What Is A Putty Hijack?

If you are someone who programs for the web or works on servers for a living then there is a good chance that you have run across controlling systems with the command line. If you use computers over 20 years ago then I know that you would have had some interaction with the command line at some point. Even though the command line option for controlling your computer is not used as much anymore, there is still a big need for it when it comes to people who are working on remote systems. And a lot of the people who use UNIX based systems such as Linux and BSD like to use the command line any way. They claim that it is faster and more suited to their needs.

If you are on Windows then you are on an operating system where the command line is really a second class citizen. And it has been that way for a long time. But there are times when you are on Windows where you will need to interact with a remote Linux based system and you have to use a command line structure to do it. That is where the software Putty comes into play. Putty will allow you to SSH into a remote server of box and let you control the entire system while you are in there.

So what is Putty?

As we just said a couple of sentences ago, Putty allows you to be able to use a remote Linux shell while you are still in Windows. It acts and feels just like you are in a shell session on a Linux box. All you have to do is place the IP address of the box that you want to log into and then Putty will do the rest.

Controlling Putty

So after you place the IP address of the box you want to go to, all there is left to do is log in. Once you are logged in you have to make sure that you are able to get around in the system by using Putty. To do that you must know some of the Linux commands that are available to you. If you are used to using the command line in windows then you will notice that there are a few similarities but there are not many. You must either use the internet or purchase a reference book to be able to get around the remote system.

But Putty is a great tool. Without it you would have to either host the server somewhere that is near you or you would have to switch your work operating system to Linux. And while Linux is great for server software, it is not the best desktop software around. That is not an opinion shared by all but by and large a lot less people like the Linux desktop than the mainstream alternatives that are out there.

Putty security problems

Even though by and large Putty is a great and secure tool to use when you are working on remote servers there are some security problems that come along with it. But that’s no different than software has always been and will always be. The newest problem with the Putty software is an attack called Putty hijacking. Right now it is in the Proof of concept phase but you can easily start to see it in attack mode pretty soon.

What the Putty hijack does is take over your Putty session. Any Putty session that might be running, this attack will take over and act as if it is you. And that is a key point. If the attack is to work, the Putty software has to be in use at the time. If it is not in use then the exploit will not be able to see where it is supposed to attack to.

The attack starts by placing a dll on the system. This dll is then injected into the process that is controlling Putty and the real attack begins. The dll opens up a network socket. A network socket is what is used to allow outside influences to be able to connect to the box that is being used. For example, the internet comes to your compute through the use of sockets. So now that it opens up a socket, it sets the stage for someone to be able to control your Putty session remotely which means they will be controlling your server as well.

The Putty software is still a good way to do remote computer on a Windows computer. The software is easy to use and effective. But you have to remember that it is not 100% safe and you are going to have to make sure it is not infected.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. There are a number of different OS’s besides Linux that would allow you to SSH into a box. This type of attack isn’t new either.
    Other software (on multiple OS’s) which support the SSH protocol have been affected by similar attacks in the past.

Speak Your Mind

*