Posted by : Muhammad Haseeb Javed Wednesday, June 29, 2011


In IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is most Easiest  way to Hack any site.

STEP 1: Click on Start button and open "RUN".

STEP 2: Now Type  this in RUN
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}


Now A Folder named "Web Folders" will open.


STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".


STEP 4: Now type the name of the Vulnerable site in this. e.g." http://autoqingdao.com/ " and click "Next".

STEP 5: Now Click on "Finish"

STEP 6: Now the folder will appear. You can open it and put any deface page or anything.

STEP 7: I put  text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.


.
Now to view the uploaded site i will go to "http://autoqingdao.com/securityalert.txt"
In your case it will be " www.[sitename].com/[file name that you uploaded] "

{ 5 comments... read them below or Comment }

  1. how can we find IIS vulnerability?

    is there any dork exist which helps us for this?

    ReplyDelete
  2. hey i wrote the code in run..but where is the webfolders????m usin win7

    ReplyDelete
  3. @Indrajeet: Win 7 is a bit probelm i cnt find this folder myself. bt will let u know

    ReplyDelete
  4. ohh, sks ...
    In windows 7 u cannot create web folders the same way u do it on the older versions of windows.
    Computer -> Right Click -> Add a network location
    BTW using this security hole on IIS, it's lame.

    Don't be evil

    ReplyDelete
  5. This aint hacking. as for the vulnerability, welll every site that allows anonymous uploads is vlnerable, so this aint hacking at all. You are jsut uploading something to the public ftp

    ReplyDelete

Popular Post

Labels

- Copyright © _.:Learn To Hack:._ :: Hacking Tutorials :: Warez -Metrominimalist- Powered by Blogger - Designed by Johanes Djogan -