Hacking QR Codes with QRGen to Attack Scanning Devices [Tutorial]

Подписаться 932 тыс.

Просмотров 240 тыс.

50% 1

How to Use QR Codes to Hack Mobile Phones & Scanners
Full Tutorial: nulb.app/x4l5g
Subscribe to Null Byte: goo.gl/J6wEnH
Kody's Twitter: / kodykinzie
QR Codes are a fun way of scanning information with your mobile device on the go. However, this popular technique can be taken advantage of and used to inject malicious code and commands by a knowledgeable hacker. On this episode of Cyber Weapons Lab, we'll introduce you to a malicious QR code generator called QRGen.
Do not attempt to scan any malicious QR codes with a scanner you don't own. Only use for testing on your own devices and networks.
Follow Null Byte on:
Twitter: / nullbytewht
Flipboard: flip.it/3.Gf_0
Weekly newsletter: eepurl.com/dE3Ovb

Хобби

Опубликовано:

11 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 505

@eakerz5642 4 года назад

NullByte hacked his own body and has rewritten the eye lubrication code: saving energy wasted on blinking.

@Hari2897 4 года назад

You are blinking in sync with him, so u don't notice when he blinks , he hacked your eyes so that when he blinks , his users also blink

@lionelmuskwe 4 года назад

eakerz Now that’s a genius joke

@samueltulach 4 года назад

I can't unsee it now lol

@adityaranjan1909 4 года назад

😆😆😆

@drobgyn5615 4 года назад

LOL

@h0nus390 4 года назад

I'm happy you're liking my tool lmao

@jackrendor 4 года назад

Lmao

@h0nus390 4 года назад

@@jackrendor pure wua sei ahahahahahaha non farmk rispondere da gatto ahahaj

@jackrendor 4 года назад

Sto commento dovrebbe arricare fino in cima :')

@h0nus390 4 года назад

@@jackrendor fach you biach

@cillianmaccarthaigh641 3 года назад

@H0nus How could you implement this tool in real life? I love it so far!

@ChillerDragon 4 года назад

It’s nice that you always troubleshoot and point out fixes for problems you had in the video. But you could also fix it for everybody and just do a pullrequest since all those tools are open source. Especially if it is just a typo in the readme.

@FarazKhan-yy4er 4 года назад

kODY! Your my favorite person on RU-vid since i start watching your videos i wanna thank you again and again for the education your providing us i can't thank you enough brother because your the best we've ever got and believe me no one can take your place.

@a3oaar 4 года назад

Can you put a donate link so we can support you when ever we can .

@NullByteWHT 4 года назад

We are working on it but our channel is currently demonetized. You can read more about our issues here: bit.ly/2HmZnNA

@JF-di5el 4 года назад

Null Byte I really want to donate you

@Jelajah_Tutorial99 4 года назад

@@NullByteWHT the infosec community says this policy is broken, because it’s seeing viable educational content also being removed. same with me my video get removed if that youtube force forwading again I will change the Line

@xspy5846 4 года назад

@@NullByteWHT U should create a patreon page :)

@pr0d1gyvisions74 4 года назад

@@NullByteWHT Make a CoinPayments account and accept crypto for donations.

@wolf-war-master 4 года назад

Imagine posting a qr code arround the city that links you to a virus, it would be insane

@NullByteWHT 4 года назад

Chinese cities already have QR codes plastered everywhere thanks to Alipay and WeChat. Just sayin'.

@ChillerDragon 4 года назад

Similar to the usb version but cheeper,

@error-un3fo 4 года назад

that would make a very good hacking game based on qr codes that link you to the next code until you reach a download that can be a virus(fake for funzies) or some sort of reward in game.

@theilluminatimember8896 4 года назад

This has been done already

@gravypadruski462 4 года назад

Make a poster! Scan the qr code get 1 free beer xd

@dropcake 4 года назад

Another great video -- really love your tutorials.

@Rexsisodia 3 года назад

what script for when i scan QR code then directely jump to website ..????

