Skip to content
A post-exploitation tool to decrypt SolarPutty's sessions files
C#
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
SolarPuttyDecrypt
.gitignore
LICENSE
README.md
SolarPuttyDecrypt.sln
solar.ico
solarputtydecrypt.png

README.md

SolarPuTTYDecrypt

A post-exploitation/forensics tool to decrypt SolarPuTTY's sessions files

Author: Paolo Stagno (@Void_Sec - voidsec.com)

Intro:

In September 2019 I found some bad design choices (vulnerability?) in SolarWinds SolarPuTTY software. It allows an attacker to recover SolarPuTTY's stored sessions from a compromised system.

This vulnerability was leveraged to targets all SolarPuTTY versions <= 4.0.0.47

I've made this detailed blog post explaining the "vulnerability".

Usage:

By default, when runned without arguments, the tool attempts to dump the local SolarPuTTY's sessions file (%appdata%\SolarWinds\FreeTools\Solar-PuTTY\data.dat).

Otherwise the tool can be pointed to an arbitrary exported sessions file in the following way (use "" for empty password):

SolarPuttyDecrypt.exe C:\Users\test\session.dat Pwd123!

Sessions will be outputted on screen and saved into User's Desktop (%userprofile%\desktop\SolarPutty_sessions_decrypted.txt)

SolarPuttyDecrypt

Help Needed

Searching for someone interested into porting this project to a Metasploit post-exploitation module.

You can’t perform that action at this time.