Sep 27 2011

DotDotPwn - The Directory Traversal Fuzzer.
It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in perl programming language and can be run either under *NIX or Windows platforms.

Official Site: dotdotpwn
Download Link: **From Chatsubo (IN)Security Dark Labs Mirror **
Official E-mail: dotdotpwn@sectester.net

Last version:
DotDotPwn v2.1
Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences 2010)
Release date: 14/Oct/2010 *NON-PUBLIC Version*


DEPRECATED HOW TO, CLICK HERE FOR THE LAST VERSION EBUILD ON PENTOO GITHUB

Preparing the portage tree, more info HERE:

evo ~ # mkdir -p /usr/local/portage/profiles/
evo ~ # echo "Headup Overlay" > /usr/local/portage/profiles/repo_name 
evo ~ # mkdir -p /usr/local/portage/net-analyzer/dotdotpwn/
evo ~ # echo "PORTDIR_OVERLAY=/usr/local/portage" >> /etc/make.conf
evo ~ # cd /usr/local/portage/net-analyzer/dotdotpwn/
evo dotdotpwn #  wget http://headup.sytes.net/zbox/pkfiles/dotdotpwn-2.1.ebuild
evo dotdotpwn # ebuild dotdotpwn-2.1.ebuild manifest
>>> Downloading 'http://www.brainoverflow.org/code/dotdotpwn-v2.1.tar.gz'
--2011-09-27 13:51:42--  http://www.brainoverflow.org/code/dotdotpwn-v2.1.tar.gz
Resolving www.brainoverflow.org (www.brainoverflow.org)... 75.125.156.234
Connecting to www.brainoverflow.org (www.brainoverflow.org)|75.125.156.234|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27478 (27K) [application/x-gzip]
Saving to: `/usr/portage/distfiles/dotdotpwn-v2.1.tar.gz'

100%[==================================================================>] 27,478      33.3K/s   in 0.8s

2011-09-27 13:51:44 (33.3 KB/s) - `/usr/portage/distfiles/dotdotpwn-v2.1.tar.gz' saved [27478/27478]

>>> Creating Manifest for /usr/local/portage/net-analyzer/dotdotpwn
evo dotdotpwn # ll
total 8
-rw-r--r-- 1 root root  398 Sep 27 13:51 Manifest
-rw-r--r-- 1 root root 1478 Sep 27 13:51 dotdotpwn-2.1.ebuild

Searching in our portage tree and portdir overlay:

evo dotdotpwn # emerge dotdotpwn -s
Searching...
[ Results for search key : dotdotpwn ]
[ Applications found : 1 ]

*  net-analyzer/dotdotpwn [ Masked ]
      Latest version available: 2.1
      Latest version installed: [ Not Installed ]
      Size of files: 26 kB
      Homepage:      http://dotdotpwn.blogspot.com
      Description:   The Directory Traversal Fuzzer.
      License:       GPL-3

Preparing and making our system consistent (good practice):

evo dotdotpwn # echo net-analyzer/dotdotpwn ~x86 >> /etc/portage/package.keywords
evo dotdotpwn # echo net-analyzer/dotdotpwn os-detection >> /etc/portage/package.use
evo dotdotpwn # echo perl-core/Switch ~x86 >> /etc/portage/package.keywords
evo dotdotpwn # emerge dotdotpwn -pv

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N    ~] perl-core/Switch-2.160.0  14 kB [0]
[ebuild  N     ] net-analyzer/nmap-5.51  USE="ssl -gtk -lua" 16,474 kB [0]
[ebuild  N     ] perl-core/Time-HiRes-1.97.19  86 kB [0]
[ebuild  N     ] dev-perl/Log-Agent-0.307.0  54 kB [0]
[ebuild  N     ] dev-perl/yaml-0.71  111 kB [0]
[ebuild  N     ] app-portage/g-cpan-0.16.2  28 kB [0]
[ebuild  N    ~] net-analyzer/dotdotpwn-2.1  USE="os-detection" 0 kB [1]

Total: 7 packages (7 new), Size of downloads: 16,765 kB
Portage tree and overlays:
 [0] /usr/portage
 [1] /usr/local/portage

 * IMPORTANT: 4 news items need reading for repository 'gentoo'.
 * Use eselect news to read news items.

And now, we are good to go.... merging....!!!!!!

evo dotdotpwn # emerge dotdotpwn

.......
.......
.......

>>> Emerging (7 of 7) net-analyzer/dotdotpwn-2.1 from Headup-Overlay
 * dotdotpwn-v2.1.tar.gz RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                             [ ok ]

........
........

If you don't have CPAN installed, you will see a lot of lines with CPAN and CPAN Modules installation.... 
Do not worry, just hit enter in every question....

........
........

>>> Unpacking source...

........
........

>>> Install dotdotpwn-2.1 into /var/tmp/portage/net-analyzer/dotdotpwn-2.1/image/ category net-analyzer
>>> Completed installing dotdotpwn-2.1 into /var/tmp/portage/net-analyzer/dotdotpwn-2.1/image/


>>> Installing (7 of 7) net-analyzer/dotdotpwn-2.1

........
........

>>> Recording net-analyzer/dotdotpwn in "world" favorites file.

........
........


 * Messages for package net-analyzer/dotdotpwn-2.1:

 * Package:    net-analyzer/dotdotpwn-2.1
 * Repository: Headup-Overlay
 * USE:        elibc_glibc kernel_linux os-detection userland_GNU x86
 * FEATURES:   preserve-libs sandbox userpriv usersandbox
 * Package:    net-analyzer/dotdotpwn-2.1
 * Repository: Headup-Overlay
 * USE:        elibc_glibc kernel_linux os-detection userland_GNU x86
 * FEATURES:   preserve-libs sandbox userpriv usersandbox
 * nothing to compile
 * Removing /usr/share/info
>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.

 * IMPORTANT: 4 news items need reading for repository 'gentoo'.
 * Use eselect news to read news items.

And now everything is in place, libs and files.

evo dotdotpwn # cd
evo ~ # ll /etc/dotdotpwn/
total 64
-rw-r--r-- 1 root root   606 Sep 27 14:09 AUTHORS.txt
-rw-r--r-- 1 root root  3851 Sep 27 14:09 CHANGELOG.txt
-rw-r--r-- 1 root root  6671 Sep 27 14:09 EXAMPLES.txt
-rw-r--r-- 1 root root 35147 Sep 27 14:09 LICENSE.txt
-rw-r--r-- 1 root root  2490 Sep 27 14:09 README.txt
-rw-r--r-- 1 root root  2964 Sep 27 14:09 USAGE.txt
-rw-r--r-- 1 root root    85 Sep 27 14:09 payload_sample.txt
drwxr-xr-x 2 root root    48 Sep 27 14:09 retrieved_files
evo ~ # ll /usr/bin/dotdotpwn*
lrwxrwxrwx 1 root root   21 Sep 27 14:09 /usr/bin/dotdotpwn -> /usr/bin/dotdotpwn.pl
-rwxr-xr-x 1 root root 9135 Sep 27 14:09 /usr/bin/dotdotpwn.pl
evo ~ # ll `perl -e 'use strict; print map {"$INC{$_}"} keys %INC' | awk '{sub("strict.pm","") ; print }'`/DotDotPwn
total 44
-rw-r--r-- 1 root root 2235 Sep 27 04:32 FTP.pm
-rw-r--r-- 1 root root  796 Sep 27 04:32 File.pm
-rw-r--r-- 1 root root 2134 Sep 27 04:32 Fingerprint.pm
-rw-r--r-- 1 root root 1787 Sep 27 04:32 HTTP.pm
-rw-r--r-- 1 root root 1739 Sep 27 04:32 HTTP_Url.pm
-rw-r--r-- 1 root root 1818 Sep 27 04:32 Payload.pm
-rw-r--r-- 1 root root  527 Sep 27 04:32 STDOUT.pm
-rw-r--r-- 1 root root 2089 Sep 27 04:32 TFTP.pm
-rw-r--r-- 1 root root 9681 Sep 27 04:32 TraversalEngine.pm

And finally.... have fun!!!!!




Here is the complete emerge log file emerge-dotdotpwn.output
Ebuild file dotdotpwn-2.1.ebuild

Thanks to @nitr0usmx and @chr1x for giving us dotdotpwn, and like they said.... Happy fuzzing ! ;)