Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[IPS] PUTTY SSH-Client Exploit

From: Daniel Alcántara de la Hoz <seguridad () iproyectos net>
Date: Sat, 28 Dec 2002 15:51:46 -0000
-----------------------------------------------------------
I-PROYECTOS  Division Seguridad (Security Research)
-----------------------------------------------------------
   2003 seguridad () iproyectos net

   Proof of concept code / Exploit
-----------------------------------------------------------
 
 In December 16, 2002 Rapid 7.Inc released a security alert about
vulnerabilities in ssh2 implementations from multiple vendors. We have
used the concept to code this exploit/proof of concept.
 
 It's a fake server to exploit the putty client. To test it you need to
change the url in the shellcode; that file will be downloaded and run
on exploitation.
 
 This is intented for educational/testing purposes.
 
 -----------------------------------------------------------
Developed by:
             Rand ( jcamilleri () ono com )
             Dani ( dani () iproyectos net )

Attachment: IP-putty.c
Description:

Previous By Date Next
Previous By Thread Next

Current thread: