How to create a file 403: Fordibben folder (Ethical Hacking)

Discussion in 'Programming' started by Yoda, Jun 22, 2009.

Thread Status:
Not open for further replies.
  1. Yoda

    Yoda Member

    Joined:
    Jul 28, 2004
    Messages:
    229
    Likes Received:
    0
    Trophy Points:
    16
    Hi Friends,

    This is purely Ethical hacking and it is a test for me. so please help me in this issue. its urgent.

    I want to create a File / Folder in the Web Server that has got vulnerabilities.

    Example host:
    Code:
    http://101.120.27.21/

    Server Type: Microsoft-IIS/6.0
    Server Side: PHP/ASP
    Application Server: PHP
    Web Server: IIS, IIS6


    Note: The website / webserver has got lots of vulnerabilities like Blind SQL Injection, Cross-Site Scripting, PHP Remote File Inclusion, SQL Injection, Stored Cross-Site Scripting, Windows File Parameter Alteration, Link Injection (facilitates Cross-Site Request Forgery), Unencrypted Login Request etc....


    Now I want to create a Folder and remote upload a File under the gulli_database. The "gulli_database" folder is write protected / 403: Forbidden.

    Please help me how to create a Folder and remote upload the file under "gulli_database" directory. Is there any scripts / exploits to bypass the the folder protection and write in the folder.

    please guide me how to go about.

    Exampel URL:
    Code:
    http://101.120.27.21/gulli_database/

    Thanks and Regards
    Yoda
     
  2. ManishSinha

    ManishSinha Addicted to FOSS

    Joined:
    Jan 5, 2008
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Manipal
    Write protected for which user? The user under which IIS is runnning?
     
  3. OP
    OP
    Yoda

    Yoda Member

    Joined:
    Jul 28, 2004
    Messages:
    229
    Likes Received:
    0
    Trophy Points:
    16
    The File and folder should be uploaded remotely. The gulli_database/ is Forbidden / Write Protected for any users. Only admins can write inside the folder. Anonymously I have to bypass it and write into that folder "gulli_database/"

    The "gulli_database" folder is write protected / 403: Forbidden. I tried the http put/mkcol methods but doesnt work. i can view the contents of the directory. there is a guest book "comment" field where scripts can be injected.

    i am connecting to my remote server. webdav is enable but put and mkcol method is disabled. there is also a guest book that is vulnerable to injection.
     
  4. shantanu

    shantanu Active Member

    Joined:
    Dec 7, 2006
    Messages:
    2,784
    Likes Received:
    24
    Trophy Points:
    38
    yoda : try not to press the submit button again & again if your connection goes into a timeout.. :) doublepost removed..
     
  5. OP
    OP
    Yoda

    Yoda Member

    Joined:
    Jul 28, 2004
    Messages:
    229
    Likes Received:
    0
    Trophy Points:
    16
    Now I have the Admin user name and pass of http://101.120.27.21/

    Server Type: Microsoft-IIS/6.0
    Server Side: PHP/ASP
    Application Server: PHP
    Web Server: IIS, IIS6


    Now I need to upload a file from my local system C:\test.txt to http://101.120.27.21/gulli_database/

    First I need to remotely login as admin to the remote webserver and then copy a text file from the local system (C:\text.txt) to the remote folder http://101.120.27.21/gulli_database/

    If I don't login as admin I get "Access Denied" Error Message when I copy a txt file to gulli_database. How to login into remote web server as admin

    What type of connection should I use. Will "Net Use" commands help or should I try thru. FTP / Telnet.

    which method will be sucessfull Net Use commands / Telnet / FTP

    please give me syntax and commands for NET USE commands / FTP / Telnet

    Step 1. Login to remote web server as admin from my Local System
    Step 2. copy C:\text.txt to http://101.120.27.21/gulli_database/ and create a Folder name "Test" under http://101.120.27.21/gulli_database/

    Please guide me in this regard

    Thanks and Regards
    Rafales
     
  6. OP
    OP
    Yoda

    Yoda Member

    Joined:
    Jul 28, 2004
    Messages:
    229
    Likes Received:
    0
    Trophy Points:
    16
    Now I have the Admin user name and pass of http://101.120.27.21/

    Server Type: Microsoft-IIS/6.0
    Server Side: PHP/ASP
    Application Server: PHP
    Web Server: IIS, IIS6


    Now I need to upload a file from my local system C:\test.txt to http://101.120.27.21/gulli_database/

    First I need to remotely login as admin to the remote webserver and then copy a text file from the local system (C:\text.txt) to the remote folder http://101.120.27.21/gulli_database/

    If I don't login as admin I get "Access Denied" Error Message when I copy a txt file to gulli_database. How to login into remote web server as admin

    What type of connection should I use. Will "Net Use" commands help or should I try thru. FTP / Telnet.

    which method will be sucessfull Net Use commands / Telnet / FTP

    please give me syntax and commands for NET USE commands / FTP / Telnet

    Step 1. Login to remote web server as admin from my Local System
    Step 2. copy C:\text.txt to http://101.120.27.21/gulli_database/ and create a Folder name "Test" under http://101.120.27.21/gulli_database/

    Please guide me in this regard

    Thanks and Regards
    Rafales
     
Thread Status:
Not open for further replies.

Share This Page