DNN-DotNetNuke:Shell Upload (Root) Tutorial. [complete guide]
![[Image: 2m4sxtu.jpg]](http://i40.tinypic.com/2m4sxtu.jpg)
So, This tutorial will be talking about what is DNN(DotNetNuke) , And how it is used in web attacks.
What is DNN?
DotNetNuke is an open source platform for building websites based on Microsoft .NET technology.
DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.
DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.
How it's done?
Let's Start:
As most ways of web attack such as SQLi/RFI/LFI.. and more. We use Google Dorks to find a possibly vulnerable webpage to this attack.
We simply search in Google for : " inurl:/tabid/36/language/en-US/Default.aspx " .
Then just open up any website to your liking , and follow the next step.
Now after you've chosen a website,we need to check if the site is at all vulnerable to such attack. and we do that by replacing the :" /tabid/36/language/en-US/Default.aspx " with " /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx " .
If the page is N-O-T vulnerable then you shall get a similar output :
![[Image: 330s2mc.png]](http://i43.tinypic.com/330s2mc.png)
-That means you most likely need to look for another site , or just look for other vulnerabilities such as XSS,RFI,SQL and more. ;)
But, If it is, then you shall get the next output:
![[Image: 153pg6t.png]](http://i43.tinypic.com/153pg6t.png)
Once you do get the whole output, Just pick the "File" Option, Which then you should see the "Root" below it , Under the "File Location".
And then Inside the URL ,Type in the Javascript Code: " javascript :__doPostBack('ctlURL$cmdUpload','') "
*Delete the space after javascript* otherwise you will end up in Google search,and you wouldn't want that.
I won't be going any deep into JS nor the code, But it executes and gives you the ability of uploading a file from your PC\LT.
We simply search in Google for : " inurl:/tabid/36/language/en-US/Default.aspx " .
Then just open up any website to your liking , and follow the next step.
Now after you've chosen a website,we need to check if the site is at all vulnerable to such attack. and we do that by replacing the :" /tabid/36/language/en-US/Default.aspx " with " /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx " .
If the page is N-O-T vulnerable then you shall get a similar output :
-That means you most likely need to look for another site , or just look for other vulnerabilities such as XSS,RFI,SQL and more. ;)
But, If it is, then you shall get the next output:
Once you do get the whole output, Just pick the "File" Option, Which then you should see the "Root" below it , Under the "File Location".
And then Inside the URL ,Type in the Javascript Code: " javascript :__doPostBack('ctlURL$cmdUpload','') "
*Delete the space after javascript* otherwise you will end up in Google search,and you wouldn't want that.
I won't be going any deep into JS nor the code, But it executes and gives you the ability of uploading a file from your PC\LT.
$ Uploading the Shell $
The idea here is to successfully upload the shell, but the problem is with most websites is that they do not allow to upload a .php nor .asp files. Yet you may still try your luck .
You can try these:
Code:
*. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png,
*.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp,
*.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg,
*.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
A good way of using this would be : " yourshell.asp;.jpg "
Shells for use:
Here's a well-known link to download a(n) asp shell(s) : http://www.r57.gen.tr
Good choices of shells would be either c99,c100,r57. really up to you.
You can try these:
Code:
*. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png,
*.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp,
*.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg,
*.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
A good way of using this would be : " yourshell.asp;.jpg "
Shells for use:
Here's a well-known link to download a(n) asp shell(s) : http://www.r57.gen.tr
Good choices of shells would be either c99,c100,r57. really up to you.
How to Upload the Shell?
So, After we've executed the javascript code inside the URL , we've returned to the same looking page, yet this time we have the "Choose From" button, like so :
![[Image: 29vlyt1.png]](http://i41.tinypic.com/29vlyt1.png)
We choose the Shell with the .asp;.jpg or whatever you've made it to be. and then click on the " Upload Selected File " , Then you should see that the shell is uploaded,under the " File Name ".
Now we need to navigate through the website , locate the shell, and open it.
We do that by adding the " /portals/0/ " after the end of the website's url
Like so: http://www.example.com/portals/0/unohex.asp;.jpg.jpg
And you're pretty much done, Then we're redirected to the page where you have full control on the website, all files,data, and in it is up to you do decide what you want to do with it.
In case of defacement? Just locate the index.php or.. home.php like so , and replace it with your own. etc. etc.
We choose the Shell with the .asp;.jpg or whatever you've made it to be. and then click on the " Upload Selected File " , Then you should see that the shell is uploaded,under the " File Name ".
Now we need to navigate through the website , locate the shell, and open it.
We do that by adding the " /portals/0/ " after the end of the website's url
Like so: http://www.example.com/portals/0/unohex.asp;.jpg.jpg
And you're pretty much done, Then we're redirected to the page where you have full control on the website, all files,data, and in it is up to you do decide what you want to do with it.
In case of defacement? Just locate the index.php or.. home.php like so , and replace it with your own. etc. etc.
Labels: Hacking Tutorials, HOW TO, Shell Upload, Vulnerability, Website Hacking
posted by Anuran Barman @ 10:24 PM
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home