@WhileyisaEskiboy 4 года назад

It annoys me so much that you don't have more subs! Been here for a long time now as you know think it was about 20k subs when we last spoke, your content is superb and yet still you're quality and extremely detailed content is still not getting the recognition you deserve! Your amazing keep it up and thank you for everything you do xxx

@TRADE_OM Год назад

You should see him now!

@hritishkumar3871 4 года назад

One word to describe your channel "Awesome!!"

@waheedakhalid8120 3 года назад

Bdhdnxhx

@emptydarkhouse183 2 года назад

Can u gen a green p qr code?

@x86tejeda 4 года назад

Hi, a question, what's the mame of the app you use in the video yo scan QR codes? Thank you.

@MrRandsauce 4 года назад

if you don't have a system in place to first detect the environment and then pick a known working payload, this is like the bruteforce of qr codes where you get auto-banned the second the person at the til looks at the screen. But definitely a start in bulletproofing your own setup.

@BrandonHadley-kw5jr 23 дня назад

So in the state that I live in we have gas stations that have slot machines you can put money into and gamble. If you win and choose to "cash out" you simply hit the "cash out" button on the machine that you are playing and it prints a ticket with a QR code and you take it to the "prize redemption" machine that scans the QR code on the ticket that your machine printed and voila it spits out the amount you cashed out. Would there possibly be a way to manipulate the QR scanner into thinking that it scanned a winning ticket and to dispense money?

@brianfreund1 4 года назад

At 5:02 shouldn't that be the wordlist defined there as wordlist.txt rather than requirements.txt?

@Trekeyus 4 года назад

Since it is written in python you can generate codes on Android phone via termux and then show the payload QRcode via any image viewer.

@blakryptonite1 4 года назад

QR codes have always been a security concern. Some phones (I think iphone as well, but not sure) can autolaunch a URL, leading to downloading an actual payload.

@malwaretestingfan 4 года назад

I'd imagine how it could go: - Misleading QR code is being scanned, social enginnering will do the work. - QR code lands to a page. Or the page is the scam and a fake form that steals data, or the page contains a exploit that runs code on the affected machine.

@blakryptonite1 4 года назад

it just has to go to a random page with a script running

@prajwalr3985 4 года назад

sir can u pls tell what is the use of this qr codes generate

@5imbah 3 года назад

I think something free on facebook.... when you scan you just get taken to a phishing page. Login, forward the session to facebook and then ask them to sign up for something so they just think it was bullshit. Meanwhile you've got and email and a password..... a lot of people use the same credentials on other sites ....amazon, banking, runescape etc...

@aty4282 3 года назад

@@5imbahbest R U N E S C A P E S C A M

@sandeepvk 4 года назад

Can I do all this in my Mac ? Or Should I get Virtual Box and run Linux in it ?

@bbaovanc 4 года назад

“This one’s trying to etc into the password directory.” WHAT? It said cat /etc/passwd which would display the contents of the file ‘passwd’ in /etc/ on screen. Passwd is not a directory.

@JNCressey 4 года назад

And would 'etc' even make sense as a verb?

@elielvidel 4 года назад

systems generate that directory ..........like chinese software companys

@fjorge8536 3 года назад

Arch Linux user here - I agree what the actual hell is this video? /etc/passwd just has things like your home directory and default login shell ooh scary someone's about to get grocery discounts by finding out my linux username :flushed:

@Sophon96 3 года назад

True, this stuff in the video just screams script kiddie. :rofl:

@rohitzeiq7260 4 года назад

What is the laptop ur using sir?

@neelgohel335 4 года назад

But how that code executes? The QR scanners generally returns a string to copy..no executions made..then how those codes execute implicit?

@philwoodgreene6683 4 года назад

Thank you so much for another absolutely excellent video

@muritisaude112 3 года назад

Hi how can I change the link of these qr codes without the app I made them? Because I didn't see it was a free test:(

@meirknapp 4 года назад

What's the app you're using on Android?

@robinroby88 4 года назад

Can you pls re-upload the social media page spoofing..

@daqa9420 4 года назад

You should have named your channel : ZeroBlindByte

@script7049 4 года назад

i usually understand most of your videos but this is some crazy stuff! Great video by the way

@ghoul5529 4 года назад

Why you are not uploading videos Its been a month

@mrdiamond64 4 года назад

Is there a payload shows a picture and under it text. I want it to show my yt profile picture and my RU-vid channel name

@scientist100 4 года назад

Did you copy the jesters technique or not as sophisticated yet?

@dewasembiring7286 4 года назад

i don't understand, shouldn't the command is ..... -w wordlist.txt not -w requirements.txt?

@Smartpatternacademy 4 года назад

Hey man ilove your videos ❤ but today i wanna Ask you One question. Can i hack Ussd code for sim cards

@aurel202 4 года назад

Imagine someone actually using QRCodes for Locks lmao

@ElGhadraouiTaha 4 года назад

Hello NullByte, I'm impressed by ur videos and thankful for you. i have a question for you please !!! i have a second laptoup to test my pentesting tools (RAT...) , so i was wondering if these tests would do any damage on my second laptoup !!! answer please.

@jurajchladny1952 4 года назад

Depends what do you want to exploit. I recommend using vbox or something. Unless you manage to execute something that deletes all your files then you should be just fine as long as you know what are you doing.

@ElGhadraouiTaha 4 года назад

@@jurajchladny1952 Thank you my friend so much

@brandonproductions2575 4 года назад

Great video like always, is it possible if you could make some more videos about making scripts or pre-made scripts for a rubber ducky by any chance? Thank you

@kishorswaminathan 4 года назад

Keep up the great work, bro

@smartashiq6931 2 года назад

Hi team .... Is it possible to retrieve the 10 % (damaged) blurred QR code?

@tboyrock2 4 года назад

how do the commands on the side of the qr codes u scanned work ??

@Doshvari 4 года назад

This attack on application. in fact ineject some string to application

@user-hk9ec1vl8v 4 года назад

Here in Russia there was an attempt to attack camcorders on the roads, using combinations to exploit vulnerability sql injections, changing car numbers with malicious characters. It can also work on cameras installed on parking. I found a photo for an example from Poland ( spbvoditel.ru/mm/items/2010/4/1/0004/camera.jpg ).

@slacortes2975 3 года назад

NEED HELP! I need to change the link of 3 qr codes, because I did it on the QR Code Generator website and didn't know it was a test for 14 days. If that's not possible I would like the app hacked or cracked QR Code Generator because I need the paid version and I don't have the value. :^(

@fivedice 4 года назад

Great video as always! Also: do you know if it is possible to find someone if you have their google voice number?

@is300_Paul 4 года назад

@furkan2161 4 года назад

Wait can i do a QR code which looks for the connected WIFI code in the Phone?

@haizi7179 4 года назад

Oh my God I've been talking about this for like the past 3 years thank you so much

@xM0nsterFr3ak 4 года назад

i had the idea to put funny images in it, but i dont think it is possible to display it without having a link to a website with that image

@bignig123 4 года назад

is there something like this but with nfc?

@swessels 4 года назад

I've been wondering for years now if someone could perform a SQL Injection using QR codes in a store. Imagine having a QR code on your iPhone display and having the in store price-check scanner scan it, only to have the embedded SQL Injection change the price for the item in the database. I'm sure that's illegal and I've never more than worried about it. I hope that the merchant's software folks have protected their scanner software inputs the same way you would protect other database access software.

@stoptryingtogetmetoregiste8418 3 года назад

You're correct, I'm absolutely convinced that systems handling actual money have the best tech and security on their end. That reminds me to finally send that tip to my bank to upgrade all their ATM from windows XP the bluescreens are getting annoying.

