[TOOL] PuttyHijack - Putty Hijacking Tool

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.

- - - - - - - - -

PuttyHijack - Putty Hijacking Tool



PuttyHijack is a POC tool that injects a dll into the Putty process to
hijack an existing, or soon to be created, connection.

This can be useful during penetration tests when a windows box that has
been compromised is used to SSH/Telnet into other servers.

The injected DLL installs some hooks and creates a socket for a callback
connection that is then used for input/output redirection.
It does not kill the current connection, and will cleanly uninject if the
socket or process is stopped.

PuttyHijack was inspired by the work that Metlstorm did on
<http://www.storm.net.nz/projects/7> SSHJack but at this release does not
create a new SSH tunnel for the connection.


The information has been provided by <mailto:brett.moore@xxxxxxxxxxxxxxx>
Brett Moore.
To keep updated with the tool visit the project's homepage at:


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.