Hack Websites Using DNN (DotNetNuke) Method!!

By: R3dRyD3r on 5:56 PM
What is DNN (Dot Net Nuke) ?

DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.
Now Let's Hack a Website Using DNN Exploit...!!!
DNN Exploitation
1- First go to google.com search page and use this following dork to find vulnerable site.

Dork :    inurl:home/tabid/36/language/en-US/Default.aspx

another dorks you can use

 inurl:fcklinkgallery.aspx
inurl:/portals/0

 2- find a vulnerable site and delete everything after http://www.yourvulnerablesite.com/ and paste this :
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

 it will look something like this 
















3-Now there are 2 possibilities

 if u get Link Gallery url select then site is not vulnerable , see the image below












and If you get Like shown in below image then target is vulnerable











4- ok now if u find a vulnerable site move to next step

5-now u can see 3 options there and we need to select “File in your site”.

6- now after selecting it we need to use a javascript code. For that we need to use that browser which supports javascript. So i will use Opera Mini
we need to choose file location as root

clear everything written on browser url and paste the below javascript

 j a v a s c r i p t:__doPostBack('ctlURL$cmdUpload','')

 { remove spaces between " j a v a s c r i p t" word }

 7- now as u can see in the picture below, we will get the option to upload file














8- U CANT UPLOAD UR SHELL DIRECTLY IN .php FORMAT AND NOT EVEN U CAN DO ANYTHING BY UPLOADING TO .php;.jpg

 9- so for this purpose we need to upload special type of shell which is coded in asp. Download the shell link below:-

 CLICK HERE

FOR MORE ASP SHELLS goto www.sh3ll.org

10- after downloading u need to upload the shell in the same extension. dont change the extension and now upload it

11- after uploading u can access ur shell by going to this address
http://www.yoursite.com/portals/0/yoursh...e.asp;.jpg

 12- now u can see same as in the image below











13- now click <DIR> ... till u find admin

14- now u can edit and can rape the site.

 Thanx To Sam for This Tutorial

If You Have any Question or Problem Simply Just Comment Below Or :



Labels:

1 comment :

Subscribe to: Post Comments ( Atom )