@meh6722 4 года назад

We know you're on AT&T with the magical 5GE lol

@kneesnap1041 4 года назад

Noticed the same thing haha

@Yorak404 3 года назад

How do u save the words list idk what to press

@tysk5729 4 года назад

hello null bite im a bit of a script kiddie that absolutely loves your videos! i love it when you make a video of something thats usefull in real life could you please make a video on how to spoof my cars blackbox preferbly in a bit of a polemon go kind of way where i can decite where my cars myself ? this would make my life a ton easier and cheaper

@brunolopes7311 4 года назад

I wonder if there is a program that acecpts two or more words or symbols and then create a wordlist with all possible combinations with them. thanks

@NullByteWHT 4 года назад

Yes there is! Check out our video on The Mentalist: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-01-Dcz1hFw8.html

@aestheticbeast3288 3 года назад

But what can we do after generating these payloads. I mean other than checking what it contains. LIKE HOW WE CAN USE THEM TO ACCESS THE SCANNING DEVICE. *ASKING OUT OF CURIOSITY*

@ProjectPros 4 года назад

What is ur user name on nullbyte?? Website

@usergrey1390 4 года назад

how can i make my payloads? i mean, in what language are they made?

@cadeathtv 4 года назад

Im confuse, vulnerability of the Device or Application?

@ahadulislam7185 4 года назад

I didn't see any use case

@TechDark 4 года назад

Imagine doing this to bitcoin atm's

@4fortyfour 3 года назад

Then you get all the bitcoins from the atm

@aty4282 3 года назад

How to get rich/in jail 101 lmao

@4fortyfour 3 года назад

@@aty4282 true

@aty4282 3 года назад

@CheeseBall anything done right will grant you success, especially in theese situations. At least in my country, theese noobs exploded atms with a gas tank while they had a classical face mask lmao and guess what, they are still free *insert risitas laugh*

@amnaashraf2512 3 года назад

Plz tell if qr code of contact numbers is hacked what to do to protect my data plzzz

@piercetkwong 4 года назад

wordlist.txt or requirements.txt?

@dwaynejohnson3656 4 года назад

Can anyone tell me the devices he has in his intro?

@franklinfleming1237 3 года назад

Thank you my man i always like to see kool tech lol

@neil7652 4 года назад

Why are you root??? Do you not have a standard user set up?

@tamilselvanr7694 4 года назад

can u explain a method to find the location of a ph number using imei number or normal ph number?

@poojabhandari6659 4 года назад

Can you please make a video on injecting keylogger on a victim device without physical access

@mostafaemvd 4 года назад

A big greeting to your channel from Egypt

@franklinfleming1237 3 года назад

Are they easy to create?

@KataNya-mc2he 4 года назад

Dude can u help me my laptop got nesa virus can u giving solution

@carloscontreras-rq3ms 4 года назад

So sick that's all money null byte much respects to u all

@milliconsolutions5377 2 года назад

Running this on a Samsung tablet with Termux. Pretty dang cool.

@steveagere9963 3 года назад

Keep up the great work, thanks a lot..

@jesse_dickson 4 года назад

So I recently downloaded kali as a dual boot with my windows 10. all good first run through. Now when I do apt update I get no pubkey error. Can you help?

@utkarshsatyaprakash4383 4 года назад

dont worry about that . try using this command : sudo apt-get update && sudo apt-get upgrade sudo apt-get --fix-missing upgrade sudo apt-get update && sudo apt-get upgrade this should fix the issue , if it doesnt , dont worry too much . Public Key is mostly used by people working on .net frameworks. it wont affect u in anyway.

@yasyasmarangoz3577 4 года назад

Is this possible with barcodes?

@hmteam5940 4 года назад

Nullbyte how to download kali Linux 2019.3

@wanyama737 2 года назад

How about in windows?

@supremehiro 4 года назад

Sir my kali wifi is not show how i fix it

@persona-qs5sj 4 года назад

Please what is the intro song ))

@jonathancsoy 4 года назад

My neighbor's WiFi has not password...it is completely open. What kind of attack would you recommend to make some tests?

