Home > Security > DotDotPwn - The Directory Traversal Fuzzer
DotDotPwn - The Directory Traversal Fuzzer
Posted on 23 Juni 2011 by c0decstuff
Hell Yes !!!! B-), a few weeks ago, my brother chr1x from CubilFelino Security Labs (published a tool to detect directory traversal vulnerabilities in FTP/HTTP servers. It only relied upon 2 .txt files (databases) with the payloads to be lauched to the target. Then, some cool ideas came into my mind, so, I wrote the c0de from the skratch and in a modular basis, as well as, I included a lot of features/enhacements, but the main change was the pass from being a Checker to a Fuzzer (I c0ded a Traversal Engine for it).
Well, Stay tuned for the public release ;) s00n !! (DotDotPwn v2.0)
Official Website: http://chr1x.sectester.net/toolz/ddpwn/
----------
Release date: 2/Sept/2010 (NON-PUBLIC Version)
Author: nitrØus (nitrousenador@gmail.com)
Changes / Enhancements / Features:
* From Checker to Fuzzer
* Rewritten from the scratch
* Modular architechture (DotDotPwn packages)
* Traversal Engine to automatically create the fuzzing patterns to be sent.
This engine makes all the permutations between the dots and slashes
encodings, iterates the number of deepness passed as argument and finally,
it concatenates the filenames intelligently according to the Operating System
detected (in case of -O switch enabled), otherwise, the engine includes all
the defined file sets (Windows, UNIX and Generic).
* -O switch for Operating System (nmap) and -s switch for service detection
* -f switch available to define a specific file name to retrive
* -U and -P switches to supply specific usernames/passwords
* -d switch to specify the desired deep of traversals
(e.g. deep 3 equals to ../../../)
* -t switch to specify the time in milliseconds between each attemp
* -x switch to specify a different TCP/UDP port than the defaults
* -b switch to break after the first vulnerability is found
* -q switch for quiet mode (doesn't print each attemp in STDOUT)
* Special treatment of Slash/Backslash in filenames in order to have a
correct semantic within each traversal string.
* Improvement in the FTP module to compare against the server's response code
instead of vendor-dependent response message (in compliance with RFC 959 FTP)
* Improvement in the parameter passing
* A cool banner was included ;)
Supported modules:
- HTTP
- HTTP Parameters (url)
- FTP
And as I said before, a picture is worth a thousand words, I post some screenshots ;) .. Enjoy them !
DotDotPwn (Usage)
Traversal Engine (Description)
Traversal Engine (Resources)
Traversal Engine (Working [internals])
OS and Service detection (taken into account in the Traversal Engine for intelligent fuzzing)
HTTP-Params Module (Description)
HTTP-Params Module (Usage)
HTTP-Params Module (Vulnerabilities found)
FTP Module (Vulnerabilities found, quiet mode and retrieved files)
HTTP Module (Vulnerabilities found)
Well, stay tuned on http://chr1x.sectester.net/toolz/ddpwn/ for the public release ;).
Keep Fuzz1ng !!!!!! B
Well, Stay tuned for the public release ;) s00n !! (DotDotPwn v2.0)
Official Website: http://chr1x.sectester.net/toolz/ddpwn/
----------
Release date: 2/Sept/2010 (NON-PUBLIC Version)
Author: nitrØus (nitrousenador@gmail.com)
Changes / Enhancements / Features:
* From Checker to Fuzzer
* Rewritten from the scratch
* Modular architechture (DotDotPwn packages)
* Traversal Engine to automatically create the fuzzing patterns to be sent.
This engine makes all the permutations between the dots and slashes
encodings, iterates the number of deepness passed as argument and finally,
it concatenates the filenames intelligently according to the Operating System
detected (in case of -O switch enabled), otherwise, the engine includes all
the defined file sets (Windows, UNIX and Generic).
