHO "3. Insure the RSA/ASM Login profile you wish to change is the first Login Profile."

WSCRIPT.ECHO "4. Passwords must contain at least one alphabetic and one non-alphabetic character."

WSCRIPT.ECHO "5. Options: "

WSCRIPT.ECHO ""

WSCRIPT.ECHO "	-ip<rsa ip address>	- The IP address of the RSA or ASM card"

WSCRIPT.ECHO "	-s<subnet mask>		- The subnet mask of your RSA or ASM card"

WSCRIPT.ECHO "	-l<rsa login profile>	- The first RSA or ASM Login user ID"

WSCRIPT.ECHO "	-pw<rsa password>	- The RSA or ASM password"

WSCRIPT.ECHO "	-pw2<new rsa password>	- THe new RSA or ASM password"

WSCRIPT.ECHO "	-c<check rsa access>    - Check RSA passwords, prints the out put after login attempt. (Next version)"

WSCRIPT.ECHO ""

WSCRIPT.ECHO "*** WARINING: RUNING THE SCRIPT MUTLIPLY TIMES USING INCORRECT LOGINPROFILE OR PASSWORD WILL LOCK OUT YOUR RSA/ASM."

WSCRIPT.ECHO ""

WSCRIPT.QUIT

END SUB

FUNCTION Subnet(strAddress, strMask)

INtSubnetLength = SubnetLength(strMask)

Subnet = BINaryTOStrINg(Left(StrINgTOBINary(strAddress), INtSubnetLength) & StrINg(32 - INtSubnetLength, "0"))

END FUNCTION

FUNCTION SubnetLength(strMask)

strMaskBINary = StrINgTOBINary(strMask)

SubnetLength = Len(Left(strMaskBINary, INStr(strMaskBINary, "0") - 1))

END FUNCTION

FUNCTION BINaryTOStrINg(strBINary)

FOR INTOctetPos = 1 TO 4

strOctetBINary = Right(Left(strBINary, INTOctetPos * 8), 8)

INTOctet = 0

INtValue = 1

FOR INtBINaryPos = 1 TO Len(strOctetBINary)

IF Left(Right(strOctetBINary, INtBINaryPos), 1) = "1" THEN INTOctet = INTOctet + INtValue

INtValue = INtValue * 2

NEXT

IF BINaryTOStrINg = Empty THEN BINaryTOStrINg = CStr(INTOctet) ELSE BINaryTOStrINg = BINaryTOStrINg & "." & CStr(INTOctet)

NEXT

END FUNCTION

FUNCTION StrINgTOBINary(strAddress)

objAddress = Split(strAddress, ".", -1)

FOR EACH strOctet IN objAddress

INTOctet = CINt(strOctet)

strOctetBINary = ""

FOR x = 1 TO 8

IF INTOctet Mod 2 > 0 THEN

strOctetBINary = "1" & strOctetBINary

ELSE

strOctetBINary = "0" & strOctetBINary

END IF

INTOctet = INt(INTOctet / 2)

NEXT

StrINgTOBINary = StrINgTOBINary & strOctetBINary

NEXT

END FUNCTION
Advertisements