PuttyHijack is a POC tool that injects a dll into the PuTTY process to hijack an existing, or soon to be created, connection.
This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs some hooks and creates a socket for a
callback connection that is then used for input/output redirection.
It does not kill the current connection, and will cleanly uninject if the socket or process is stopped.
1) Start a nc listener
2) Run PuttyHijack specify the listener ip and port
3) Watch the echoing of everything including passwords
Some basic commands in this version include;
!disco – disconnect the real putty from the display
!reco – reconnect it
!exit – just another way to exit the injected shell
You can download PuttyHijack V1.0 here:
Or read more here.
Recent in Exploits/Vulnerabilities:
- Cupid Media Hack Exposes 42 Million Passwords In Plain Text
- Linux Backdoor Fokirtor Injects Traffic Into SSH Protocol
- Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks
- DllHijackAuditor – Free Audit Tool For DLL Hijack Vulnerability
- Surf Jack – Cookie Session Stealing Tool
- Windows Rootkits
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 222,934 views
- AJAX: Is your application secure enough? - 118,540 views
- eEye Launches 0-Day Exploit Tracker - 84,956 views