Interesting.
She bypassed Solar Putty's library downloader entirely, pulling the WinSCP libraries manually from an open-source mirror. The download completed in seconds. She pointed Solar Putty to the local files, restarted the client, and connected to Aegis-7 on the first try.
Then she called the number listed for TransOrbital's security office. solar putty unable to download winscp libraries
"Your server has been compromised," she said. "And I have the log."
She hung up, saved the hidden log file to three different drives, and wrote a short script to check every Solar Putty instance on her network for the same hash mismatch. Interesting
And then she noticed something else. A hidden file in the root directory: .
The remote server's welcome banner scrolled up: She pointed Solar Putty to the local files,
There were twelve.
A hash mismatch. But the libraries weren't downloading at all. How could there be a hash for something that didn't exist?
[WARN] winscp_lib_hash_mismatch: expected 9F2A... got 00:00:00:00:00