Ivanti Sentry MICS Admin Portal Authentication Bypass

This repository provides an operational exploit toolkit for CVE-2023-38035, a critical vulnerability in Ivanti MobileIron systems. The main entry point is the 'mics_hunter.sh' Bash script, which automates the process of discovering, assessing, and exploiting vulnerable MobileIron instances. It leverages the Shodan API to find potential targets, checks for required dependencies, and manages reverse shell payloads using either ncat or a multi_reverse.sh script. The exploitation itself is performed via 'hessian.py', a Python script that interacts with the vulnerable Hessian service endpoint on the target, allowing arbitrary command execution. The toolkit is designed for ease of use, with automated dependency checks and payload delivery, and is intended for penetration testing and educational purposes only. The repository structure is straightforward: 'mics_hunter.sh' (main automation and orchestration), 'hessian.py' (Hessian protocol exploit), 'README.md' (usage and credits), and 'LICENSE' (GPLv3).

This repository contains a Python proof-of-concept exploit for CVE-2023-38035, a critical unauthenticated command injection vulnerability in Ivanti Sentry. The exploit (CVE-2023-38035.py) targets the /mics/services/MICSLogService endpoint exposed over HTTPS on the Ivanti Sentry appliance. By sending a specially crafted Hessian request, the script allows an attacker to execute arbitrary shell commands as the root user on the target system without authentication. The README.md provides technical background, usage instructions, and example commands for downloading and executing a reverse shell payload. The exploit is operational, requiring only the target URL and a command to execute. The main attack vector is network-based, exploiting an exposed HTTPS service. The repository is structured with a single exploit script and a detailed README, and does not rely on any exploit framework.