From the course: Ethical Hacking: Session Hijacking
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Hijacking SSH sessions - Linux Tutorial
From the course: Ethical Hacking: Session Hijacking
Hijacking SSH sessions
- Secure Shell, or SSH, is a common protocol used by system administrators to remotely manage enterprise servers, and is preferred over telnet, as it establishes a secure connection. One of the most popular Windows tools used for SSH is PuTTY, available from the website shown here, and when connected, provides a terminal session on a target system. In 2008, Insomnia, a penetration testing company in New Zealand, created a tool to hijack PuTTY sessions, and in doing so, demonstrated a powerful way for testers to target system administrators in order to demonstrate unauthorised access to complete enterprise networks. The tool, PuTTY Hijack, can be used when access has been gained to a Windows system when PuTTY is running. The tool identifies the PuTTY processes and injects a DLL, which then copies all commands and responses to the attacker's terminal. PuTTY Hijack works only on PuTTY version 0.6. However, it inspired another tool called PuTTY Rider, which works on all PuTTY releases…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.