PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.
The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection.
PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis.
How to run/install PuttyHijack
Help commands of PuttyHijack
The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection.
PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis.
How to run/install PuttyHijack
- Start a nc listener on some fully controlled machine.
- Run PuttyHijack specify the listener ip and port on victime machine (Some socail engg skill may be helpfull)
- Watch the echoing of everything including passwords (grab it for further analysis)
Help commands of PuttyHijack
!disco – disconnect the real putty from the display
!reco – reconnect it
!exit – just another way to exit the injected shell