Sunday, June 26, 2011

hey guyzz today i m giving a simple tutorial on Dot net nuke(DNN) website hacking.as we know DNN websites r having a huge vulnerability of file uploading on the root server so we can easily upload shell and deface the website.




Step 1 : goto google

Step 2:Now enter this dork (this is Dork to find DNN Vulnerable  sites)

   inurl:/Fck/fcklinkgallery.aspx
     
or
     inurl:"/portals/0"

or 

inurl:tabid/176/Default.aspx

these r dorks to find the Portal Vulnerable sites.
Step 3:
now you will get a huge list of DNN websites but the main part it to get a vulnerable website which can be defaced because now very less websites r lest vulnerable othewise this vulnerability issue have been fixed ny dot net nuke.
Step 4:
For example i have got a website .


Step 5: Now Paste after the site url
  this
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Now Site is this : 








so it will look like this (screenshot above)
Note:  if it will show you like this (see screenshot below) its mean site could not be hacked  find another site
 

Now Click on File ( A File On Your Site )
Step 8:Now replace the URL in the address bar with this java Script


javascript:__doPostBack('ctlURL$cmdUpload','')
Step 9:You will Find the Upload Option to upload files on website. Step 10:
Select Root of the website.
Step 11:
Upload your shell  
download from here
After uploading  shell.asp;.jpg
go for your shell  www.yoursite.com/portals/0/yourshellname.asp;.jpg
so you after uploading shell and shell is front of you look like this (screenshot below)









Click on <Dir>...  again and again till you will see admin area



now it will show u admin area where u can upload ur pages to main root directory ie c:/ 
now to replace the original index.html to put ur deface  page, u have to copy the code of deface page nd paste by editing index.html [this will be done in Admin dir]




NOW lets move to the most tricky part of the tutorial, and u can say it is the most intresting part because it is very very difficault to find the website which can allow to upload our shell so , lets do somthing intresting . we can upload images easily on website now follow this simple steps to change the original images of website to our image....;-)..:DD




Step 1:

www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
now select a foder which is containg the image which is on the the front page of 
website. let me take this website for an example:
 



Step 2:


now i found the front image of the website in this portal:


first u save the image with the same name nd format
 
now edit the image as u want it to be shown.

now upload this image to the portal in which it is stored
for ex i have :




step 3:

After selecting the third option, replace the URL bar with below script

javascript:__doPostBack('ctlURL$cmdUpload','')


now u will finde the option to upload

upload ur image nd now goto the main page of the website.

mine is 

lolzzz..... security breacheddd....hahaha.

this trick will work in many sites soo njoyy hacking websitess

thnxx for  reading this tutorial made by Devendra
caution:
1. only for educational purpose .

2. use proxy,vpn. ..in short hide ur ip. :)


0 comments:

Post a Comment