Step 1 : goto google
Step 2:Now enter this dork (this is Dork to find DNN Vulnerable sites)
inurl:/Fck/fcklinkgallery.aspx
or
or
inurl:"/portals/0"
or
inurl:tabid/176/Default.aspx
these r dorks to find the Portal Vulnerable sites.
Step 3:
now you will get a huge list of DNN websites but the main part it to get a vulnerable website which can be defaced because now very less websites r lest vulnerable othewise this vulnerability issue have been fixed ny dot net nuke.
Step 4:
For example i have got a website .
Step 5: Now Paste after the site url
this
this
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Now Site is this :
so it will look like this (screenshot above)
Note: if it will show you like this (see screenshot below) its mean site could not be hacked find another site
Now Click on File ( A File On Your Site )
Step 8:Now replace the URL in the address bar with this java Script
javascript:__doPostBack('ctlURL$cmdUpload','')
Step 9:You will Find the Upload Option to upload files on website. Step 10:Select Root of the website.
Step 11:
Upload your shell download from here
After uploading shell.asp;.jpg
go for your shell www.yoursite.com/portals/0/yourshellname.asp;.jpg
so you after uploading shell and shell is front of you look like this (screenshot below)
Click on <Dir>... again and again till you will see admin area
now it will show u admin area where u can upload ur pages to main root directory ie c:/
now to replace the original index.html to put ur deface page, u have to copy the code of deface page nd paste by editing index.html [this will be done in Admin dir]
NOW lets move to the most tricky part of the tutorial, and u can say it is the most intresting part because it is very very difficault to find the website which can allow to upload our shell so , lets do somthing intresting . we can upload images easily on website now follow this simple steps to change the original images of website to our image....;-)..:DD
Step 1:
www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
now select a foder which is containg the image which is on the the front page of
website. let me take this website for an example:
Step 2:
now i found the front image of the website in this portal:
first u save the image with the same name nd format
now edit the image as u want it to be shown.
now upload this image to the portal in which it is stored
for ex i have :
now upload this image to the portal in which it is stored
for ex i have :
step 3:
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
now u will finde the option to upload
upload ur image nd now goto the main page of the website.
mine is
mine is
lolzzz..... security breacheddd....hahaha.
this trick will work in many sites soo njoyy hacking websitess
thnxx for reading this tutorial made by Devendra
this trick will work in many sites soo njoyy hacking websitess
thnxx for reading this tutorial made by Devendra
caution:
1. only for educational purpose .
2. use proxy,vpn. ..in short hide ur ip. :)
Responses
0 Respones to "website hacking: Dot net nuke (DNN) vulnerability [TUT]"
Post a Comment