Our first post regarding DotDotPwn can be found here. Now, the author has released an update – DotDotPwn version 3.0!
“DotDotPwn is a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It’s written in perl programming language and can be run either under *NIX or Windows platforms. Fuzzing modules supported in this version are – HTTP – HTTP URL – FTP – TFTP – Payload (Protocol independent) – STDOUT”
Changes, enhancements, features in DotDotPwn v3.0:
- -X switch that implements the Bisection Algorithm in order to detect the exact deepness once a directory traversal vulnerability has been found. – http://en.wikipedia.org/wiki/Bisection_method
- -M switch to specify another method different from the default (GET) when the http module is used.
- Other HTTP methods are [POST | HEAD | COPY | MOVE]
- -e switch to specify the file extension to be appended at the end of each fuzz string (e.g. “.php”, “.jpg”, “.inc”)
- New dots & slashes encodings (fuzz patterns) based on: https://www.owasp.org/index.php/Canonicalization,_locale_and_Unicode and http://wikisecure.net/security/uri-encoding-to-bypass-idsips
Supported modules:
- HTTP
- HTTP URL
- FTP
- TFTP
- Payload (Protocol independent)
- STDOUT
The latest we heard about this was when it was last added to the BackTrack framework. DotDotPwn v3.0 was released at the BugCon Security Conference 2012.
Download DotDotPwn v3.0:
DotDotPwn v3.0 – dotdotpwn-v3.0.tar.gz – http://www.intrudefense.com.mx/dotdotpwn-v3.0.tar.gz or http://www.brainoverflow.org/code/dotdotpwn-v3.0.tar.gz
{ 0 comments… add one now }