Brett Moore of Insomnia Security has released Putty Hijack
Link: http://www.insomniasec.com/releases/tools
From the announcement:
PuttyHijack is a POC tool that injects a dll into the Putty
process to hijack an existing, or soon to be created, connection.
This can be useful during penetration tests when a windows box that
has been compromised is used to SSH/Telnet into other servers.
The injected DLL installs some hooks and creates a socket for a
callback connection that is then used for input/output redirection.
It does not kill the current connection, and will cleanly uninject
if the socket or process is stopped.
Works as described.
Issues:
* only works if putty is already running, otherwise it has nothing to hook. So in its current state its cute but not usable.
Comments:
*what would be handy would be for the tool to run and wait for putty to start then do the hooking.
*low tech solution of just replacing the putty link with a bat file calling both putty.exe and puttyhijack thus far is not working :-(
*source is included so realistically i should shut up and just fire up visual studio
Screen shots
Link: http://www.insomniasec.com/releases/tools
From the announcement:
PuttyHijack is a POC tool that injects a dll into the Putty
process to hijack an existing, or soon to be created, connection.
This can be useful during penetration tests when a windows box that
has been compromised is used to SSH/Telnet into other servers.
The injected DLL installs some hooks and creates a socket for a
callback connection that is then used for input/output redirection.
It does not kill the current connection, and will cleanly uninject
if the socket or process is stopped.
Works as described.
Issues:
* only works if putty is already running, otherwise it has nothing to hook. So in its current state its cute but not usable.
Comments:
*what would be handy would be for the tool to run and wait for putty to start then do the hooking.
*low tech solution of just replacing the putty link with a bat file calling both putty.exe and puttyhijack thus far is not working :-(
*source is included so realistically i should shut up and just fire up visual studio
Screen shots
