From fd6a2fa64af756f2132cc523ada641d5ea1e0ce9 Mon Sep 17 00:00:00 2001 From: Jack Heysel Date: Thu, 7 Sep 2023 12:19:11 -0400 Subject: [PATCH] Updated docs --- .../linux/http/ivanti_sentry_misc_log_service.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/documentation/modules/exploit/linux/http/ivanti_sentry_misc_log_service.md b/documentation/modules/exploit/linux/http/ivanti_sentry_misc_log_service.md index 5891b0538d18..69f20b7316a7 100644 --- a/documentation/modules/exploit/linux/http/ivanti_sentry_misc_log_service.md +++ b/documentation/modules/exploit/linux/http/ivanti_sentry_misc_log_service.md @@ -21,7 +21,20 @@ of the `root` user. A vulnerable instance of the software can be downloaded with the following [link](https://mobileironsentry.blob.core.windows.net/mobileironsentrycontainer/sentry-mobileiron-9.12.0-16.vhd) (note the .vhd file is ~34 GB). Once downloaded, import the file into your favorite hypervisor to run the software. -VMware Fusion 12 with the Sentry VM configured with a bridged network adapter worked out of the box for testing the module. +VMware Fusion 12 with the Sentry VM configured with a bridged network adapter worked best for testing. The .vhd file is +configured to run with 256MB of RAM and 1 CPU. When first booted the VM appears to hang with the following message displayed: +``` +Probing EDD (edd=off) ... +``` +By increasing the RAM to somewhere around 8GB and providing more than 1 CPU core the `Probing EDD (edd=off) ...` message +goes away after a couple of seconds and the `EULA` should appear and Sentry configuration will begin. +Inputting defaults for everything should be satisfactory. + +Once finished with the configuration input `show ip route` to get the IP address of the machine. Before running the module +check to ensure the MICS service is up and running by navigating to `https://:8443/` in a browser. If there +is no response, try restarting the VM - this is a +[known issue](https://forums.ivanti.com/s/question/0D54O00006zkSs0SAE/unable-to-contact-mics-service?language=en_US) +that rebooting the VM can resolve. ## Options