DNN vul..?

[c0re]

Hello.
Good time.
Is there a bug from DNN 2018 that can be accessed from the website??

 

[Panam 87]

Hi, there is a couple of known exploits for DNN but they are all pretty old. Screenshot is taken from Exploit-DB.

 

[c0re]

These vulnerabilities do not work on my target

 

[Panam 87]

There's more if you search for DotNetNuke on Exploit-DB. Have you tried them all?

 

[c0re]

Yes. None of them answered on the target ....

 

[Panam 87]

Yes. None of them answered on the target ....

Do you know the target's version? If not, did your scan find anything else? Other framework/software you could exploit? There's no such things as "secured" servers ?

 

[c0re]

Yes.
There is a firewall behind the site?.
The firewall also drops all the requests that come from the scanner.

license.txt
DotNetNuke - http://www.dnnsoftware.com
Copyright (c) 2002-2018
by DNN Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

 

[Panam 87]

I think you may need another attack surface. Any other exposed subdomains?

 

[c0re]

All subdomains use the same version.
What other type of attack do you think works?
I also checked the email service. There was no bug?

 

[Panam 87]

Have you tried scanning the IP directly? Sometimes there's multiple websites on the same server. Some of them may be vulnerable. Also, did you scan using nikto?

 

[c0re]

Yes.
Scanning was also done with different types of scanners.
But behind the system there is both the SOC team and the firewall

 

[Panam 87]

Then, maybe change your initial access? Seems like you know some information about your target. Have you considered spear phishing?

 

[c0re]

Phishing does not work either.
Unfortunately, all external ips are also filtered
When opened with a series of ip

 

[Panam 87]

Is there any other software or open ports you can try leveraging for access? Enumeration is the most important part of a good recon.

 

[c0re]

Exactly.
I scanned all the ports.
I also found the webmail service.
But I also tested it, but it did not have a bug

 

[mectury]

Finally, you need to go to your physical location, not through the computer.

 

[jaroule]

Exactly.
I scanned all the ports.
I also found the webmail service.
But I also tested it, but it did not have a bug

1) Try to get some more data about the company and then use some social engineering tricks and target their employees you can check this post by the way https://xss.pro/threads/58057/

 

[c0re]

I do not have physical access to the organization.
And there is a soc team inside the network

 

[jaroule]

I do not have physical access to the organization.
And there is a soc team inside the network: D

Then Find a Vul/Exploit in the webmail

 

[c0re]

Webmail is a dedicated website