A tool to perform clipboard poisoning or paste jacking attack. There are many tools for performing this type of attack but I found most of them are dead and none of them provides user to use their own html files, so I came up with this.
Browsers now allow developers to automatically add content to a user's clipboard and the attacker exploits this feature. It is a type of attack where the malicious websites take control of your device's clipboard and replace it's content to something harmful without your knowledge.
This method can be used to entice users into running seemingly innocent commands. The malicious code will override the innocent code, and the attacker can gain remote code execution on the user's host if the user pastes the contents into the terminal.
- Enter command to inject :
Be careful with this, it is the command which will be get excuted when the target copies something from our website and pastes it into the terminal. Know your target first before entering the command, if its windows type the windows commands and same for the Linux. - Enable anonymous mode (y/n) :
The anonymous mode clears the terminal after executing the injected command and cleares the history as well, so no logs are being created. Please note that use anonymous mode if your target is Linux for Windows append ";clear" at the end of the command. - HTML file to infect (path) :
Enter the path to the HTML file, where it is stored on your device. Make sure your file contains <body> tag else the script will show an error.
- Linux or Unix-based system
~ ❯❯❯ git clone https://github.com/3xploitGuy/pastehakk.git
~ ❯❯❯ cd pastehakk
~/pastehakk ❯❯❯ chmod +x pastehakk.sh
~/pastehakk ❯❯❯ ./pastehakk.sh
Gmail
Instagram
Blog
Website
YouTube
PasteHakk is created to help in penetration testing and it's not responsible for any misuse or illegal purposes.
This work by 3xplotGuy is licensed under the terms of the GNU General Public License v3.0.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent