IIS Exploit - Easiest way to deface Website [Windows XP]

IIS Exploit မွာ Vulnerable ရွိေနတဲ ့Server ေတြကို Shell Upload လုပ္တာတို ့ Deface page တင္တာတို ့စတာေတြ လုပ္ဖို ့အတြက္ အဲ ့ Server ေတြကို Login ၀င္စရာ မလိုပါဘူး။
ဒါကေတာ့ အလြယ္ကူဆံုး website တစ္ခုကို hacked လုပ္တဲ ့နည္းပဲျဖစ္ပါတယ္။

STEP 1: Click on Start button and open "RUN".

STEP 2: Now Type this in RUN

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

Now A Folder named "Web Folders" will open.

STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".

STEP 4: Now type the name of the Vulnerable site in this.
e.g." http://autoqingdao.com/ " and click "Next".

STEP 5: Now Click on "Finish"

STEP 6: Now the folder will appear. You can open it and put any deface page or anything.

STEP 7: I put text file in that folder. Named "c99.php" (you can put a txt or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.

ဒါဆိုရင္ေတာ့ Vulnerable ရွိတဲ ့ site မွာ shell upload လုပ္ပီးသြားျပီ ျဖစ္ပါတယ္။
ဥပမာ အားျဖင့္ေတာ့ "http://autoqingdao.com/c99.php" ဆိုတာမ်ိဳးေပါ့။

" www.[sitename].com/[file name that you uploaded] " ဆိုတဲ ့ format မ်ိဳးကို မွတ္သားထားရင္ေတာ့ ကိုယ္ upload လုပ္ထားတဲ ့shell ကို အလြယ္တကူ ျပန္ရွာႏုိင္မွာျဖစ္ပါတယ္။

.:: Note ::.

Window XP မွာပဲအသံုးျပဳလို ့ရတယ္ဆိုတာ သတိေပးပါရေစ။

ေအာက္မွာေတာ့ IIS အလုပ္လုပ္တဲ့ ဆိုဒ္ တစ္ခ်ိဳ ့ကို test လုပ္ခ်င္သူမ်ားအတြက္ ရွာေဖြ စုေဆာင္းေပးလိုက္ပါတယ္။

http://ayatolahkhamenae.parniansis.com/

http://bahadori1.parniansis.com/

http://beheshti.parniansis.com/

http://beheshti1.parniansis.com/

http://bentolhoda1.parniansis.com/

http://bitaraf.parniansis.com/

http://derakhshan.parniansis.com/

http://derakhshan1.parniansis.com/

http://derakhshan2.parniansis.com/

http://derakhshan3.parniansis.com/

http://ebnesina.parniansis.com/

http://emamali.parniansis.com/

http://emkhaleghiyeyzd.parniansis.com/