y .

c o m mb o rs ki
em eith S a
Exopderty ofahKoo.com
HTML5
Pers
o n a l pr myAttacks
l_
69@
y

Pastejacking

Copyright © Exdemy.com
Pastejacking
● Research about Paste Hijacking attack and create a legitimate web page
c o m
which contains apt-get install apache2 command Sambor
y . s k i

● Ex dem
Then in the above command embed theync
r t o f K e
-vvlp
. c
h
it8888
o m -e /bin/bash command
and when the victim runs apt-getp r pe apache2
oinstall o
yaho the embedded command
ona l my6
9 @
runs as well Pe r s l _

Copyright © Exdemy.com
Pastejacking - Solution
● You can find a basic Pastejacking exploit here:
○
y . c o m mb o rs ki
https://github.com/dxa4481/Pastejacking/blob/master/index.html
● x d e m
E operty oahoo.com
What this exploit actually do is change e
userfclipboard
K
S a
ith when user is trying to
copy the command
o n a l pr my69@y
PeItrsonly takesl_ the keydown event, then creates a hidden
● How is that possible?
textarea and copies the content of the textarea (which contains the malicious
command within)
○ User’s browser copies the malicious command instead of the selected text
● This method only works when user tries to copy with the keyboard
● You can get the solution page from here:
○ https://exdemy.com/advanced-web-hacking/attachment/chapter05-pastejacking.html

Copyright © Exdemy.com
 y . c o m mb o rs ki
em eith S a
Exopderty ofahKoo.com
nal pr 69@
y
Pe r s o l_my

Copyright © Exdemy.com