MTPutty 1.0.1.21 – SSH Password Disclosure

• Exploit Database
• 12 阅读

• 作者： Sedat Ozdemir
  日期： 2021-12-09
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/50574/

• # Exploit Title: MTPutty 1.0.1.21 - SSH Password Disclosure
  # Exploit Author: Sedat Ozdemir
  # Version: 1.0.1.21
  # Date: 06/12/2021
  # Vendor Homepage: https://ttyplus.com/multi-tabbed-putty/
  # Tested on: Windows 10
  
  Proof of Concept
  ================
  
  Step 1: Open MTPutty and add a new SSH connection.
  Step 2: Click double times and connect to the server.
  Step 3: Run run “Get-WmiObject Win32_Process | select name, commandline |
  findstr putty.exe” on powershell.
  Step 4: You can see the hidden password on PowerShell terminal.