Home » Hacker » Kriptografi » Tips N Triks » Tutorial DotDotPwn

Jumat, 06 Juni 2014

Tutorial DotDotPwn

dotdotpwn -- Direktory Tranversal Tool
cd /pentest/web/dotdotpwn
visit web : DOTDOTPWN
merupakan tools pendeteksi bebrapa Direktori Tranversal Vulnerability di HTTP/FTP server. AttackDB version saat ini telah memiliki 871 tranversal payload.. tool ini telah dicoba di kolibri+webserver v2.0 dan GeFest WebServer v.1.0 (http server)..dan hasilnya bebrapa string2 vulnerability di dapatkan.
dotdotpwn mampu mendeteksi 10 - 20 perbedaaan serangan strings di server yang vulnerability..
fitur-fitur dotdotpwn:
1.Mendeteksi Direktory transversal vulnerability di HTTP/FTP sistem server.
2.dotdotpwn mengecek di boot.ini di system yang vulnerability melalaui direktory transversal .jadi asumsinya mengetes di web server dengan base sistem windows.
3.Transversal databasenya sekitar 871 payload. -update flag untuk fresh update

Usage: ./dotdotpwn.pl -m -h [OPTIONS]
Available options:
-m Module [http | http-url | ftp | tftp | payload | stdout]
-h Hostname
-O Operating System detection for intelligent fuzzing (nmap)
-o Operating System type if known ("windows", "unix" or "generic")
-s Service version detection (banner grabber)
-d Deep of traversals (e.g. deepness 3 equals to ../../../; default: 6)
-f Specific filename (e.g. /etc/motd; default: according to OS detected, defaults in TraversalEngine.pm)
-E Add @Extra_files in TraversalEngine.pm (e.g. web.config, httpd.conf, etc.)
-u URL with the part to be fuzzed marked as TRAVERSAL (e.g. http://foo:8080/id.php?x=TRAVERSAL&y=31337)
-k Text pattern to match in the response (http-url & payload modules - e.g. "root:" if trying /etc/passwd)
-p Filename with the payload to be sent and the part to be fuzzed marked with the TRAVERSAL keyword
-x Port to connect (default: HTTP=80; FTP=21; TFTP=69)
-t Time in milliseconds between each test (default: 300 (.3 second))
-X Use the Bisection Algorithm to detect the exact deepness once a vulnerability has been found
-e File extension appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")
-U Username (default: 'anonymous')
-P Password (default: 'dot@dot.pwn')
-M HTTP Method to use when using the 'http' module [GET | POST | HEAD | COPY | MOVE] (default: GET)
-r Report filename (default: 'HOST_MM-DD-YYYY_HOUR-MIN.txt')
-b Break after the first vulnerability is found
-q Quiet mode (doesn't print each attemp)
--m Module [http | http-url | ftp | tftp | payload | stdout]
-h Hostname
Hasil yang saya save di dir /pentest/web/dotdotpwn
nautilus /pentest/web/dotdotpwn

Posted in: ,,
Posting Lebih Baru Posting Lama Beranda

0 komentar:

Posting Komentar