Web server didn't respond

[dorneanu]

Hi there! Great tool!

I try to run it by using:

$ ./dotdotpwn.pl -m http-url -u "http://amazon.de:80/TRAVERSAL" -o unix -k "root:" 
...
[+] Report name: Reports/amazon.de_08-27-2014_13-26.txt

[========== TARGET INFORMATION ==========]
[+] Hostname: amazon.de
[+] Setting Operating System type to "unix"
[+] Protocol: http
[+] Port: 80

[=========== TRAVERSAL ENGINE ===========]
[+] Creating Traversal patterns (mix of dots and slashes)
[+] Multiplying 6 times the traversal patterns (-d switch)
[+] Creating the Special Traversal patterns
[+] Translating (back)slashes in the filenames
[+] Adapting the filenames according to the OS type detected (unix)
[+] Including Special sufixes
[+] Traversal Engine DONE ! - Total traversal tests created: 10560

[=========== TESTING RESULTS ============]
[+] Ready to launch 3.33 traversals per second
[+] Press Enter to start the testing (You can stop it pressing Ctrl + C)

[+] Replacing "TRAVERSAL" with the traversals created and sending

[+] Fuzz testing finished after 0.02 minutes (1 seconds)
[+] Total Traversals found (so far): 0
[-] Web server didn't respond !

Web server didn't respond. But the host is obviously online. What am I doing wrong?

Thx in advance,

Victor

[wireghoul]

insert disclaimer about scanning legitimate targets here

You are probably hitting a 404 or other unusual HTTP response here. You can verify this by running a sniffer like wireshark while executing the command. I will give it some thought and try to come up with a sane way to manage non 200 response codes. Thanks for the report.

[wireghoul]

Fixed in latest commit, can you try again with the latest code?

[dorneanu]

I've tried another version and it works now:

BlackArch# pacman -Qi dotdotpwn 
Name           : dotdotpwn
Version        : 3.0-4
...

I'll close this issue.

[azamet90]

i fixed this problem with removing the http / https also just www