DotDotPwn - The Directory Traversal Fuzzer.
It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, and Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in Perl programming language and can be run either under *NIX or Windows platforms.
Official Site: dotdotpwn
Download Link: **From Chatsubo (IN)Security Dark Labs Mirror **
Official E-mail: dotdotpwn@sectester.net
Last version:
DotDotPwn v2.1
Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences 2010)
Release date: 14/Oct/2010 *NON-PUBLIC Version*
DEPRECATED HOW TO, CLICK HERE FOR THE LAST VERSION EBUILD ON PENTOO GITHUB
Preparing the portage tree, more info HERE:
evo ~ # mkdir -p /usr/local/portage/profiles/ evo ~ # echo "Headup Overlay" > /usr/local/portage/profiles/repo_name evo ~ # mkdir -p /usr/local/portage/net-analyzer/dotdotpwn/ evo ~ # echo "PORTDIR_OVERLAY=/usr/local/portage" >> /etc/make.conf evo ~ # cd /usr/local/portage/net-analyzer/dotdotpwn/ evo dotdotpwn # wget http://headup.sytes.net/zbox/pkfiles/dotdotpwn-2.1.ebuild evo dotdotpwn # ebuild dotdotpwn-2.1.ebuild manifest >>> Downloading 'http://www.brainoverflow.org/code/dotdotpwn-v2.1.tar.gz' --2011-09-27 13:51:42-- http://www.brainoverflow.org/code/dotdotpwn-v2.1.tar.gz Resolving www.brainoverflow.org (www.brainoverflow.org)... 75.125.156.234 Connecting to www.brainoverflow.org (www.brainoverflow.org)|75.125.156.234|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 27478 (27K) [application/x-gzip] Saving to: `/usr/portage/distfiles/dotdotpwn-v2.1.tar.gz' 100%[==================================================================>] 27,478 33.3K/s in 0.8s 2011-09-27 13:51:44 (33.3 KB/s) - `/usr/portage/distfiles/dotdotpwn-v2.1.tar.gz' saved [27478/27478] >>> Creating Manifest for /usr/local/portage/net-analyzer/dotdotpwn
Look the files
evo dotdotpwn # ll total 8 -rw-r--r-- 1 root root 398 Sep 27 13:51 Manifest -rw-r--r-- 1 root root 1478 Sep 27 13:51 dotdotpwn-2.1.ebuild
Searching in our portage tree and portdir overlay:
evo dotdotpwn # emerge dotdotpwn -s Searching... [ Results for search key : dotdotpwn ] [ Applications found : 1 ] * net-analyzer/dotdotpwn [ Masked ] Latest version available: 2.1 Latest version installed: [ Not Installed ] Size of files: 26 kB Homepage: http://dotdotpwn.blogspot.com Description: The Directory Traversal Fuzzer. License: GPL-3
Preparing and making our system consistent (good practice):
evo dotdotpwn # echo net-analyzer/dotdotpwn ~x86 >> /etc/portage/package.keywords evo dotdotpwn # echo net-analyzer/dotdotpwn os-detection >> /etc/portage/package.use evo dotdotpwn # echo perl-core/Switch ~x86 >> /etc/portage/package.keywords evo dotdotpwn # emerge dotdotpwn -pv These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild N ~] perl-core/Switch-2.160.0 14 kB [0] [ebuild N ] net-analyzer/nmap-5.51 USE="ssl -gtk -lua" 16,474 kB [0] [ebuild N ] perl-core/Time-HiRes-1.97.19 86 kB [0] [ebuild N ] dev-perl/Log-Agent-0.307.0 54 kB [0] [ebuild N ] dev-perl/yaml-0.71 111 kB [0] [ebuild N ] app-portage/g-cpan-0.16.2 28 kB [0] [ebuild N ~] net-analyzer/dotdotpwn-2.1 USE="os-detection" 0 kB [1] Total: 7 packages (7 new), Size of downloads: 16,765 kB Portage tree and overlays: [0] /usr/portage [1] /usr/local/portage * IMPORTANT: 4 news items need reading for repository 'gentoo'. * Use eselect news to read news items.
