Thursday, November 4, 2010

[TUT]Hack Website Using DNN + shell uploading

[TUT]Hack Website Using DNN [Dot Net Nuke] Exploit WITH SHELL UPLOADING
Part 1
Note:- Only for educational purpose
Using google DORK try to find the vulnerable website.





inurl:"Fck/fcklinkgallery.aspx" (for all the sites)


inurl:"Fck/fcklinkgallery.aspx" site:{domain of site} (for specified attack)

You can also modify this google dork according to your need & requirement

I have found these 2 website vulnerable to this attack:

N00bs can also try both of these websites for testing purpose.

Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
For e.g. in case of
.the image is located at location-
Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is
Now here is the exploit
Step 1
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
Step 2
After selecting the third option, replace the URL bar with below script

After running this JAVA script, you will see like this

Know remember if theimage is directly in following format
Then just click on choose file and upload it….
But if it is other format like ours…our image is in following format
That mean the image is stored in image folders so just click on file location first and select images
And then put the script and then upload
Now remember if you want to change the image first name the image you want to upload with the uploaded image
For eg if I want to upload the image I will name it to hea2d.gif
And then upload it
Note:- we are doing this only for educational purpose…we don’t want to attack on any ones income pls take the backup of the image you will be changing…so that after learning you can upload the original image back….thnks

Part  II
Uploading the shell
In this part you will learn how to upload the shell so dat u can deface the site
Note:- only for educational purpose
All step are same till step 2..
Just download this shell n upload it
after uploading the shell. To open the shell open in this format;me.jpg
you will see like this
For video TUT visit
Now comes the shell uploading part

All parts are the same...Just where you upload image upload the asp shell in shell.asp;me.jpg format

Shell link

So when the shell is uploaded your shell link will be something like this
Another fun part download the apsxsyp shel from here
Upload this shell using the shell we uploaded first.. Now this shell link will be
Default password for shell is admin


  1. thnxxxx a lot av ..... dnn se shell upload kar sakte hai muje to malum hi nahi tha .. thnxxxx yaar ...

  2. I found a site with a vulnerability where i can upload only .pdf and .doc files. I need a shell matching this need. Renaming the above shell to .pdf or .doc and uploading does not work. Where can i get a shell with .doc or .pdf extension?...please help

  3. it all fake not work we can not load php filessssssssss

  4. "it all fake not work we can not load php filessssssssss"
    You can u jus have to use ur brain to upload jus upload ur shell in image format n upload ur php files

  5. AV plz tell me why "javascript:__doPostBack('ctlURL$cmdUpload','') " doesnt work for me? i put it in url but it doesnt give me browse option. why is it so??

  6. @^^ Which browser are you using?

  7. @^^ then the site may be patched

  8. after uploading shell in jpg format when i tried to open it.. its some thng lok lyk a imag but shell doesnt runs why this was so?? ans plzz

  9. shell link don't work Please Re Upload