[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IPS] PUTTY SSH-Client Exploit



-----------------------------------------------------------
I-PROYECTOS  Division Seguridad (Security Research)
-----------------------------------------------------------
   2003 seguridad@xxxxxxxxxxxxxx

   Proof of concept code / Exploit
-----------------------------------------------------------
 
 In December 16, 2002 Rapid 7.Inc released a security alert about
vulnerabilities in ssh2 implementations from multiple vendors. We have
used the concept to code this exploit/proof of concept.
 
 It's a fake server to exploit the putty client. To test it you need to
change the url in the shellcode; that file will be downloaded and run
on exploitation.
 
 This is intented for educational/testing purposes.
 
 -----------------------------------------------------------
Developed by:
             Rand ( jcamilleri@xxxxxxx )
             Dani ( dani@xxxxxxxxxxxxxx )

Attachment: IP-putty.c
Description: Binary data