Tool Intro:

  1. Detects Directory traversal vulnerabilities on remote HTTP/FTP server systems.
  2. Currently, the traversal database holds 881 attack payloads. Use the -update flag to perform an online fresh update.
  3. DotDotPwn checks the presence of boot.ini on the vulnerable systems through Directory traversal vulnerabilities, so it’s assumed that the tested systems are
  4. Windows based HTTP/FTP servers.

How to use

It requires perl with HTTP module

root@punter:/pentest/web# wget http://chr1x.sectester.net/toolz/ddpwn/ddpwn.tar.gz

root@punter:/pentest/web#tar -xvf ddpwn.tar.gz

root@punter:/pentest/web# perl -MCPAN -e ‘install HTTP::Lite’
root@punter:/pentest/web# ./ddpwn.pl -http 192.168.0.103

Project :http://chr1x.sectester.net/toolz/ddpwn/