Pastejacking -- Exploiting Remote Machines


In pastejacking attacks, hackers use a malicious program to replace the contents of the user's clipboard with a different set of data, such as a malicious URL, password or other sensitive information. When the user attempts to paste the original content, they end up pasting the malicious data instead, which can lead to various types of cyber threats, such as phishing attacks, malware infections, or stealing sensitive data.
In today's detailed tutorial we are going to learn a dangerous exploitation called pastejacking. In this article we learn


  • What is pastejacking.

  • How to avoid pastejacking.

  • Practical of pastejacking in our Kali Linux.


What is pastejacking ?


 Pastejacking is a dangerous attack technique with the help of this attacker can control victim's clipboard and paste malicious codes in targeted machine, then attacker get control victim's machine.




pastejacking and pastejacker in kali linux 2020



Pastejacking or clipboard hijacking is a method that malicious websites use to gain control of the clipboard on victim's computer and change that content into malicious content without victim's knowledge. Pastejacking is an exploit in which a person's clipboard's content is replaced by malicious lines, like a link to malicious web server, malicious code or commands.

Example: User surfing web and he got some useful command for him. The command is copied by the user, but if it is a pastejacking then the user not copied the normal looking useful command. User even don't know that he have copied some malicious command in the place of the normal looking useful command.

When he paste and run the the command in Linux terminal or Windows powershell his machine will be compromised.


How to avoid pastejacking?


Avoiding from this kind of attacks is very easy. We shouldn't copy and paste commands from websites to terminal directly. It is a good practice to type our required commands.

In case if we must need to copy commands from websites we then can copy it, but before pasting it on terminal we should paste it on text editor like notepad, mousepad, leafpad etc.

If it is a pastejacking then in text editor will show us that what command we have pasted. The terminal also can show us but we shouldn't try it on terminal for security reasons.

This is the process to be safe from pastejacking attacks:


  • We should not copy command from websites better type by own

  • For very long commands, before pasting  on terminal or powershell we check the command by paste it on text editor.
  • Turn on clipboard notifications: Some operating systems allow us to
    turn on clipboard notifications, which will notify we every time
    something is copied to our clipboard. This can help you catch any
    suspicious activity and protect our sensitive information.
  •  Use a password manager with autofill: Password managers like LastPass or
    1Password have autofill features that can fill in login information for
    you without the need to copy and paste.
  • Use a fun password generator: Instead of using the same old boring
    password, use a fun and quirky password generator that creates passwords
    like "UnicornPizza88!" or "JellyfishRainbow123#". This can make the
    password creation process more enjoyable and less of a hassle. 

By taking these steps, we can protect ourself from pastejacking attacks while also having some fun along the way!




How to use pastejacking ?


So basically it can be triggered from websites so, good knowledge in web development can implement this or we can simply use automated scripts like PasteJacker in our Kali Linux machine.

To use the PasteJacker tool we need to clone it from it's GitHub repository by using following command:

git clone https://github.com/D4Vinci/PasteJacker


The following screenshot shows the output of the preceding command:




git clone git clone https://github.com/D4Vinci/PasteJacker

Then we install PasteJacker with the following command:

sudo python3 -m pip install ./PasteJacker


Then it will install all required python packages for PasteJacker tool. This automated script also install PasteJacker tool in our Kali Linux, as we can see in the following screenshot:




installing pastejacker



Then we can run PasteJacker tool anywhere in our terminal by applying command:

sudo pastejacker


After applying the above command PasteJacker tool's main menu will appear as following screenshot:




PasteJacker main menu

Now we can use PasteJacker tool.
The menu shows us two options. If we are going to use against a Windows target then we can go with option 1, for using it against Linux we can choose 2. Here for an example we choose 2 and press enter.




pastejacker menu



Here the first option will create a hidden bash command that download our and execute our msfvenom payload in victim's system using wget (do your own research on wget, we are not going to spoon-feed).

The second option will create a reverse connection of victim's computer using netcat.
In the third one we can create our one-liner malicious commands and use it to perform pastejacking.
We can use the first or second option those are also easy and automated, but we are not going to harm anyone so we write a non-malicious one-liner custom pastejacking for just proof of concept. So we choose option 3.The screenshot is following:


one-liner command for pastejacking

Here we need to type our one line command. We can use any harmful command for Linux users but we have typed an simple command to display a text.


choosing a templet



Here we need to choose a template for pastejacking. Here it have 3 types of pastejacking methods. For our those example we choose option 2 , i.e. pastejacking using javascript.
Then PasteJacker tool will prompt for the port we can leave it blank and press enter because the default port will be 80.





entering text

Here we need to type the text and we need to press enter double time to finish it. This will be the normal looking command, we can type anything to attract victim's attention.


pastejacker tool

PasteJacker tool starts a localhost server in port 80. We open a browser and go to our localhost or 127.0.0.1 and we can see the normal looking command. If we paste and run it will change in to our that one-liner command.
Here we have opened our localhost and copied the command and paste it on mousepad text editor and see what we have got in the following screenshot:


pastejacking example

We can even modify the webpage, and give it to a real life website look. To do that we open a terminal our root user directory:

sudo su
Then we type cd and enter to go to the root user's directory:

cd

root directory

Then we can modify the html page by using following command:

sudo mousepad .pastejacker/index.html

modifying the HTML

In the above screenshot we can see the locally hosted webpage's html codes. We can modify it is as we want like we have modify it a little bit.




pastejacking



This is how we can do pastejacking on our local network. Now we can use port forwarding using SSH or host our this HTML webpage to any hosting site to use pastejacking attack over the internet. Here is a demo.
So, in this tutorial we have learned about pastejacking. What is it and how to be safe from it. We have also learned how to use it in our Kali Linux system.
Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group,
where we focus on Linux and Cybersecurity. We're always available to
help in the comment section and read every comment, ensuring a prompt
reply.

AIX

Posting Komentar

Lebih baru Lebih lama