Tool Intro:

  1. Detects Directory traversal vulnerabilities on remote HTTP/FTP server systems.
  2. Currently, the traversal database holds 881 attack payloads. Use the -update flag to perform an online fresh update.
  3. DotDotPwn checks the presence of boot.ini on the vulnerable systems through Directory traversal vulnerabilities, so it’s assumed that the tested systems are
  4. Windows based HTTP/FTP servers.

How to use

It requires perl with HTTP module

[email protected]:/pentest/web# wget http://chr1x.sectester.net/toolz/ddpwn/ddpwn.tar.gz

[email protected]:/pentest/web#tar -xvf ddpwn.tar.gz

[email protected]:/pentest/web# perl -MCPAN -e ‘install HTTP::Lite’
[email protected]:/pentest/web# ./ddpwn.pl -http 192.168.0.103

Project :http://chr1x.sectester.net/toolz/ddpwn/