Copy and Paste, the two commands that makes everyone’s life much easier, however thanks to technology advancements on the Internet, this simple two-step process may not be as safe as you once thought, especially for technology users.
When browsing on the Internet, there are a number of technology websites which are available that allow technical users to copy and paste code examples to make their lives easier, however if not sanity checked, there may be more to the pasted text than the user thought.
What is PasteJacking?
This manipulation of data is called PasteJacking, web browsers allow developers of websites to automatically add content to a user’s clipboard when following certain conditions.
PasteJacking with CSS
CSS (Cascading Style Sheets) is one of the main technologies that runs on all current websites, across all devices, primarily used to define the appearance of the site, it can however be used for other uses such as PasteJacking.
Hacker Jann Horn has a demo that shows just this technique which works on a Linux/OS X machine which is shown on his website thejh.net. This example shows some code to clone a Git repository.
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
However, what actually happens when you copy and then paste the code above is something very much different. When pasted, the code still clones a git source repository, however before this is executed a personalised warning message along with the first line of your password file. As you can imagine this is not what you want to happen.
git clone /dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust!Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwdgit clone git://git.kernel.org/pub/scm/utils/kup/kup.git
There’s no getting around the fact that using copy and paste from web articles is a very handy feature and everyone does it on a daily basis more than likely. When it comes to the more technical people, lick programmers, hackers, administrators and geeky people the Internet is a honey pot for all things useful. Code examples are everywhere, popular websites such as StackOverflow are there is example code snippets just waiting to be picked.
Image copying an example from the internet straight into a Linux terminal window that looks correct, but there is a malicious command which has been appended to the end of the clipboard, this command runs all the command that you expected, but then also proceeds to wipe your whole hard drive. Image what that would be like if you were running it on a production environment.
If you are copying and pasting things from the Internet, it’s advisable to copy and paste the code of choice into a text editor, such as notepad and check to make sure there is nothing else appended to the code block. Then once it’s been sanity checked, you can then copy and paste the new code and paste into the destination.
Hope you enjoyed this blog article.