1 / 9

DO YOU COPY PASTE YOUR STRONG PASSWORDS? CLIPBOARDME IS HERE TO HACK YOU

Now, itu2019s easy to copy all the victim browsing data automatically and other personal information using one link. Imagine you are working on your system and doing some online shopping or logging into some website or logging into some server. Your password is little bit strong, so you plan to copy your password and paste it to login into shopping portal or server. If you have done this in your past, do not repeat this in Future. Everything you copy on your system, is copied to a temporary place called Clipboard and this copied content to Clipboard can be stolen by a hacker.

securitynewspaper
Download Presentation

DO YOU COPY PASTE YOUR STRONG PASSWORDS? CLIPBOARDME IS HERE TO HACK YOU

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DO YOU COPY PASTE YOUR STRONG PASSWORDS? CLIPBOARDME IS HERE TO HACK YOU INTRODUCTION Now, it’s easy to copy all the victim browsing data automatically and other personal information using one link. Imagine you are working on your system and doing some online shopping or logging into some website or logging into some server. Your password is little bit strong, so you plan to copy your password and paste it to login into shopping portal or server. If you have done this in your past, do not repeat this in Future. Everything you copy on your system, is copied to a temporary place called Clipboard and this copied content to Clipboard can be stolen by a hacker. Today we will walk you through a tool called Clipboardme, which is used to copy clipboard data of the Victim. It can be sometimes your credit card, password or other confidential Information. Using this tool we can also take control of victim’s system, if victims enter this shortcut command “windows + x”, “p”, “ctrl + v” it even injects malicious code. This tool is a built-in python language. ENVIRONMENT   OS: Kali Linux 2019.3 64 bit Kernel-Version: 5.2.0 INSTALLATION STEPS    Use this command to clone the project. Go to /home/iicybersecurity folder git clone https://github.com/thelinuxchoice/clipboardme root@kali:/home/iicybersecurity# git clone https://github.com/thelinuxchoice/clipboardme Cloning into 'clipboardme'... remote: Enumerating objects: 33, done. remote: Counting objects: 100% (33/33), done. remote: Compressing objects: 100% (33/33), done. remote: Total 77 (delta 16), reused 0 (delta 0), pack-reused 44 Unpacking objects: 100% (77/77), 37.72 KiB | 184.00 KiB/s, done.  Use the cd command to enter into clipboardme directory.

  2. root@kali:/home/iicybersecurity# cd clipboardme/ root@kali:/home/iicybersecurity/clipboardme# TOOL EXECUTION STEPS   Now, use this command to launch the tool. bash clipboardme.sh   In the above picture, we see two different attacks to perform Now, let’s choose option 1 inject clipboard content

  3. After selecting the option it will download Ngrok server automatically and starts the PHP server and Ngrok server. The Ngrok server needs authtoken to start. https://ngrok.com/signup use this link to create our account or we can directly login by selecting an option of Google or Github. After login we can see the page in this way   

  4.   Follow the steps to start the Ngrok server In the above picture, we see option 2 connect to your account. Fire that command in our terminal as show below.

  5.  Authtoken successfully saved. Now, launch the tool again and choose option 1  In the above picture, we see a command to expose the server, copy that and open a new terminal to run the command. This will launch the Ngrok server.

  6.  At the bottom of the picture we see two URLs HTTP and HTTPS Copy the HTTPS URL and send it to the victim. If the victim opens the URL in the browser as shown below. Victim open link on machine  It will inject malicious code and start the listener on hacker machine on a particular port.

  7. Now, if the victim copies anything in his machine (like credit card, password or other confidential Information) the data will be sent directly send to hackers’ machine. This data is sent to hacker machine by refreshing the link opened by victim on his/her computer. This process can be auto refreshed by changing webpage code send by a link to victim. The file will be saved as clipboard.txt and it also copies the IP address with the browser name. In our case file is saved at /home/iicybersecurity/clipboardme/     Successfully we got the data from the victim’s machine. We can also use this tool for android phones to copy the data. CONCLUSION Here, we saw how to copy the victim’s clipboard data by sending the one link. So never ever copy your credit card, password or other confidential Information, always get into a habit to enter data manually.

  8. Contact https://www.securitynewspaper.com/ MEXICO 538, Homero #303, Chapultepec Morales, Mexico D.F (Distrito Federal) 11570 INDIA Fifth Floor, HB Twin Tower Netaji Subhash Place, Delhi NCR, 110034

More Related