Hacking QR Codes with QRGen to Attack Scanning Devices [Tutorial]
Рет қаралды 242,003
Күн бұрын
@eakerz5642 5 жыл бұрын
NullByte hacked his own body and has rewritten the eye lubrication code: saving energy wasted on blinking.
@Hari2897 5 жыл бұрын
You are blinking in sync with him, so u don't notice when he blinks , he hacked your eyes so that when he blinks , his users also blink
@lionelmuskwe 5 жыл бұрын
eakerz Now that’s a genius joke
@samueltulach 5 жыл бұрын
I can't unsee it now lol
@adityaranjan1909 5 жыл бұрын
😆😆😆
@drobgyn5615 4 жыл бұрын
LOL
@h0nus390 5 жыл бұрын
I'm happy you're liking my tool lmao
@jackrendor 5 жыл бұрын
Lmao
@h0nus390 5 жыл бұрын
@@jackrendor pure wua sei ahahahahahaha non farmk rispondere da gatto ahahaj
@jackrendor 5 жыл бұрын
Sto commento dovrebbe arricare fino in cima :')
@h0nus390 5 жыл бұрын
@@jackrendor fach you biach
@cillianmaccarthaigh641 4 жыл бұрын
@H0nus How could you implement this tool in real life? I love it so far!
@a3oaar 5 жыл бұрын
Can you put a donate link so we can support you when ever we can .
@NullByteWHT 5 жыл бұрын
We are working on it but our channel is currently demonetized. You can read more about our issues here: bit.ly/2HmZnNA
@JF-di5el 5 жыл бұрын
Null Byte I really want to donate you
@Jelajah_Tutorial99 5 жыл бұрын
@@NullByteWHT the infosec community says this policy is broken, because it’s seeing viable educational content also being removed. same with me my video get removed if that youtube force forwading again I will change the Line
@xspy5846 5 жыл бұрын
@@NullByteWHT U should create a patreon page :)
@pr0d1gyvisions74 5 жыл бұрын
@@NullByteWHT Make a CoinPayments account and accept crypto for donations.
@wolf-war-master 5 жыл бұрын
Imagine posting a qr code arround the city that links you to a virus, it would be insane
@NullByteWHT 5 жыл бұрын
Chinese cities already have QR codes plastered everywhere thanks to Alipay and WeChat. Just sayin'.
@ChillerDragon 5 жыл бұрын
Similar to the usb version but cheeper,
@error-un3fo 5 жыл бұрын
that would make a very good hacking game based on qr codes that link you to the next code until you reach a download that can be a virus(fake for funzies) or some sort of reward in game.
@theilluminatimember8896 5 жыл бұрын
This has been done already
@gravypadruski462 5 жыл бұрын
Make a poster! Scan the qr code get 1 free beer xd
@ChillerDragon 5 жыл бұрын
It’s nice that you always troubleshoot and point out fixes for problems you had in the video. But you could also fix it for everybody and just do a pullrequest since all those tools are open source. Especially if it is just a typo in the readme.
@blakryptonite1 5 жыл бұрын
QR codes have always been a security concern. Some phones (I think iphone as well, but not sure) can autolaunch a URL, leading to downloading an actual payload.
@malwaretestingfan 5 жыл бұрын
I'd imagine how it could go: - Misleading QR code is being scanned, social enginnering will do the work. - QR code lands to a page. Or the page is the scam and a fake form that steals data, or the page contains a exploit that runs code on the affected machine.
@blakryptonite1 5 жыл бұрын
it just has to go to a random page with a script running
@prajwalr3985 5 жыл бұрын
sir can u pls tell what is the use of this qr codes generate
@5imbah 4 жыл бұрын
I think something free on facebook.... when you scan you just get taken to a phishing page. Login, forward the session to facebook and then ask them to sign up for something so they just think it was bullshit. Meanwhile you've got and email and a password..... a lot of people use the same credentials on other sites ....amazon, banking, runescape etc...
@aty4282 3 жыл бұрын
@@5imbahbest R U N E S C A P E S C A M
@bbaovanc 5 жыл бұрын
“This one’s trying to etc into the password directory.” WHAT? It said cat /etc/passwd which would display the contents of the file ‘passwd’ in /etc/ on screen. Passwd is not a directory.
@JNCressey 4 жыл бұрын
And would 'etc' even make sense as a verb?
@elielvidel 4 жыл бұрын
systems generate that directory ..........like chinese software companys
@fjorge8536 3 жыл бұрын
Arch Linux user here - I agree what the actual hell is this video? /etc/passwd just has things like your home directory and default login shell ooh scary someone's about to get grocery discounts by finding out my linux username :flushed:
@Sophon96 3 жыл бұрын
True, this stuff in the video just screams script kiddie. :rofl:
@Trekeyus 5 жыл бұрын
Since it is written in python you can generate codes on Android phone via termux and then show the payload QRcode via any image viewer.
@Rexsisodia 3 жыл бұрын
what script for when i scan QR code then directely jump to website ..????
@emptydarkhouse183 2 жыл бұрын
Can u gen a green p qr code?
@TechDark 5 жыл бұрын
Imagine doing this to bitcoin atm's
@4fortyfour 4 жыл бұрын
Then you get all the bitcoins from the atm
@aty4282 3 жыл бұрын
How to get rich/in jail 101 lmao
@4fortyfour 3 жыл бұрын
@@aty4282 true
@aty4282 3 жыл бұрын
@CheeseBall anything done right will grant you success, especially in theese situations. At least in my country, theese noobs exploded atms with a gas tank while they had a classical face mask lmao and guess what, they are still free *insert risitas laugh*
@meh6722 5 жыл бұрын
We know you're on AT&T with the magical 5GE lol
@kneesnap1041 5 жыл бұрын
Noticed the same thing haha
@daqa9420 5 жыл бұрын
You should have named your channel : ZeroBlindByte
@brianfreund1 5 жыл бұрын
At 5:02 shouldn't that be the wordlist defined there as wordlist.txt rather than requirements.txt?
