0005486: dotdotpwn - Fix up help - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0005486	Kali Linux	Kali Package Improvement	public	2019-06-02 19:10	2020-02-10 17:39

Reporter	g0tmi1k	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	open

Summary	0005486: dotdotpwn - Fix up help
Description	g0tmi1k@kali-dev:~$ dotdotpwn ################################################################################# # # # CubilFelino Chatsubo # # Security Research Lab and [(in)Security Dark] Labs # # chr1x.sectester.net chatsubo-labs.blogspot.com # # # # pr0udly present: # # # # ________ __ ________ __ __________ # # \______ \ ____ _/ \|_\______ \ ____ _/ \|_\______ \__ _ __ ____ # # \| \| \ / _ \\ __\\| \| \ / _ \\ __\\| ___/\ \/ \/ // \ # # \| ` \( <_> )\| \| \| ` \( <_> )\| \| \| \| \ /\| \| \ # # /_______ / \____/ \|__\| /_______ / \____/ \|__\| \|____\| \/\_/ \|___\| / # # \/ \/ \/ # # - DotDotPwn v3.0.2 - # # The Directory Traversal Fuzzer # # http://dotdotpwn.sectester.net # # [email protected] # # # # by chr1x & nitr0us # ################################################################################# Usage: ./dotdotpwn.pl -m <module> -h <host> [OPTIONS] Available options: -m Module [http \| http-url \| ftp \| tftp \| payload \| stdout] -h Hostname -O Operating System detection for intelligent fuzzing (nmap) -o Operating System type if known ("windows", "unix" or "generic") -s Service version detection (banner grabber) -d Depth of traversals (e.g. deepness 3 equals to ../../../; default: 6) -f Specific filename (e.g. /etc/motd; default: according to OS detected, defaults in TraversalEngine.pm) -E Add @Extra_files in TraversalEngine.pm (e.g. web.config, httpd.conf, etc.) -S Use SSL for HTTP and Payload module (not needed for http-url, use a https:// url instead) -u URL with the part to be fuzzed marked as TRAVERSAL (e.g. http://foo:8080/id.php?x=TRAVERSAL&y=31337) -k Text pattern to match in the response (http-url & payload modules - e.g. "root:" if trying /etc/passwd) -p Filename with the payload to be sent and the part to be fuzzed marked with the TRAVERSAL keyword -x Port to connect (default: HTTP=80; FTP=21; TFTP=69) -t Time in milliseconds between each test (default: 300 (.3 second)) -X Use the Bisection Algorithm to detect the exact deepness once a vulnerability has been found -e File extension appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc") -U Username (default: 'anonymous') -P Password (default: '[email protected]') -M HTTP Method to use when using the 'http' module [GET \| POST \| HEAD \| COPY \| MOVE] (default: GET) -r Report filename (default: 'HOST_MM-DD-YYYY_HOUR-MIN.txt') -b Break after the first vulnerability is found -q Quiet mode (doesn't print each attempt) -C Continue if no data was received from host g0tmi1k@kali-dev:~$ Could `./` and `.pl` be removed?

g0tmi1k 2020-02-10 17:39 administrator ~0012145	Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling <= 2019.2), these legacy versions are no longer supported. We will be closing this ticket due to inactivity. Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup? For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Date Modified	Username	Field	Change
2019-06-02 19:10	g0tmi1k	New Issue
2020-02-10 17:39	g0tmi1k	Note Added: 0012145
2020-02-10 17:39	g0tmi1k	Status	new => closed