The Metasploit Framework has added a crafty new feature to Meterpreter, Metasploit's custom exploit payload, which improves clipboard monitoring. When it comes to Metasploit, I’m an admitted novice, but it’s a useful and popular tool. So while I’m far from an expert on it, I try and keep up with it’s development. Today, the topic is clipboards – or more to the point – monitoring them and collecting useful information from them during pen testing. Clipboard monitoring in Metasploit has been around for some time, but it has always been a one-off. It kept the pentester waiting for data to appear, unless they wrote their own Meterpreter script to check the clipboard constantly, something that many Metasploit users are hesitant to do. However, developer OJ Reeves has removed the clunky aspects of the feature and created a Meterpreter script that polls the clipboard in near real-time, while making intelligent calls about the data types that are called by the clipboard. For example, it can tell the difference between text, images, and binaries. In short, explained Tod Beardsley, Metasploit’s engineering manager, the new clipboard monitor acts like a streaming source of clipboard data. Asked about the feature, when stacked against password and data managers such as KeePass, which erase the clipboard in order to boost security and prevent snooping, Wei Chen (@_sinn3r), exploit engineer at Rapid7, said it wouldn’t matter. “KeePass’ ability to reset after X seconds is useless against our clipboard monitor. As soon as you copy something, we got you.” In an email to Salted, Reeves said he created the feature as a way to give back to the Metasploit community, and because he wanted to show people how easy it is to build extensions for Meterpreter for the ground up. “Clipboard functionality is cool, and I know it mucks with my workflow, which means it’ll surely muck with other people’s [workflows] too. It’s a bit disruptive which is exciting… “I ran it on my own desktop while I was doing a day’s work, just to test it. And what’s amazing is that while passwords are gold for pentesters, it’s quite amazing what other stuff makes it onto your clipboard during the working day. “The amount of information that you can pull is huge, and even though it’s just “metadata” it can provide quite a profile of the habits of the user you’re watching. Stuff appears on the clipboard that you really didn’t think would be valuable but is. The timestamping thing in particular is useful as you can start to get a timetable together of someone’s working habits.. making it easy to target them for other things.” The new clipboard feature has been pushed to the Framework. Users of Metasploit Pro, Community, and Express editions will have it before the end of the month. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe