module
PuTTY Saved Sessions Enumeration Module
| Disclosed | Created |
|---|---|
| N/A | 2018-05-30 |
Disclosed
N/A
Created
2018-05-30
Description
This module will identify whether Pageant (PuTTY Agent) is running and obtain saved session
information from the registry. PuTTY is very configurable; some users may have configured
saved sessions which could include a username, private key file to use when authenticating,
host name etc. If a private key is configured, an attempt will be made to download and store
it in loot. It will also record the SSH host keys which have been stored. These will be connections that
the user has previously after accepting the host SSH fingerprint and therefore are of particular
interest if they are within scope of a penetration test.
information from the registry. PuTTY is very configurable; some users may have configured
saved sessions which could include a username, private key file to use when authenticating,
host name etc. If a private key is configured, an attempt will be made to download and store
it in loot. It will also record the SSH host keys which have been stored. These will be connections that
the user has previously after accepting the host SSH fingerprint and therefore are of particular
interest if they are within scope of a penetration test.
Author
Stuart Morgan stuart.morgan@mwrinfosecurity.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.