Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Malicious QR Code with QRGen
The QR codes are machine-readable data formats used for anything that needs to be scanned automatically. It is possible to exploit the common vulnerabilities using exploits packed into custom QR codes as it is everywhere, from product packaging to airline boarding passes, etc. Hacker used a tool QRGen that create malicious QR codes to target vulnerable devices. QR code attacks are potent because humans can't read or understand the information contained in a QR code without scanning it, potentially exposing any device used to attempt to decipher the code to the exploit contained within. A human can't spot a malicious QR code before actually scanning it, the relatively large payload of a QR code can work to a hacker's advantage, especially when combined with vulnerable devices. The tool QRGen will take a payload and encode it into a QR code using Python.
QRGen comes with a built-in library that contains lots of popular exploits, which is extremely useful if you have time to sit down with the same device you're looking to exploit and find out which one works. For a penetration tester looking to audit anything that uses a QR code scanner, merely buying the same scanner and running through the exploits can lead you to get the scanner to behave in unexpected ways. The categories of payloads available on QRGen can be accessed by using the -l flag and a number while running the script. The number and payload type are listed below.
Command Injection
Format String
String Fuzzing
SQL Injection
Directory Traversal
LFI
XSS
Install QRGen
To start with QRGen, we'll need to download the repository from GitHub do perform the command below in a terminal window.
git clone https://github.com/h0nus/QRGen cd QRGen pip3 install -r requirements.txt
Generate Malicious QR Codes from a Payload Type
After installing the packing, you can run the script by typing python3 qrgen.py as following −
To start, let's create a payload containing format string payloads. To do so, run QRGen with the following argument.
Finally, a series of QR codes will be generated, and the last one that was created will open automatically.
598 Views