And now, we are good to go.... merging....!!!!!!
evo dotdotpwn # emerge dotdotpwn ....... ....... ....... >>> Emerging (7 of 7) net-analyzer/dotdotpwn-2.1 from Headup-Overlay * dotdotpwn-v2.1.tar.gz RMD160 SHA1 SHA256 size ;-) ... [ ok ] ........ ........ If you don't have CPAN installed, you will see a lot of lines with CPAN and CPAN Modules installation.... Do not worry, just hit enter in every question.... ........ ........ >>> Unpacking source... ........ ........ >>> Install dotdotpwn-2.1 into /var/tmp/portage/net-analyzer/dotdotpwn-2.1/image/ category net-analyzer >>> Completed installing dotdotpwn-2.1 into /var/tmp/portage/net-analyzer/dotdotpwn-2.1/image/ >>> Installing (7 of 7) net-analyzer/dotdotpwn-2.1 ........ ........ >>> Recording net-analyzer/dotdotpwn in "world" favorites file. ........ ........ * Messages for package net-analyzer/dotdotpwn-2.1: * Package: net-analyzer/dotdotpwn-2.1 * Repository: Headup-Overlay * USE: elibc_glibc kernel_linux os-detection userland_GNU x86 * FEATURES: preserve-libs sandbox userpriv usersandbox * Package: net-analyzer/dotdotpwn-2.1 * Repository: Headup-Overlay * USE: elibc_glibc kernel_linux os-detection userland_GNU x86 * FEATURES: preserve-libs sandbox userpriv usersandbox * nothing to compile * Removing /usr/share/info >>> Auto-cleaning packages... >>> No outdated packages were found on your system. * IMPORTANT: 4 news items need reading for repository 'gentoo'. * Use eselect news to read news items.
And now everything is in place, libs and files.
evo dotdotpwn # cd evo ~ # ll /etc/dotdotpwn/ total 64 -rw-r--r-- 1 root root 606 Sep 27 14:09 AUTHORS.txt -rw-r--r-- 1 root root 3851 Sep 27 14:09 CHANGELOG.txt -rw-r--r-- 1 root root 6671 Sep 27 14:09 EXAMPLES.txt -rw-r--r-- 1 root root 35147 Sep 27 14:09 LICENSE.txt -rw-r--r-- 1 root root 2490 Sep 27 14:09 README.txt -rw-r--r-- 1 root root 2964 Sep 27 14:09 USAGE.txt -rw-r--r-- 1 root root 85 Sep 27 14:09 payload_sample.txt drwxr-xr-x 2 root root 48 Sep 27 14:09 retrieved_files evo ~ # ll /usr/bin/dotdotpwn* lrwxrwxrwx 1 root root 21 Sep 27 14:09 /usr/bin/dotdotpwn -> /usr/bin/dotdotpwn.pl -rwxr-xr-x 1 root root 9135 Sep 27 14:09 /usr/bin/dotdotpwn.pl evo ~ # ll `perl -e 'use strict; print map {"$INC{$_}"} keys %INC' | awk '{sub("strict.pm","") ; print }'`/DotDotPwn total 44 -rw-r--r-- 1 root root 2235 Sep 27 04:32 FTP.pm -rw-r--r-- 1 root root 796 Sep 27 04:32 File.pm -rw-r--r-- 1 root root 2134 Sep 27 04:32 Fingerprint.pm -rw-r--r-- 1 root root 1787 Sep 27 04:32 HTTP.pm -rw-r--r-- 1 root root 1739 Sep 27 04:32 HTTP_Url.pm -rw-r--r-- 1 root root 1818 Sep 27 04:32 Payload.pm -rw-r--r-- 1 root root 527 Sep 27 04:32 STDOUT.pm -rw-r--r-- 1 root root 2089 Sep 27 04:32 TFTP.pm -rw-r--r-- 1 root root 9681 Sep 27 04:32 TraversalEngine.pm
And finally.... have fun!!!!!
Thanks to @nitr0usmx and @chr1x for giving us dotdotpwn, and like they said... Happy fuzzing! ;)