HMAC(User Password + Server SID + Server Random + Client Random + Privilege Level + Username)
Because the hashing algorithm is weak, the password is the only real defense. A 16-character, complex, randomly generated password effectively renders the brute-force attack infeasible for the average attacker, even with the weak hashing algorithm. ipmi hash crack
The salt and hash are concatenated to form the stored password hash. HMAC(User Password + Server SID + Server Random
Hashcat is the heavy lifter for GPU cracking. IPMI hashes are supported in Hashcat via mode 7300 (IPMI2 RAKP). ipmi hash crack