API Security Testing for Dummies [Free eBook]
Proof of Concept : PuttyHijack - Hijack SSH/PuTTY Sessions
PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection.
PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis.
How to run/install PuttyHijack
- Start a nc listener on some fully controlled machine.
- Run PuttyHijack specify the listener ip and port on victime machine (Some socail engg skill may be helpfull)
- Watch the echoing of everything including passwords (grab it for further analysis)
- Help commands of PuttyHijack
!reco – reconnect it
!exit – just another way to exit the injected shell
Download PuttyHijack
➤ Read Latest Stories
Check Out These Free Cybersecurity Resources
Securely Integrate Open Source Into Your Software Supply Chain
Earn a Master's in Cybersecurity Risk Management
Exclusive Cybersecurity Deals
🔥 Learn Professional Hacking
10 courses + 1,236 lessons on latest techniques, forensics, malware analysis, network security and programming.
➤ Access Online Training Courses
🔥 Cybersecurity Certification Training
Get 1-year access to 108 hours of instruction on globally-recognized CISA, CISM, CISSP, PMI-RMP, and COBIT 5 certifications.
➤ Access Online Training Courses
📰 News Stories from 03 Oct, 2011