Search This Blog

PuttyHijack~session hijack POC

PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection.

PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis.

How to run/install PuttyHijack
  • Start a nc listener on some fully controlled machine.
  • Run PuttyHijack specify the listener ip and port on victime machine (Some socail engg skill may be helpfull)
  • Watch the echoing of everything including passwords (grab it for further analysis)


Help commands of PuttyHijack

!disco – disconnect the real putty from the display
!reco – reconnect it
!exit – just another way to exit the injected shell

Share it:

Hacking Tools

PenTesting Tools

Session Hijacking

Software Release