Monday, 10 March 2014

IIS Exploit

Finding Vulnerable Target

Dork:  inurl:"~r00t.txt"
             intext:"Powered by IIS"


1- Choose any dork and paste on Google

2- Choose any site

Exploiting Target

1- Go to Start>Run

2- Copy and paste this code in the text box

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

3- Click OK

4-Now a window will open. Choose File > New > Web Folder

5-Type the website’s address you want to deface in the text box and Click Next then Finish

6- Now Go to the Web Folder you created In My Computer > My Network Places. Open the Folder Paste your Shell.asp or deface page.

7- Now, to access your shell or to see your Deface Page, just open your browser and type the site name and
your shell name of deface page name like this-

Deface Page