@mcksysar
I used the python PoC from BishopFox and just added 1 line to get it to crash:
payload += b" clientCapabilities=" + b"A" * 1000
You can do something similar with the Rapid7 PoC, but I had to do a couple of tweaks to get that to work (outlined earlier in my thread here). There's nothing else that needs to be done. Just negotiating the IF-T TLS with a large clientCapabilities value is enough to trigger it.
You should see the "web" binary crash in dmesg output. R2.3 as well.
To get to R2.4 I installed an update PKG, as I couldn't find an R2.4 VM. I suspect Ivanti didn't build one for that version.
=> More informations about this toot | View the thread | More toots from wdormann@infosec.exchange
=> View mcksysar@infosec.exchange profile
text/geminiThis content has been proxied by September (ba2dc).