Open In App

DotDotPwn – Directory Traversal Fuzzer Tool in Linux

Improve
Improve
Like Article
Like
Save
Share
Report

Directories in the Web-based application hold various information about the functionalities of the website. Some directories can be common or usual, but some of the directories are attractive or important directories that can contain some important information. Like /etc/passwd can contain the information about the Linux server. Traversing this directory is challenging work for every tester, so there is an automated script developed in the PERL language named as DotDotPwn. DotDotPwn fuzzes the directories from the target server and also performs some basic recon on the domain. DotDotPwn has various modules like :

  • HTTP
  • HTTP URL
  • FTP
  • TFTP
  • Payload (Protocol independent)
  • STDOUT

All these modules have their work or functionality. DotDotPwn tool is an automated tool, it’s openly available on the internet and is free to use.

How DotDotPwn Tool Works?

There are a large amount of data permutations onto the targeted domain. DotDotPwn tool mainly works on these permutations. When the request is done through the inputted data to the web application DotDotPwn tool checks and analyzes the response to the request. The information returned is considered vulnerable when the feedback given to the program is analyzed.

When the output returned by the target domain is improper or unusual then there are most chances that the target may be vulnerable to the specific flaw. For example, there is a Security Flaw named SQLi (SQL Injection) which works by inserting malicious queries into the database or back end; if this query is executed then the response we receive is something improper so we get an idea that there must be SQLi flaw due to lack of validation.

Note: Make Sure You have Perl Installed on your System, as this is a Perl-based tool. Click to check the Installation process: Perl Installation Steps on Linux

Installation of DotDotPwn Tool on Kali Linux OS

Step 1: Check whether Perl Environment is Established or not, use the following command.

perl -v

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now create a new directory called DotDotPwn using the following command. In this directory, we will complete the installation of the DotDotPwn tool.

mkdir DotDotPwn 

Step 4: Now switch to the DotDotPwn directory using the following command.

cd DotDotPwn 

Step 5: Now you have to install the tool. You have to clone the tool from GitHub.

git clone https://github.com/wireghoul/dotdotpwn.git

Step 6: The tool has been downloaded successfully in the DotDotPwn directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the DotDotPwn tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd dotdotpwn

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: To install missing modules you can use the following command as root.

sudo perl -MCPAN -e "install <MODULE_NAME>" 

Step 10: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.

./dotdotpwn.pl

Working with DotDotPwn Tool on Kali Linux OS

Example 1: HTTP Module

sudo ./dotdotpwn.pl -m http -h 34.218.62.116 -O -X -M POST -e .php -E

1. In this example, We are using the HTTP Module. We have specified the Module in -m tag

2. In the below Screenshot, We have got the results of our scan.

Example 2: HTTP URL Module

sudo ./dotdotpwn.pl -m http-url -u http://geeksforgeeks.org/TRAVERSAL -O -k “root:” -r webmin.txt

1. In this example, We are using the HTTP URL Module. We have specified the Module in -m tag

2. In the below Screenshot, We have got the results of our scan.

Example 3: FTP Module

 sudo ./dotdotpwn.pl -m ftp -h http://testphp.vulnweb.com/login.php:8080 -s -U test -P test -o windows -q -r ftp_server.txt

In this example, We are using the FTP Module. We have specified the Module in -m tag

Example 4: TFTP Module

sudo ./dotdotpwn.pl -m tftp -h 34.218.62.116 -b -t 1 -f tftp.txt

1. In this example, We are using the TFTP Module. We have specified the Module in -m tag. In the below Screenshot, We have the list of possible files transmitted via TFTP.

2. In the below Screenshot, We have got the results of our scan.

Example 5: PAYLOAD Module

./dotdotpwn.pl -m payload -h 34.218.62.116 -x 80 -p payload_sample_1.txt -k “root:” -f /etc/passwd

1. In this example, We are using the PAYLOAD Module. We have specified the Module in -m tag.

2. In the below Screenshot, We have got the results of our scan.

Example 6: STDOUT Module

./dotdotpwn.pl -m stdout -d 5

1. In this example, We are using the STDOUT Module. We have specified the Module in -m tag.

2. In the below Screenshot, We have got the results of our scan.



Last Updated : 14 Sep, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads