In IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is the one of the most Easiest way to Hack any of the web site.
STEP 1: Click on Start button and open "RUN".
STEP 2: Now Type this in RUN:
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
A Folder named "Web Folders" will be opened then
STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".
STEP 4: Now type the name of the Vulnerable site in this. e.g." http://autoqingdao.com/ " and click "Next".
STEP 5: Now Click on "Finish"
STEP 6: Now the folder will appear. You can open it and put any deface page or anything.
STEP 7: I put text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.
Now to view the uploaded site i will go to "http://autoqingdao.com/securityalert.txt"
In your case it will be " www.[sitename].com/[file name that you uploaded] "
I'm personally a big fan of hackworldblog blog. Thanks for sharing this post.
ReplyDeleteclipping path service