{% hint style="success" %}
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
If you enter as administrator in DNN it's easy to obtain RCE.
A SQL console is accessible under the Settings page where you can enable xp_cmdshell and run operating system commands.
Use these lines to enable xp_cmdshell:
EXEC sp_configure 'show advanced options', '1'
RECONFIGURE
EXEC sp_configure 'xp_cmdshell', '1'
RECONFIGUREAnd press "Run Script" to run that sQL sentences.
Then, use something like the following to run OS commands:
xp_cmdshell 'whoami'In Settings -> Security -> More -> More Security Settings you can add new allowed extensions under Allowable File Extensions, and then clicking the Save button.
Add asp or aspx and then in /admin/file-management upload an asp webshell called shell.asp for example.
Then access to /Portals/0/shell.asp to access your webshell.
You can escalate privileges using the Potatoes or PrintSpoofer for example.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.