GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → D4Vinci → Pastejacker

D4Vinci / Pastejacker

Hacking systems with the automation of PasteJacking attacks.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

linuxhacking-toolmetasploit

Projects that are alternatives of or similar to Pastejacker

Jasmin-Ransomware
Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Stars: ✭ 84 (-63.48%)
Mutual labels:  hacking-tool, metasploit
007-TheBond
This Script will help you to gather information about your victim or friend.
Stars: ✭ 371 (+61.3%)
Mutual labels:  hacking-tool, metasploit
trolo
trolo - an easy to use script for generating Payloads that bypasses antivirus
Stars: ✭ 45 (-80.43%)
Mutual labels:  hacking-tool, metasploit
Andspoilt
Run interactive android exploits in linux.
Stars: ✭ 101 (-56.09%)
Mutual labels:  hacking-tool, metasploit
Entropy
Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.
Stars: ✭ 126 (-45.22%)
Mutual labels:  hacking-tool, metasploit
Ethical Hacking Tools
Complete Listing and Usage of Tools used for Ethical Hacking
Stars: ✭ 272 (+18.26%)
Mutual labels:  hacking-tool, metasploit
VirusX5
The Most Powerful Fake Page Redirecting tool...
Stars: ✭ 15 (-93.48%)
Mutual labels:  hacking-tool, metasploit
Mouse
Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.
Stars: ✭ 186 (-19.13%)
Mutual labels:  hacking-tool, metasploit
One Lin3r
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Stars: ✭ 1,259 (+447.39%)
Mutual labels:  hacking-tool, metasploit
Xeexe Topantivirusevasion
Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
Stars: ✭ 387 (+68.26%)
Mutual labels:  hacking-tool, metasploit
Proton
Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
Stars: ✭ 142 (-38.26%)
Mutual labels:  hacking-tool, metasploit
Technowhorse
TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.
Stars: ✭ 189 (-17.83%)
Mutual labels:  hacking-tool, metasploit
Awesome Hacking Lists
Project transferred to: https://github.com/taielab/awesome-hacking-lists
Stars: ✭ 203 (-11.74%)
Mutual labels:  hacking-tool
Hackers Tool Kit
Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram
Stars: ✭ 211 (-8.26%)
Mutual labels:  metasploit
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+1007.83%)
Mutual labels:  metasploit
Mad Metasploit
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
Stars: ✭ 200 (-13.04%)
Mutual labels:  metasploit
Phonia
Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.
Stars: ✭ 221 (-3.91%)
Mutual labels:  hacking-tool
Ighack
Hack Instagram From Termux With Help of Tor
Stars: ✭ 206 (-10.43%)
Mutual labels:  hacking-tool
Python Scripts
Collection of Various Python Script's.💻
Stars: ✭ 195 (-15.22%)
Mutual labels:  hacking-tool
Hrshell
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (-16.09%)
Mutual labels:  metasploit
View All Similar Projects ➔

PasteJacker Python 3.5 Version

The main purpose of the tool is automating (PasteJacking/Clipboard poisoning/whatever you name it) attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there's no tool doing this job the right way 😄

Now because this attack depends on what the user will paste, I implemented the Metasploit web-delivery module's idea into the tool so when the user pastes into the terminal, you gets meterpreter session on his device 😄

Watch tutorial on youtube

What's PasteJacking ?

In short, Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge. From The Windows club definition

So here what I did is automating the original attack and adding two other tricks to fool the user, using HTML and CSS Will talk about it then added meterpreter sessions as I said before.

A simple scenario to make things clear:

  1. The target opens an HTML page served by the tool and this page has anything that makes the user wants to copy from it and paste into the terminal. Ex: package installation instructions
  2. Target copies anything from the page then in the background it gets replaced quickly with our liner.
  3. The user pastes into the terminal and before he notices that the line he copied has been changed :
    • The line gets executed by itself in the background (Without pressing enter)
    • The terminal gets cleared.
    • The user sees the terminal is usable again.
    • You already got your meterpreter session by this time.
  4. All of that happened in less than second and maybe the user thinks this is a bad program and he won't install it 😄

This tool uses 3 methods to trick user into copying our payload instead of the command he copies:

  • Using javascript to hook the copy event and replace copied data.

    • Advantages :
      1. Anything the user copies in the page will be replaced with our line.
      2. Command executed by itself once target paste it without pressing enter.
    • Disadvantages :
      1. Requires Javascript to be enabled on the target browser.

  • Using span style attribute to hide our lines by overwriting.

    • Advantages :
      1. Doesn't require javascript to be enabled.
      2. Works on all browsers.
    • Disadvantages :
      1. Target must select all the text in the page or the first two words to ensure that he copies our hidden malicious lines.

  • Using span style again but this time to make our text transparent and non-markable.

    • Advantages :
      1. Doesn't require javascript to be enabled.
    • Disadvantages :
      1. Target must select all the text in the page to ensure that he copies our hidden malicious lines.
      2. Not working on opera and chrome.
What's the payload user copies ?

PasteJacker gives you the option to do one of this things:

  1. Generate a msfvenom backdoor on our machine and the liner target gonna copy will download the backdoor on the its machine, through wget or certutil depends on the OS, then executes it on the background without printing anything to the terminal.
  2. Serve a liner that gets you a reverse netcat connection on the target machine running in the background of course.
  3. Serve your custom liner like Metasploit web-delivery payload with adding some touches to hide any possible output.

Screenshots (Not updated)

Installing and requirements

  • Python 3 and setuptools module.
  • Linux or Unix-based system (Currently tested only on Kali Linux rolling and Ubuntu 16.04).
  • Third-party requirements like msfvenom but only if you are gonna use the msfvenom option, of course.
  • Third-party library ncurses-dev for Ubuntu (Thanks for @mhaskar).
  • Root access.

Installing

  • For Linux :
git clone https://github.com/D4Vinci/PasteJacker.git
sudo python3 -m pip install ./PasteJacker
sudo pastejacker

Updating the framework or the database

  • On Linux while you are outside the directory
cd PasteJacker && git pull && cd ..
sudo python3 -m pip install ./PasteJacker --upgrade

References

Contact

Donation

If this tool has been useful for you, feel free to thank me by buying me a coffee or more ;)

Coffee

Disclaimer

PasteJacker is created to help in penetration testing and it's not responsible for any misuse or illegal purposes.

Copying a code from this tool or using it in another tool is accepted as you mention where you get it from 😄.

Pull requests are always welcomed :D

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].