PuttyHijack V1.0

Posted by & filed under .

PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection.

This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

The injected DLL installs some hooks and creates a socket for a callback connection that is then used for input/output redirection.

It does not kill the current connection, and will cleanly uninject if the socket or process is stopped.

PuttyHijack was inspired by the work that Metlstorm did on SSHJack (http://www.storm.net.nz/projects/7) but at this release does not create a new SSH tunnel for the connection.


How To use it:

1) Start a nc listener
2) Run PuttyHijack specify the listener ip and port
3) Watch the echoing of everything including passwords

Some basic commands in this version include;
!disco – disconnect the real putty from the display
!reco – reconnect it
!exit – just another way to exit the injected shell


Insomnia Security :: PuttyHijack V1.0
Author: Brett Moore, Insomnia Security
Original Link: http://www.insomniasec.com/releases/tools

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>