Reverse Engineering Dell iDRAC 7/8

I came across this project on Github that contains source code for achieving undetectable root + loading of arbitrary code on Dell IDRAC7 & IDRAC8 IPMI/BMC server hardware. Although this doesn't work with previous versions of iDRAC that I've written about (v6), the techniques used to adjust the firmware images are applicable.

This work got plenty of attention: ServeTheHome, The Register and AnandTech all wrote about this BMC vulnerability. Dell's own publication of CVE-2018-15774 and CVE-2018-15776 addresses the affected iDRAC releases and specifically mentions that iDRAC systems should not be publicly available.

Duh.

I won't comment further on this issue since it's already covered well enough in the above links. Just thought I'd mention it here briefly in case someone was looking for ways to take control over their own iDRAC systems.