Tuesday, November 23, 2010

IIS EXPLOIT HACKING


Hi guyz...

Today I am providing you all a tutorial on how to hack website which are "Powered by IIS"

 1:- Click on START and click on RUN then enter the below code and then press ENTER


%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
2:- A new window name "WEB FOLDER" gets open

3:- Right click and click on New, Add Web Folder then enter your vulnerable website address as show below in the image

Google Dork :- "Powered by IIS"
( I don't know the exact dork , but usually I use this one )

4:- Click on Next , Next , Finish...
Double click on that folder to open it
Bingo...Now u can insert your deface page on that site by simply Copy & Paste in that folder
you deface page will be avaliable at
www.site.com/your defacepage name.html
for eg
http://hbszgl.com/jaguar.html
Note :-a) Also after getting access to the website...Many websites don't allows you to
add/edit your deface page ( Coz Microsoft has already fixed this vulnerability
in many website )...




For windows 7 user
a. Click Start.

b. Click Computer.

c. In the following dialog click Map Network Drive.

d. On the Map Network Drive dialog, click "Connect to a Web site that you can use to store your documents and Pictures" this will pop up the "Welcome to the Add Network Location Wizard".

e. Click on Next.

f. Click on ''Choose a custom network location''.

g. Click on Next.

h. Now type the web folder address that you want to access. For instance:http://www.stscw.com/

i. Enter a NAME to help you identify the web folder and click Next.

j. Place a checkmark on 'Open this network location when I click finish'.

k. Click Finish.

l. To open the web folder next time, just double click on the one you want to open from the My Network Places list.


Note:- REMEMBER SOME SITES U MIGHT GET N ERROR WHILE UPLOADING XYZ.HTML FILE DAT TYM JUS CHANGE THE EXTENSION TO XYZ.HTM
N U CN ALSO DEFACE SOME OF THE WEBSITE USING SHELL
HAVE A LOOK A ONE OF THE UPLOADED SHELLS

http://www.go-africa.net/jaguar.asp;me.jpg

SHELL LINK
http://www.mediafire.com/?pxgxzd3y4xm8g3m

JUST SAVE THE FILE IN

SHELL.ASP;ME.JPG
I have converted and uploaded
Websites to practice:-
http://tinypaste.com/64fe1
Pass:- avisuni.blogspot.com

3 comments:

  1. nice infoooo brooooo bt nt working in windows7

    ReplyDelete
  2. Its tested on windows 7..its working bro...

    ReplyDelete
  3. hey av , its really a gud n usful tut ... n 4 windows 7, u can try dis using "map network drive" vich u see in my comp ..

    ReplyDelete