[TOOL] PuttyHijack - Putty Hijacking Tool



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



PuttyHijack - Putty Hijacking Tool
------------------------------------------------------------------------


SUMMARY



DETAILS

PuttyHijack is a POC tool that injects a dll into the Putty process to
hijack an existing, or soon to be created, connection.

This can be useful during penetration tests when a windows box that has
been compromised is used to SSH/Telnet into other servers.

The injected DLL installs some hooks and creates a socket for a callback
connection that is then used for input/output redirection.
It does not kill the current connection, and will cleanly uninject if the
socket or process is stopped.

PuttyHijack was inspired by the work that Metlstorm did on
<http://www.storm.net.nz/projects/7> SSHJack but at this release does not
create a new SSH tunnel for the connection.


ADDITIONAL INFORMATION

The information has been provided by <mailto:brett.moore@xxxxxxxxxxxxxxx>
Brett Moore.
To keep updated with the tool visit the project's homepage at:
<http://www.insomniasec.com/releases/tools>
http://www.insomniasec.com/releases/tools



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [TOOL] tcpstatflow - Covert Tunnel Detector
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... For example, he could set up a SSH server on the Internet, listening port ... one way and the opposite (within a single TCP connection). ...
    (Securiteam)
  • [UNIX] Ruby Net::HTTPS Library Insufficent Validation of Server Certificate CN
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Ruby Net::HTTPS Library Insufficent Validation of Server Certificate CN ... failing to call post_connection_check after the SSL connection has been ...
    (Securiteam)
  • [NEWS] PalmOS httpd accept() Queue Overflow DoS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... 'httpd' for PalmOS was originally written by Jim Rees, ... The development of httpd for Palm stopped. ... than 1 connection, ...
    (Securiteam)
  • [EXPL] Remote Buffer Overflow in Prozilla
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... void usage ... int find_xor ...
    (Securiteam)
  • [NEWS] Quartz Composer / QuickTime 7 Information Leakage
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Quartz Composer files are created with the Quartz Composer application ... A patch providing the information is ... The output of is connected to the URL input connection of either ...
    (Securiteam)