siest way to websites through IIS /vulnerability [TUT]

Well guyzz this is a very sy way to any website. its very old too or u can say its a vulnerability/loop hole in IIS 6orless webservers.



In IIS we can upload the Defaced page on the Vulnerable Server without any Login. It is mostsiest way to any site.


FIRST I WILL DISCUSS THE TUT FOR 7:

1.Click Start.

2.Click Computer.

3.In the following dialog click Map Network Drive SEE D SCREEN SHOT.






4. On the Map Network Drive dialog, click "Connect to a Web site that you can use to store your documents and Pictures" this will pop up the "Welcome to the Add Network Loion Wizard".






5. Click on Next.





6. Click on ”Choose a custom network loion”.





7. Click on Next.

8. Now type the web folder address that you want to access.






9. Enter a NAME to help you identify the web folder and click Next.

10. Place a checkmark on ‘Open this network loion when I click finish’.

11. Click Finish.



and insert your deface page !!



Lets move to second part ie in xp:

STEP 1:Click on Start button and open "RUN".

STEP 2:Now Type this in RUN
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3A-1069-A2D8-08002B30309D}\::{BDDF00-C265-11d0-BCED-00A0C90AB50F}

Now A Folder named "Web Folders" will open.

STEP 3:Now "Right-Click" in the folder and Goto "New" and then "Web Folder".


STEP 4:Now type the name of the Vulnerable site in this. e.g."http://autoqingdao.com/ " and click "Next".

STEP 5:Now Click on "Finish"
STEP 6:Now the folder will appr. You can open it and put any deface page or anything.
STEP 7:I put text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appr in the folder then the is successful but if it don't then the site is not Vulnerable.

these r some vulnerable websites:
http://ayatolahkhamenae.parniansis.com/Cyb3r_dev.htm
http://bahadori1.parniansis.com/Cyb3r_dev.htm

ucan also have fun with thiese ol website may not be vulnerable now coz is fixing the vulnerabilities

http://88pv.com/
http://ckt3.com/
http://ckf3.com/
http://91shengdian.com/
http://85158877.com/
http://jmjiankang.com/
http://liamedia.com
http://byerdental.com/
http://cibits.com/i
http://lycmh.com/
http://py512.com/
http://www.pens-onling.com/
http://www.eichsfeld-gymnasium.de/
http://lytomel.com/
http://lycmh.com/
http://lyship.com/
http://idoubao.com/
http://perfumefocus.com/
http://www.12665.com/
http://www.amlsa.com.mx/
http://qd15.net/
http://qdbin.com/
http://qdiworld.com/
http://ncch56.com/
http://lumjsoft.com/
http://lootom.com/
http://www.shimenxiupin.com
http://www.941sy.com/
http://mohonabd.com/
9913.org
http://960600.com/
http://bmgyy.com/
http://blsfw.com/
shoes.woshivip.com
nishivip.com
http://shanzhaipc.org/
http://www.dataio.com/
http://9e9i.com/
http://www.jxd.cc/
http://baijianvren.com/
http://boenjiaoyu.com/
http://www.hiyi.info/
http://www.fansec.com/
http://www.dspenglian.com/
http://www.cyqxj.com/
http://www.wf-water.com/
http://www.betifull.com/
http://www.sd-eh.com/
http://www.bbs.jhnhotel.com/
http://www.bdk.com/
http://www.duanxinsms.net/
http://www.cytsgx.com/
http://91595.com/
http://8yfs.com/
http://86xjd.com/
http://860110.com/
http://43ing.net/
http://51info.net/
http://www.hi3j.com/
http://www.hljycm.com/
http://www.hnlysy.com/
http://www.hnlongheng.com/
http://www.hnlifes.com/
http://www.icts-mz.com/
http://www.seo.com/
http://www.olybuy.com/
http://hermes-website.com/
http://hermes-replica-handbags.com/
http://hccz.dljyw.com/
http://www.esguolu.com/
http://www.jhe1.com/
http://hbkenmo.com/
http://www.cgfighter.com/
http://hawyzxx.com/
http://gd12611.com/
http://hongxon.com/
http://hqex.net/
http://hao123mw.com/
http://dsdhl.com/
http://bazhouxinwen.com/