Blogger 0day exploit by Shadow008 Detailed Tutorial

Hello readers !! if you are attached with hacking from long a period of time then you must be knowing about Shadow008 (From Pakistan). He just posted a 0day exploit on Blogger DNS Vulnerability.

In this tutorial we will learn how use that 0day exploit in detailed.



Requirements:-

• You must know how to bruteforce sub-domains. If you don't know, learn it from here.


• Dorks to find blogger website or any site pointing to Google server.

So lets begin :-

• Firstly find a blogger website using Google Dorks :- filetype:html intext:powered by blogger inurl:/2012/


• After finding a blogger website, bruteforce the sub-domains.


• If any of the sub-domains is vulnerable to this exploit, then it will look as shown in the image :-

• Then make a account on blogger, if already have one then create a new blog and give the name and url whatever you want.


• After making a new blog, goto Settings >> Publishing >> Add a Custom Domain >> Switch to Advance Setting.


• Then put the vulnerable sub-domain there and save it.

• Then clear all your browser cache, and open the http://blogger.cm/home/ directory.


• Select your blog, which you have created.


• Goto Template >> Revert To Classic Template.


• In Edit Template HTML  box, paste your deface page code.


• Now open the sub-domain again, there must be your deface page :D .

Source :- http://www.hackersmedia.com

This is only for educational purpose. We are not responsible for any type of illegal activity done by you.