lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 9 Dec 2014 23:51:48 +0200
From: Adrian Furtuna <adif2k8@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Releasing PuttyRider - for penetration testers

Dear List,

I am pleased to announce the release of a new tool that I have recently
developed - called PuttyRider.

In a few words, PuttyRider injects a DLL into a running putty.exe process
in order to sniff all communication and inject Linux commands on the remote
server.
This can be useful in an internal penetration test when you already have
access to a sysadmin’s machine who has a Putty session open to a Linux
server. You can use PuttyRider to take control of the remote server using
the existing SSH session.

The tool has been recently presented at Defcamp 2014 – a security
conference in Romania.

Presentation slides:    *http://defcamp.ro/dc14/AdrianFurtuna.pdf*
<http://defcamp.ro/dc14/AdrianFurtuna.pdf>
Presentation video:
*https://www.youtube.com/watch?v=nfhzoFPGUhg&list=UUc05xgnkf4YZEdn3zBJRFkA*
<https://www.youtube.com/watch?v=nfhzoFPGUhg&list=UUc05xgnkf4YZEdn3zBJRFkA>
Source code & binary:   *https://github.com/seastorm/PuttyRider*
<https://github.com/seastorm/PuttyRider>

Enjoy and let me know if you have any feedback or suggestion for
improvement.


Cheers,
Adrian

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists