|
Título: [UPDATE] DotDotPwn v2.1 - The Directory Traversal Fuzzer Publicado por: chr1x en 31 Octubre 2010, 14:56 pm CubilFelino Security Research Lab and Chatsubo (IN) Security Labs
proudly present... DotDotPwn v2.1 - The Directory Traversal Fuzzer =============================================== Authors: Christian Navarrete (chr1x @ http://chr1x.sectester.net) and Alejandro Hernández H. (nitr0us @ http://chatsubo-labs.blogspot.com) Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences 2010) Tool Description ================ It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in perl programming language and can be run either under *NIX or Windows platforms. Fuzzing modules supported in this version: - HTTP - HTTP URL - FTP - TFTP - Payload (Protocol independent) - STDOUT Discovered Vulnerabilities ========================== - HTTP (4 security advisories) * MultiThreaded HTTP Server @ http://www.inj3ct0r.com/exploits/11894 * Wing FTP Server v3.4.3 @ http://packetstormsecurity.org/1005-exploits/wingftp-traversal.txt * Yaws 1.89 * Mongoose 2.11 - FTP (2 security advisories) * VicFTPS v5.0 @ http://www.inj3ct0r.com/exploits/12131 * Home FTP Server vr1.11.1 (build 149) @ http://www.exploit-db.com/exploits/15349 - TFTP (2 security advisories) * TFTP Desktop 2.5 @ http://www.exploit-db.com/exploits/14857 * TFTPDWIN v0.4.2 @ http://www.exploit-db.com/exploits/14856 Download ======== Official site: http://dotdotpwn.sectester.net Mirror site: http://chatsubo-labs.blogspot.com Contact ======= Contact: dotdotpwn () sectester net Vote for DotDotPwn as tool for next BackTrack release!! -> http://www.backtrack-linux.org/forums/tool-requests/32082-dotdotpwn.html Título: Re: [UPDATE] DotDotPwn v2.1 - The Directory Traversal Fuzzer Publicado por: nitr0us en 1 Noviembre 2010, 23:53 pm Si voten voten !
Pueden ver la presentación del release oficial en BugCon 2010 (29 de octubre). http://www.brainoverflow.org/presentations/DotDotPwn%20v2.1%20BugCon%202010.pdf Saludos. Título: Re: [UPDATE] DotDotPwn v2.1 - The Directory Traversal Fuzzer Publicado por: el-brujo en 14 Febrero 2012, 16:26 pm *- DotDotPwn v3.0 (The Directory Traversal Fuzzer)
http://www.intrudefense.com.mx/dotdotpwn-v3.0.tar.gz |