DotDotPwn چیست؟

ابزار DotDotPwn یک fuzzer قدرتمند، منعطف و هوشمند جهت یافتن آسیب پذیری Directory Traversal روی سرورهای HTTP/FTP/TFTP و برنامه های وب CMSs, ERPs, Blogs می باشد. این ابزار با Perl نوشته شده و روی Platform های ویندوز و لینوکس قابل استفاده می باشد.

 

ماژول های Fuzzing که توسط این ابزار پشتیبانی می شوند.

 

    HTTP
    HTTP URL
    FTP
    TFTP
    Payload (Protocol independent)
    STDOUT

 

لینک منبع: https://github.com/wireghoul/dotdotpwn
لایسنس: GPLv2
سازنده: chr1x, nitr0us

 

نمونه دستور:

[email protected]:~# dotdotpwn.pl
#################################################################################
#                                                                               #
#  CubilFelino                                                       Chatsubo   #
#  Security Research Lab              and            [(in)Security Dark] Labs   #
#  chr1x.sectester.net                             chatsubo-labs.blogspot.com   #
#                                                                               #
#                               pr0udly present:                                #
#                                                                               #
#  ________            __  ________            __  __________                   #
#  \______ \    ____ _/  |_\______ \    ____ _/  |_\______   \__  _  __ ____    #
#   |    |  \  /  _ \\   __\|    |  \  /  _ \\   __\|     ___/\ \/ \/ //    \   #
#   |    `   \(  <_> )|  |  |    `   \(  <_> )|  |  |    |     \     /|   |  \  #
#  /_______  / \____/ |__| /_______  / \____/ |__|  |____|      \/\_/ |___|  /  #
#          \/                      \/                                      \/   #
#                               - DotDotPwn v3.0 -                              #
#                         The Directory Traversal Fuzzer                        #
#                         http://dotdotpwn.sectester.net                        #
#                            [email protected]                            #
#                                                                               #
#                               by chr1x & nitr0us                              #
#################################################################################

Usage: ./dotdotpwn.pl -m  -h  [OPTIONS]
    Available options:
    -m  Module [http | http-url | ftp | tftp | payload | stdout]
    -h  Hostname
    -O  Operating System detection for intelligent fuzzing (nmap)
    -o  Operating System type if known ("windows", "unix" or "generic")
    -s  Service version detection (banner grabber)
    -d  Depth of traversals (e.g. deepness 3 equals to ../../../; default: 6)
    -f  Specific filename (e.g. /etc/motd; default: according to OS detected, defaults in TraversalEngine.pm)
    -E  Add @Extra_files in TraversalEngine.pm (e.g. web.config, httpd.conf, etc.)
    -S  Use SSL - for HTTP and Payload module (use https:// for in url for http-uri)
    -u  URL with the part to be fuzzed marked as TRAVERSAL (e.g. http://foo:8080/id.php?x=TRAVERSAL&y=31337)
    -k  Text pattern to match in the response (http-url & payload modules - e.g. "root:" if trying /etc/passwd)
    -p  Filename with the payload to be sent and the part to be fuzzed marked with the TRAVERSAL keyword
    -x  Port to connect (default: HTTP=80; FTP=21; TFTP=69)
    -t  Time in milliseconds between each test (default: 300 (.3 second))
    -X  Use the Bisection Algorithm to detect the exact deepness once a vulnerability has been found
    -e  File extension appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")
    -U  Username (default: 'anonymous')
    -P  Password (default: '[email protected]')
    -M  HTTP Method to use when using the 'http' module [GET | POST | HEAD | COPY | MOVE] (default: GET)
    -r  Report filename (default: 'HOST_MM-DD-YYYY_HOUR-MIN.txt')
    -b  Break after the first vulnerability is found
    -q  Quiet mode (doesn't print each attempt)
    -C  Continue if no data was received from host

طریقه استفاده:

[email protected]:~# dotdotpwn.pl -m http -h 192.168.1.1 -M GET
#################################################################################
#                                                                               #
#  CubilFelino                                                       Chatsubo   #
#  Security Research Lab              and            [(in)Security Dark] Labs   #
#  chr1x.sectester.net                             chatsubo-labs.blogspot.com   #
#                                                                               #
#                               pr0udly present:                                #
#                                                                               #
#  ________            __  ________            __  __________                   #
#  \______ \    ____ _/  |_\______ \    ____ _/  |_\______   \__  _  __ ____    #
#   |    |  \  /  _ \\   __\|    |  \  /  _ \\   __\|     ___/\ \/ \/ //    \   #
#   |    `   \(  <_> )|  |  |    `   \(  <_> )|  |  |    |     \     /|   |  \  #
#  /_______  / \____/ |__| /_______  / \____/ |__|  |____|      \/\_/ |___|  /  #
#          \/                      \/                                      \/   #
#                               - DotDotPwn v3.0 -                              #
#                         The Directory Traversal Fuzzer                        #
#                         http://dotdotpwn.sectester.net                        #
#                            [email protected]                            #
#                                                                               #
#                               by chr1x & nitr0us                              #
#################################################################################

[+] Report name: Reports/192.168.1.1_05-20-2014_08-41.txt

[========== TARGET INFORMATION ==========]
[+] Hostname: 192.168.1.1
[+] Protocol: http
[+] Port: 80

[=========== TRAVERSAL ENGINE ===========]
[+] Creating Traversal patterns (mix of dots and slashes)
[+] Multiplying 6 times the traversal patterns (-d switch)
[+] Creating the Special Traversal patterns
[+] Translating (back)slashes in the filenames
[+] Adapting the filenames according to the OS type detected (generic)
[+] Including Special sufixes
[+] Traversal Engine DONE ! - Total traversal tests created: 19680

[=========== TESTING RESULTS ============]
[+] Ready to launch 3.33 traversals per second
[+] Press Enter to start the testing (You can stop it pressing Ctrl + C)

نکته: با استفاده از ماژول HTTP scan روی هاست 192.168.1.1 عملیات اسکن را با استفاده از GET انجام می دهد.


دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

شانزده − 9 =