The Hacker News Logo
Subscribe to Newsletter

Proof of Concept : PuttyHijack – Hijack SSH/PuTTY Sessions

Proof of Concept : PuttyHijack - Hijack SSH/PuTTY Sessions

PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection.

PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis.

How to run/install PuttyHijack
  • Start a nc listener on some fully controlled machine.
  • Run PuttyHijack specify the listener ip and port on victime machine (Some socail engg skill may be helpfull)
  • Watch the echoing of everything including passwords (grab it for further analysis)
  • Help commands of PuttyHijack
!disco – disconnect the real putty from the display
!reco – reconnect it
!exit – just another way to exit the injected shell
Download PuttyHijack

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.