@shekhar81 4 года назад

man from an open wifi you can get heaven loads of knowledge about whats goin on in their network ....you can see what they are browsing to what the pictures they are seeing and even inject malicious code into their browsers and a lot more ..... possibilities are endless :)

@jonathancsoy 4 года назад

So what tool recommend for do it?

@shekhar81 4 года назад

@@jonathancsoy you can try Wireshark , Cain and Abel , ettercap , driftnet ....and there are many more but these are basic and pretty simple to use

@HemantSingh-vi4eg 4 года назад

Sir please tell me I was using my WiFi and suddenly connection disconnected and on going to device manager it says windows is still setting up the class configuration for this device! (Code 56)

@OwO-. 4 года назад

Step 1. Delete Windows. Step 2. Install Windows.

@Robonova 3 года назад

How do you get the passwords

@burionyt 4 года назад

Can you do this in termux

@definesigint2823 4 года назад

Caveat emptor: Some of the domains in the exploit list (apparently from payloadbox) are currently inhabited by squatters. Nasty trap potential there.

@NullByteWHT 4 года назад

Yeah that's a good point!

@JNCressey 4 года назад

> generate malicious barcodes > they link to domains out of your control Sound like it works as intended 😁

@RichardBuckerCodes 4 года назад

WOW imagine printing QR codes on stickers and just pasting it all over times square.

@Yorak404 3 года назад

at school 😎😎🤡😄

@outrotears9157 3 года назад

It's very easy helped me a lot 😀

@jel4536 3 года назад

Very impressive and useful thanks bro

@handster 4 года назад

How to files tranfer linux to android using ipaddress ..

@vaibhavgavas4691 4 года назад

Request to Null Bytes for making a video on Configuring and installation (OWASP Modsecurity CSR) on parrot os...🙋‍♂️

@digimoy1017 4 года назад

wishing you have a video for pen testing using android phone... thanks I'm waiting...

@utkarshsatyaprakash4383 4 года назад

installl termux on android and follow all the steps that u follow in this video . Most tools work just fine in termux as they have pre-built support for termux. if it doesnt ping the author of tools/script and ask him to upload a support patch for termux. peace.

@poorgang 4 года назад

Thank you so much for the content. You are great. Love from Bangladesh.

@yasyasmarangoz3577 4 года назад

Cool!

@poorgang 4 года назад

Yasyas Marangoz no you.

@yasyasmarangoz3577 4 года назад

@@poorgang thx

@poorgang 4 года назад

Yasyas Marangoz yeah, that’s pretty impressive. But I feel sad that he’s doing all these for free and his channel is fully demonetised. Pretty outrageous!

@yasyasmarangoz3577 4 года назад

@@poorgang Yeah :(

@tanvirsingh6015 4 года назад

Please make videos on mobile too.hacking with phone

@dominicswinton4739 4 года назад

this is interesting, especially considering I was thinking about putting a QR code in my final artwork for my last year in highschool. I was originally planning on just making a page that grabs some data and then redirects to a simple website that just displays a poem or something for "conceptual depth" and then just as a final fuck you to the school system they give me marks for hacking them. but this seems like it would be way more fun even though I doubt it would do much to a phone as demonstrated in the video

@codingfinance6080 Год назад

You alright kid?

@dominicswinton4739 Год назад

@@codingfinance6080 nah cunts fucked

@mofassil_noor_alif 4 года назад

I'm a big fan of yours... 😍

@solace6717 4 года назад

Get a room....

@Bianchi77 2 года назад

Keep it up, nice video clip, thanks for sharing it :)

@26gtx86 4 года назад

Can I use it for hacking what’s up

@navindujani6167 4 года назад

my ip diplay as 172.xx.xx.x like this..whtas the reson

@aswinreji2364 3 года назад

Super.....becoz sucessfully worked....thanks bro

@lipinkariappa3550 3 года назад

Sir,is it possible to add msf payloads to these qr codes using qr gen,if it is possible please make video on that sir,please i would be very grateful to you,please sir.......