Today I will be teaching a way to exploit very common a vulnerability and upload your shell and/or deface page to a Microsoft IIS 6.0 based website.
What you will need:
A windows machine.
Basic knowledge of shells.
A Microsoft/IIS 6.0 website with WebDAV enabled.
An ASP shell. - http://www.[removed].com/?d=YU209ET7 << Download link for the shell. (Do not even try a PHP shell, it won't work. You can use your ASP shell to upload your PHP shell after though.)
This is how to perform the exploit in Windows 7:
Click start > Computer.
You will see this page: http://img851.imageshack.us/i/iis1.png/[/img]
Next you will want to click "Map network drive", it has been circled in the picture above.
Now a window will pop-up, it should look like this: http://img638.imageshack.us/i/iis2.png/
As you can see again. I have circled what needs to be clicked. So click on that then a window will come up asking you to click "Next", do so. After you have clicked the "Next" button, you should see this: http://img850.imageshack.us/i/iis3.png/
You will need to highlight/click that folder I circled, then hit the "Next" button once again. It should redirect you to this page: http://img21.imageshack.us/i/iis4.png/[/img]
I put "www.vulnerablesite.com" as an example. You have to type in "http://vulnerablesite.com" otherwise it will not work. It requires HTTP, not WWW. You will receive an error unless you use HTTP (once again, http://vulnerablesite.com)
Hit the "Next" button again, then it should come up with the site name with the output "vulnerablesite.com", you can name it whatever you like, this is what I put:http://img130.imageshack.us/i/iis5.png/
Except I changed it to "IIS 6.0 Exploit for HF - Phizo".
It doesn't matter what you put, just make sure you remember it.
Make sure the box is ticked (open when finished) then go ahead and hit finish.
Okay, we've exploited the website. Now we want to upload our files to the website. A new window has just opened, as you can see, we're connected to the websites files, however we're not aloud to view the files as we're unauthorized. No matter, we can still upload our shells and what other files we would like to upload.
Okay, I don't think I will need to put any pictures in this one, it's that simple. Follow my instructions:
#1 - Open the directory of where your ASP shell is (example: desktop, documents, or custom folder). Your ASP shell should have a name similar to "shell.asp;anything.jpg".
#2 - Drag your ASP shell from your custom folder into the website folder we just exploited. It should just go straight in there with no problems.
Tada! We have successfully uploaded our shell! Now all we have to do is go to: http://vulnerablesite.com/shell.asp;anything.jpg.
I hope this helps.
©2011, copyright BLACK BURN
What you will need:
A windows machine.
Basic knowledge of shells.
A Microsoft/IIS 6.0 website with WebDAV enabled.
An ASP shell. - http://www.[removed].com/?d=YU209ET7 << Download link for the shell. (Do not even try a PHP shell, it won't work. You can use your ASP shell to upload your PHP shell after though.)
This is how to perform the exploit in Windows 7:
Click start > Computer.
You will see this page: http://img851.imageshack.us/i/iis1.png/[/img]
Next you will want to click "Map network drive", it has been circled in the picture above.
Now a window will pop-up, it should look like this: http://img638.imageshack.us/i/iis2.png/
As you can see again. I have circled what needs to be clicked. So click on that then a window will come up asking you to click "Next", do so. After you have clicked the "Next" button, you should see this: http://img850.imageshack.us/i/iis3.png/
You will need to highlight/click that folder I circled, then hit the "Next" button once again. It should redirect you to this page: http://img21.imageshack.us/i/iis4.png/[/img]
I put "www.vulnerablesite.com" as an example. You have to type in "http://vulnerablesite.com" otherwise it will not work. It requires HTTP, not WWW. You will receive an error unless you use HTTP (once again, http://vulnerablesite.com)
Hit the "Next" button again, then it should come up with the site name with the output "vulnerablesite.com", you can name it whatever you like, this is what I put:http://img130.imageshack.us/i/iis5.png/
Except I changed it to "IIS 6.0 Exploit for HF - Phizo".
It doesn't matter what you put, just make sure you remember it.
Make sure the box is ticked (open when finished) then go ahead and hit finish.
Okay, we've exploited the website. Now we want to upload our files to the website. A new window has just opened, as you can see, we're connected to the websites files, however we're not aloud to view the files as we're unauthorized. No matter, we can still upload our shells and what other files we would like to upload.
Okay, I don't think I will need to put any pictures in this one, it's that simple. Follow my instructions:
#1 - Open the directory of where your ASP shell is (example: desktop, documents, or custom folder). Your ASP shell should have a name similar to "shell.asp;anything.jpg".
#2 - Drag your ASP shell from your custom folder into the website folder we just exploited. It should just go straight in there with no problems.
Tada! We have successfully uploaded our shell! Now all we have to do is go to: http://vulnerablesite.com/shell.asp;anything.jpg.
I hope this helps.
©2011, copyright BLACK BURN