Insomnia: Tool Release - PuttyHijack V1.0

["Brett Moore" <brett.moore () insomniasec com>]

___________________________________________________________________

 Insomnia Security :: PuttyHijack V1.0
___________________________________________________________________

 Name: Putty Hijack
 Released: 31 July Feb 2008
 Author: Brett Moore, Insomnia Security
 Original Link: http://www.insomniasec.com/releases/tools
___________________________________________________________________

_______________

 Description
_______________

PuttyHijack is a POC tool that injects a dll into the Putty 
process to hijack an existing, or soon to be created, connection.

This can be useful during penetration tests when a windows box that 
has been compromised is used to SSH/Telnet into other servers.

The injected DLL installs some hooks and creates a socket for a 
callback connection that is then used for input/output redirection. 

It does not kill the current connection, and will cleanly uninject
if the socket or process is stopped.

PuttyHijack was inspired by the work that Metlstorm did on SSHJack
(http://www.storm.net.nz/projects/7) but at this release does not
create a new SSH tunnel for the connection.
_______________

 Legals
_______________

The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.
___________________________________________________________________


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------