-----------------------------------------------------------
I-PROYECTOS Division Seguridad (Security Research)
-----------------------------------------------------------
2003 seguridad@iproyectos.net
Proof of concept code / Exploit
-----------------------------------------------------------
In December 16, 2002 Rapid 7.Inc released a security alert about
vulnerabilities in ssh2 implementations from multiple vendors. We have
used the concept to code this exploit/proof of concept.
It's a fake server to exploit the putty client. To test it you need to
change the url in the shellcode; that file will be downloaded and run
on exploitation.
This is intented for educational/testing purposes.
-----------------------------------------------------------
Developed by:
Rand ( jcamilleri@ono.com )
Dani ( dani@iproyectos.net )
Attachment:
IP-putty.c
Description: Binary data
