| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+s8jvmJF5GL2=BTLN_8xCf1mPx7XYYfp+2Mwgpf6hCAD=m02w@mail.gmail.com> Date: Tue, 9 Dec 2014 23:51:48 +0200 From: Adrian Furtuna <adif2k8@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Releasing PuttyRider - for penetration testers Dear List, I am pleased to announce the release of a new tool that I have recently developed - called PuttyRider. In a few words, PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an internal penetration test when you already have access to a sysadmin’s machine who has a Putty session open to a Linux server. You can use PuttyRider to take control of the remote server using the existing SSH session. The tool has been recently presented at Defcamp 2014 – a security conference in Romania. Presentation slides: *http://defcamp.ro/dc14/AdrianFurtuna.pdf* <http://defcamp.ro/dc14/AdrianFurtuna.pdf> Presentation video: *https://www.youtube.com/watch?v=nfhzoFPGUhg&list=UUc05xgnkf4YZEdn3zBJRFkA* <https://www.youtube.com/watch?v=nfhzoFPGUhg&list=UUc05xgnkf4YZEdn3zBJRFkA> Source code & binary: *https://github.com/seastorm/PuttyRider* <https://github.com/seastorm/PuttyRider> Enjoy and let me know if you have any feedback or suggestion for improvement. Cheers, Adrian _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists