Get me outta here!

Saturday, 11 August 2012

Hack Website via DDN (Dot Net Nuke) Exploit.



Note: This tutorial is only for educational purposes and to make site owners aware of the consequences of leaving their site vulnerable to Dot Net Nuke Exploit.I myself do not encourage hacking in any way.


Hello Friends,

                     I am back on my blog after a month or two I think.I was away from the blog due to un-explainable reasons. Well,This time I'll discuss Web-Site Hack and Vulnerabilities.As this is the first time on my blog that you'll all be coming to know about Website Hacking,I would first like to explain to you all that what is site hacking basically and then what are vulnerabilities and much more.So Lets get started.

What is Web-Site Hacking?


Website Hacking is in simple words,Gaining access to a site's database without authorization which is also illegal.The site hacking can be done by finding vulnerabilities into your site's database or structure.The site can be vulnerable from various ways mostly to SQL (Structured Query Language) Injection.A hacker can find vulnerabilities with various Vulnerability Scanning Tools such as Acunetix.

______________________________________________________________________________________________ 


What is a Vulnerability in the Web-Site?


A Vulnerability in other words,means Weakness of the site or the Weak Point in the site.A hacker uses some of the discovered vulnerabilities like SQL,DNN,Symlink,IIS,Various File Uploading Vulnerabilities and many more that you can't even think of.A Elite-Hacker can even discover new vulnerabilties in a site's structure by advanced means.

______________________________________________________________________________________________ 


How to Fix Vulnerability in a Web-Site?


Well,If you really want to fix the vulnerability in your sites,then the best advise I can offer to you is hire a Ethical Hacker or a IT Technician.A Ethical Hacker or the IT Technician would obviously charge you but he'll even ensure you of 100% protection of the site from that specific vulnerability.Such type of Technicians can be even hired online.If you know a friend who is good at those things,then you might be lucky,you won't have to search for him.


Now,Coming to the Point of the Post,Today we'll Learn DNN Hacking or which is even called Portal Hacking.



______________________________________________________________________________________________ 
Below is a small list of Things you'll need in order to hack a site-

1. The right Google Dork.


2. A piece of Javascript Code.


3. An ASP Shell.


4. Your Deface Page. (You might want to show the owner you hacked it,won't ya?)

______________________________________________________________________________________________ 


Now,I'll explain you each Step.


STEP 01 :-
Open Google, type the below Line in it and Hit Enter.

Dork - 

01inurl:/portals/0
02. inurl:/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

STEP 02:-

Put any one of them and you'll come across thousands of results.

Click Photo to Enlarge.

STEP 03:-

Now,Select anyone site and Click on it.When the Page loads,see the address bar.

NOTE: If you Used the first Dork,then you need to change the address of the site from 

"http://SITE.COM/portals/0/etc/etc"
to
"http://SITE.COM/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx"

NOTE: If You used the Second Dork,then you need not to worry.

______________________________________________________________________________________________ 

After changing the URL,You'll come across the Link Gallery of the site which looks like this-

Click the Photo to Enlarge.

NOTE: If you come across a page like the below one,then the site is not vulnerable-

Click the Photo to Enlarge.
______________________________________________________________________________________________ 


STEP 04 :-
Now,By Default,the CHECK MARK of the Link Gallery will be on  "URL (A link to an External Resource)"

Put a Check Mark on the Third Option which is "File (A File on Your Site)"

Click Photo to Enlarge
______________________________________________________________________________________________ 

STEP 05 :-Now,After checking the Third Option,Insert the Below Javascript Code into the address bar of your browser and hit enter.


Javascript :  javascript:__doPostBack('ctlURL$cmdUpload','') 

Note: It is advised that while inserting the above javascript into the address bar of the browser, you TYPE OUT the word "javascript" and then copy the rest of the line which is "__doPostBack('ctlURL$cmdUpload','')" other wise you won't be successful.
______________________________________________________________________________________________ 

STEP 06 :-

Now,After entering the Javascript, a "Upload" Button will come up in the Link Gallery.
Click the Photo to Enlarge.

Now,Browse for your shell in files and then click the "Upload Selected File" and Upload your Shell on the Site.


To Download the ASP Shell, Click Here. (Updated on 28.11.12)

Pass Word of the Compressed File is www.kanishksinghtechy.blogspot.in 
______________________________________________________________________________________________ 

STEP 07 :-Now,After the Upload is successful,to locate your uploaded file,Just follow the below small steps-


1. Open new tab in your browser,type the site address and add the Below piece of line and hit enter-


Line : /portals/0/shellname.asp;.jpg

Where shellname.asp; is the name of your Shell.

For Example :- http://www.site.com/portals/0/shellname.asp;.jpg


After the shell loads successfully,The page will look something like this-

Click the Photo to Enlarge.
______________________________________________________________________________________________ 

STEP 08 :-
Now,If you want to Hack the Site,Click the " <DIR>.. " Button Till You see a ADMIN Directory.Now,Open it and look for files Like "Index.Htm ; Index.html ; Index.php ; Default.htm ; Default.html ; Default.php"
or any other.Click on them and their Codes will open in a New window,Simple Change those Codes with your Deface Page Codes.

______________________________________________________________________________________________ 


How to Find Deface Page Codes?

To Find your Deface Page Codes,Simply Right-Click Open your Deface.Html file with Notepad and Copy all Codes and paste them in the Windows Which asks for HTML Codes.
You can get some Deface Pages online if you want to deface websites.
I Hope You all Liked my post on DNN (Dot Net Nuke Exploit) Hacking.As you've learnt it now,You can even protect your sites against thi vulnerability.


NOTE: Once again a notice to you all that I'll not be held responsible in anyway if this exploit is used for illegal hacking.I myself do no encourage hacking in anyway. 

______________________________________________________________________________________________ 


HOW DO I PROTECT MY SITE AGAINST THIS VULNERABILITY?


This vulnerability only presists in DNN version of v4.5.5 or lower.So Just Update it to higher version like v4.8.2 and Even change the Link of your Link Gallery from FCKlinkgallery to something Other.But please be aware,A Elite Hacker can even track your new Link Gallery Name by means of Footprinting.

______________________________________________________________________________________________ 

-KANISHK SINGH

7 comments:

  1. What is writen in that ASP shell script?? I cant view the read me file..

    ReplyDelete
  2. Step 5 is not successfull.. pleas make it clear

    ReplyDelete
  3. Priyan,

    while you are on the link gallery, put a check mark on "A File On Your Site" and then in the same page, look at its Address Bar, now clear all that is the in address bar and then type "javascript:" (without quotation marks) and then copy "__doPostBack('ctlURL$cmdUpload','')" (without quotation marks) and then hit enter or reload the page, Upload button will appear. Now Upload your shell.

    ReplyDelete
  4. Priyan,

    As of today (28.11.12) I have found mistake in my post and updated it.Thanks for informing this.
    Talking of your problem, I've updated the Archive and the password is written in the comment section of the file (seen on right of the screen in WinRAR).
    The password is -
    www.kanishksinghtechy.blogspot.in

    -Kanishk Singh

    ReplyDelete
  5. Kanishk Step 5 is Still not succsfull :/
    I've Done the step but upload button doesnt Appears

    ReplyDelete
    Replies
    1. The site is probably not vulnerable. As of today, this technique is almost obsolete as almost all versions of DNN are latest and protected against this vulnerability. Most sites with v4.5.5 or lower do not allow the upload of shell files and even if you manage to upload the shells in a .jpg form, it won't open.

      Delete
  6. Really Nice Information,Thank You Very Much For Sharing.
    Web Development Company

    ReplyDelete

Due to the permanent shut down, I rarely visit the blog. Don't expect answers to your queries very soon.
-Kanishk