Skip to content

Commit cf4757a

Browse files
EgeBalciEgeBalci
committed
Update installation steps.
1 parent 9fbfe63 commit cf4757a

File tree

1 file changed

+25
-1
lines changed

1 file changed

+25
-1
lines changed

documentation/modules/exploit/windows/misc/ivanti_avalanche_mdm_bof.md

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,38 @@ The original analysis and the vulnerability discovery is done by the Tenable.
1717
Check [here](https://www.tenable.com/security/research/tra-2023-27) for public advisory.
1818

1919
## Installation
20-
For installing the vulnerable version follow the steps below,
20+
The software requires a version of MSSQL Server to be installed. The installation
21+
instructions use MSSQL Server 2012, but 2016 and 2017 worked for my setup. Ensure that
22+
`SQL Server and Windows Authentication Mode` is selected as the default for
23+
server authentication. This can either be done at installation or via
24+
SQL Server Management Studio, available from https://learn.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms.
25+
26+
1. Open SQL Server Management Studio and connect to the instance
27+
2. Right click on the instance and select `Properties`
28+
3. Click the `Security` page
29+
4. Underneath `Server Authentication`, select `SQL Server and Windows Authentication Mode` and `Ok`.
30+
5. Open SQL Server Configuration Manager -> SQL Server Network Configuration -> Protocols for MSSQLSERVER -> TCP/IP
31+
Change from Disable to Enabled.
32+
6. SQL Server Configuration Manager -> SQL Server Services -> Stop all Services -> Start just the SQL Server (MSSQLSERVER) service.
33+
7. Go back to SQL Server Management Studio.
34+
8. Security -> Logins -> sa -> Right click -> Select Properties -> Status -> Toggle Login to Enabled -> Ok
35+
9. Execute the following SQL statement in SQL Server Management Studio: `ALTER LOGIN sa WITH PASSWORD = 'theSAUser123';`
36+
10. You should now be able to run the installer and set the hostname to `127.0.0.1`,
37+
set the username to `sa`, and the password to `theSAUser123`.
38+
11. Now you can proceed to installing the Ivanti Avalanche MDM software.
39+
40+
For installing the vulnerable Ivanti Avalanche MDM version follow the steps below,
2141
1. To obtain the vulnerable versions of the MDM setup, first create a customer account at
2242
[Ivanti](https://success.ivanti.com/customers/Community_RegStep1_Page?lp=register) (trial license is sufficient)
2343
2. Navigate [here](https://www.wavelink.com/Download-Avalanche_Mobile-Device-Management-Software/)
2444
and download any version **below** `v6.4.1`
2545
3. Follow the installation steps.
2646

2747
After these steps, the MDM service should be accessible on port 1777.
48+
**Note: If MDM port is not listening or unresponsive, try restarting the 'Wavelink Avalanche Manager' service.**
49+
50+
In case the above doesn't work, instructions for installing Ivanti Avalanche can be found
51+
[here](https://forums.ivanti.com/s/article/Best-Known-Method-for-installing-Avalanche-6-x-using-MSSQL-Server-2008-R2-Express-DB-or-2012-Express-Advanced)
2852

2953
## Verification Steps
3054

0 commit comments

Comments
 (0)