* -O switch for Operating System (nmap) and -s switch for service detection
* -f switch available to define a specific file name to retrive
* -U and -P switches to supply specific usernames/passwords
* -d switch to specify the desired deep of traversals
(e.g. deep 3 equals to ../../../)
* -t switch to specify the time in milliseconds between each attemp
* -x switch to specify a different TCP/UDP port than the defaults
* -b switch to break after the first vulnerability is found
* -q switch for quiet mode (doesn't print each attemp in STDOUT)
* Special treatment of Slash/Backslash in filenames in order to have a
correct semantic within each traversal string.
* Improvement in the FTP module to compare against the server's response code
instead of vendor-dependent response message (in compliance with RFC 959 FTP)
* Improvement in the parameter passing
* A cool banner was included ;)
Supported modules:
- HTTP
- HTTP Parameters (url)
- FTP
And as I said before, a picture is worth a thousand words, I post some screenshots ;) .. Enjoy them !
DotDotPwn (Usage)
Traversal Engine (Description)
Traversal Engine (Resources)
Traversal Engine (Working [internals])
OS and Service detection (taken into account in the Traversal Engine for intelligent fuzzing)
HTTP-Params Module (Description)
HTTP-Params Module (Usage)
HTTP-Params Module (Vulnerabilities found)
FTP Module (Vulnerabilities found, quiet mode and retrieved files)
HTTP Module (Vulnerabilities found)
Well, stay tuned on http://chr1x.sectester.net/toolz/ddpwn/ for the public release ;).
Keep Fuzz1ng !!!!!! B
Category Article Security
2 Responses to “c0decstuff”
Total Pageviews
Labels
- Android (1)
- Aplication (14)
- ARP (1)
- Backdoored (2)
- Browser (1)
- Cloud (1)
- Exploitation (1)
- Exploits (7)
- Facebook (2)
- forensics (3)
- Hacking (11)
- Hijacking (1)
- Honeypot (1)
- HTML5 (1)
- ios (2)
- Jailbreak (2)
- Linux (1)
- Malware (5)
- metasploit (2)
- Meterpreter (1)
- Movie (1)
- Networking (1)
- News (2)
- password attack (2)
- Penetration Test (2)
- Python (1)
- reverse engineering (1)
- Rootkits (1)
- Security (12)
- shellcode (2)
- Stuxnet/Duqu (2)
- Uncategories (1)
- Virus (1)
- Vulnerability (8)
- Web (5)
- Wifi (1)
- Windows (5)
Blog Archive
-
▼
11
(51)
-
▼
Jun
(11)
- Passive Analysis of SSH Traffic
- DotDotPwn v2.1 - The Traversal Directory Fuzzer
- DotDotPwn - The Directory Traversal Fuzzer
- mitmproxy
- Tomahawk, your IDS/Firewall Best Friend
- Introducing DOM Snitch, our passive in-the-browser...
- Metasploit 3.7.2 adds 11 new exploits
- IM worm targeting Brazilian Facebook users
- LulzSec Suspect Taken Into Custody
- Creating a 13 line backdoor worry free of A/V
- Searching the Registry using PowerShell
-
▼
Jun
(11)
Friendlist
Security Resources
-
-
-
This feed contains no entries
-
-
-
-
-
-
-
-
-
لو تريد الحصول على افضل خدمات تنظيف وتعقيم خزانات المياه وانت في جدة لا عليك الا ان تقوم بالتواصل مع افضل شركات تنظيف خزانات المياه بجده بجدة التي تستخدم مواد تنظيف وتعقيم اصلية ومعتمدة وعندها ستجد انك وقعت على الاختيار الصحيح وستحصل على خدمات ممتازة لأن اعمال صيانه خزانات المياه بجده متنوعة وتشمل الصيانة الشاملة لخزان المياه خاصتك
وبخصوص اعمال التخلص من الحشرات داخل المنازل فنحن نعتبر افضل شركات مكافحة الحشرات بجدة متخصصة في القضاء على جميع انواع الحشرات الضارة
Dotdotpwn - The Directory Traversal Fuzzer >>>>> Download Now
>>>>> Download Full
Dotdotpwn - The Directory Traversal Fuzzer >>>>> Download LINK
>>>>> Download Now
Dotdotpwn - The Directory Traversal Fuzzer >>>>> Download Full
>>>>> Download LINK YB