Hacking systems with the automation of PasteJacking attacks.
The main purpose of the tool is automating (PasteJacking/Clipboard poisoning/whatever you name it) attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there's no tool doing this job the right way :smile:
Now because this attack depends on what the user will paste, I implemented the Metasploit web-delivery module's idea into the tool so when the user pastes into the terminal, you gets meterpreter session on his device :smile:
In short, Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge. From The Windows club definition
So here what I did is automating the original attack and adding two other tricks to fool the user, using HTML and CSS Will talk about it then added meterpreter sessions as I said before.
Using span style attribute to hide our lines by overwriting.
Using span style again but this time to make our text transparent and non-markable.
PasteJacker gives you the option to do one of this things: 1. Generate a msfvenom backdoor on our machine and the liner target gonna copy will download the backdoor on the its machine, through wget or certutil depends on the OS, then executes it on the background without printing anything to the terminal. 2. Serve a liner that gets you a reverse netcat connection on the target machine running in the background of course. 3. Serve your custom liner like Metasploit web-delivery payload with adding some touches to hide any possible output.
git clone https://github.com/D4Vinci/PasteJacker.git sudo python3 -m pip install ./PasteJacker sudo pastejacker
cd PasteJacker && git pull && cd .. sudo python3 -m pip install ./PasteJacker --upgrade
If this tool has been useful for you, feel free to thank me by buying me a coffee or more ;)
PasteJacker is created to help in penetration testing and it's not responsible for any misuse or illegal purposes.
Copying a code from this tool or using it in another tool is accepted as you mention where you get it from :smile:.
Pull requests are always welcomed :D