How to Hack websites using IIS exploit | IIS File Upload exploit


How to Hack websites using IIS exploit | IIS File Upload exploit

This tutorial is about website hacking that are working on older versions of IIS server. We will be discussing about what is a IIS server and how to upload deface pages on it.




Q) What is IIS Server ?
A) IIS [Internet Information Service] is a web server developed by Microsoft to use with Mircosoft Operating systems.

How to Use IIS exploit :-

For Windows XP :
1)Go to start the click on run.
2)Copy the folowing code and paste it in run command:-
%WINDIR%EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::     {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
3)Click on ok.
4)A folder named “Web Folders” will open.
5)Right click in the folder and click on “New” and then click on “Web folder”.
6)A dialogue box will open.
7)Enter the url of the vulnerable site and click on next.
8)If no error comes up the sites is vulnerable else try any other siite.
9)After pressing “Next” in step 7 it will ask you to name that web folder, enter any name you want.
10)Open that folder and copy your defaced html page to that folder.
 
For windows 7:
1) Go to My computer >> Right Click >> Select “Add a Network Location” .
2) Click on “Next” >> Choose the first option in the next screen >> Click “Next “.
3) Now enter the URL of the Vulnerable Site and Click on “Next” .
4) Now you will see a folder with name of that site, Open that folder and upload that file.

The link to your defaced page will be like “”http://vulnerablesite.net/mypage.html”" 
where mypage.html is the defaced page i uploaded.


Dork : “Powered By IIS ”
Search this dork in google to search for vulnerable sites.
Some Vulnerable site:-
z6.cn
derakhshan.parniansis.com
ebnesina.parniansis.com
emkhaleghiyeyzd.parniansis.com

Comments

Post a Comment

Popular posts from this blog

HACK GMAIL ACCOUNTS : GMAIL HACKER

Image
This tutorial is for education purpose try at you own risk                  This software will hack Gmail accounts. All you need is a bit of social engineering. Just follow the steps below: 1. Extract the RAR archive in a separate folder. 2. Run Gmail Hacker Builder.exe file on your computer. 3. Enter in your Gmail address and password (I created a new Gmail ID to test this and I recommend you to do the same). Hit on Build. Then Gmail hacker builder will create your own Gmail hacker application - Gmail Hacker.exe file which you can use to hack gmail password. 4. Now, send this Gmail Hacker.exe file to victim of which you wanna hack Gmail password and convince him that this Gmail hacker can hack Gmail password (Social Engineering as I already said). 5. Ask him to run Gmail Hacker.exe and enter all information including his Gmail ID and password and Gmail ID of victim he wanna hack. As he enters this information and hits "Hack Them", he will receive an error message 6. You
Read more

HACK HOTMAIL ACCOUNTS : HOTMAIL HACKER

Image
This Tutorial is for education purpose only.If any visitor visit this and if they gonna try this try at your own risk.                     I had previously discussed about  Gmail Hacker  to hack Gmail accounts. Likewise, this software can hack Hotmail accounts. Just follow the steps below: 1. Extract the RAR archive in a separate folder. 2. Run Hotmail Hacker Builder.exe file on your computer. 3. Enter your email address, password and subject of email you wanna receive. I suggest you to create a new email ID for this. You can use Gmail or Yahoo but avoid using Hotmail account. This email will contain the password you wanna hack. Also select appropriate smtp server address. The default smtp server address 587 is of gmail. You can google for smtp server addresses or can find it  here . Also, write a fake error message to display on the screen or leave it default. 4. Click on "Build". This will create your own Hotmail hacker in Hotmail hacker folder. 5. Now, send this Hot
Read more

How to Test Suspicious Links Before Clicking Them

Links can be compared to a mystery box: you never know what lies there until you open it. A wise person should treat links with caution. One never knows the rabbit hole a link could lead to. Caution is of utmost importance. Well, as an internet user, you can’t completely steer clear of links. You see them every day, and quite frankly, they’re enticing you to click. If you ever find a link suspicious, there are a few ways to test it: Hover over hyperlinks If you are don't know a hyperlink is secure or not, then hover the mouse cursor over the text to uncover the address. Then you can click later, if the address is legitimate. Note that phishing scams links use domain names which are similar to legitimate sites. Observance is the key to catching any frauds. For example, a phishing scam targeting this website may use something like  www.abc-hack-news.com , which appears similar to the real thing. It’s actually  www.latesthackingnews.com . Note the differences. Hovering over hy
Read more