Hi Guys,
My predecessor built this incredibly well done, solid website, hardened according to the strictest security requirements, etc. His last email, just before he quit, was:
Additionally,
I'm preparing an admin/root level document that I will use to train him. I
will be giving him my root level permissions and instructing him to change the
password. This will completely lock me out of the system.
Well, we never received this instruction. And I can't get a hold of this guy. And the last time I worked with ASP was back in the 90s. And the last time I worked with IIS was back in the 90s. And the IT department won't give me access to the Production servers. You get the picture.
I have the ability to remote in to the Development servers, and although the dev site is working, I can see that I am way over my head. I'm pretty sure this guy didn't sabotage anything, but it's probably not just a matter of looking up a row in an account table. I looked around the IIS control panel but what THAT going to do?
When I went to /Install/install.aspx I got this error:
Error Installing DotNetNuke
Current Assembly Version: 6.2.2
ERROR: Could not connect to database specified in
connectionString for SqlDataProvider
So I had the IT guys unblock the ip address listed in the connection string. Now I can see it, but I still don't know how to access the content manager part. I need my predecessor to log in as admin, basically, and create another admin account that I can use. But he won't communicate with anyone here. Also, he disabled the Windows authentication on the SQL Server on the dev box, so I assume he did it on the production box as well. Can someone school me on how to write a SQL statement or something that will get me an admin account? Is my only hope to stalk this Ethical Hacker and persuade him to help me? Any help would be greatly appreciated.