In this post, we’ll discuss a clipboard poisoning attack. The tool we’ll use for it is called pastehakk, and it can be used on both Linux and Termux devices. It was entirely written in a shell application.
A clipboard poisoning or paste jacking attack tool. There are many tools for carrying out this type of attack, but most of them are no longer available, and none of them allow users to use their own HTML files, so I devised this.
What exactly is Clipboard Poisoning?
The attacker takes use of the ability that browsers now give developers to automatically add content to a user’s clipboard. In this kind of attack, malicious websites take over the clipboard on your device and change its contents without your awareness.
This technique can be used to persuade people to execute seemingly safe commands. If the user copies and pastes the contents into the terminal, the malicious code will take precedence over the legitimate code, and the attacker will be able to execute remote code on the user’s host.
Install Pastehakk Tool on Linux
Step 1: To download this tool, first, enter the following command on your terminal.
git clone https://github.com/3xploitGuy/pastehakk.git
Step 2: You must change the directory to pastehakk tool after downloading the utility, therefore use the command below.
cd pastehakk
Step 3: To run this tool, type the following command into your terminal.
bash pastehakk.sh
Usage
Enter command to inject: This command will be executed when the target copies something from our website and pastes it into the terminal, so be careful with it. Before typing a command, make sure to know your destination. For Windows, type the Windows commands, and for Linux, do the same.
Enable anonymous mode (y/n): After executing the injected command, anonymous mode clears the terminal and history, resulting in no logs being created. Please keep in mind that if your target is Linux, use anonymous mode; for Windows, append “clear” to the end of the command.
HTML file to infect (path): Enter the location on your device where the HTML file is located. If your file doesn’t include a body tag, the script will display an error.
I sincerely hope you find this page to be extremely helpful. If you have any questions, please use the command box below to contact me.