@Алексей-о9б4г 5 жыл бұрын
Here in Russia there was an attempt to attack camcorders on the roads, using combinations to exploit vulnerability sql injections, changing car numbers with malicious characters. It can also work on cameras installed on parking. I found a photo for an example from Poland ( spbvoditel.ru/mm/items/2010/4/1/0004/camera.jpg ).
@selfiebridge6222 5 жыл бұрын
I saw it! I saw it! I saw you blinking one time😅 somebody give me nobel 😂
@rp479 5 жыл бұрын
Selfie Bridge Mr. Nobel has passed away and you can’t have him
@selfiebridge6222 5 жыл бұрын
@@rp479 but i can get the prize instead, can't i?😆
@dewasembiring7286 5 жыл бұрын
i don't understand, shouldn't the command is ..... -w wordlist.txt not -w requirements.txt?
@WhileyisaEskiboy 5 жыл бұрын
It annoys me so much that you don't have more subs! Been here for a long time now as you know think it was about 20k subs when we last spoke, your content is superb and yet still you're quality and extremely detailed content is still not getting the recognition you deserve! Your amazing keep it up and thank you for everything you do xxx
@TRADE_OM Жыл бұрын
You should see him now!
@MrRandsauce 5 жыл бұрын
if you don't have a system in place to first detect the environment and then pick a known working payload, this is like the bruteforce of qr codes where you get auto-banned the second the person at the til looks at the screen. But definitely a start in bulletproofing your own setup.
@tboyrock2 5 жыл бұрын
how do the commands on the side of the qr codes u scanned work ??
@Doshvari 5 жыл бұрын
This attack on application. in fact ineject some string to application
@hopehowdoyoufeel 5 жыл бұрын
Imagine someone actually using QRCodes for Locks lmao
@the6thcenth878 2 жыл бұрын
yo ill pay to make me a covid qr passport that works
@drewg2676 2 жыл бұрын
Same. My country is getting tyrannical
@piercetkwong 5 жыл бұрын
wordlist.txt or requirements.txt?
@swessels 4 жыл бұрын
I've been wondering for years now if someone could perform a SQL Injection using QR codes in a store. Imagine having a QR code on your iPhone display and having the in store price-check scanner scan it, only to have the embedded SQL Injection change the price for the item in the database. I'm sure that's illegal and I've never more than worried about it. I hope that the merchant's software folks have protected their scanner software inputs the same way you would protect other database access software.
@stoptryingtogetmetoregiste8418 4 жыл бұрын
You're correct, I'm absolutely convinced that systems handling actual money have the best tech and security on their end. That reminds me to finally send that tip to my bank to upgrade all their ATM from windows XP the bluescreens are getting annoying.
@FarazKhan-yy4er 5 жыл бұрын
kODY! Your my favorite person on KZbin since i start watching your videos i wanna thank you again and again for the education your providing us i can't thank you enough brother because your the best we've ever got and believe me no one can take your place.
@hritishkumar3871 5 жыл бұрын
One word to describe your channel "Awesome!!"
@waheedakhalid8120 3 жыл бұрын
Bdhdnxhx
@BrandonHadley-kw5jr 3 ай бұрын
So in the state that I live in we have gas stations that have slot machines you can put money into and gamble. If you win and choose to "cash out" you simply hit the "cash out" button on the machine that you are playing and it prints a ticket with a QR code and you take it to the "prize redemption" machine that scans the QR code on the ticket that your machine printed and voila it spits out the amount you cashed out. Would there possibly be a way to manipulate the QR scanner into thinking that it scanned a winning ticket and to dispense money?
@ahadulislam7185 5 жыл бұрын
I didn't see any use case
@RichardBuckerCodes 4 жыл бұрын
WOW imagine printing QR codes on stickers and just pasting it all over times square.
@Yorak404 3 жыл бұрын
at school 😎😎🤡😄
@fivedice 5 жыл бұрын
Great video as always! Also: do you know if it is possible to find someone if you have their google voice number?
@is300_Paul 5 жыл бұрын
?
@digimoy1017 5 жыл бұрын
wishing you have a video for pen testing using android phone... thanks I'm waiting...
@utkarshsatyaprakash4383 5 жыл бұрын
installl termux on android and follow all the steps that u follow in this video . Most tools work just fine in termux as they have pre-built support for termux. if it doesnt ping the author of tools/script and ask him to upload a support patch for termux. peace.
@prankerganster3985 2 жыл бұрын
Do this to a McDonald’s hahaha
@ElGhadraouiTaha 5 жыл бұрын
Hello NullByte, I'm impressed by ur videos and thankful for you. i have a question for you please !!! i have a second laptoup to test my pentesting tools (RAT...) , so i was wondering if these tests would do any damage on my second laptoup !!! answer please.
@jurajchladny1952 5 жыл бұрын
Depends what do you want to exploit. I recommend using vbox or something. Unless you manage to execute something that deletes all your files then you should be just fine as long as you know what are you doing.
@ElGhadraouiTaha 5 жыл бұрын
@@jurajchladny1952 Thank you my friend so much
@brunolopes7311 5 жыл бұрын
I wonder if there is a program that acecpts two or more words or symbols and then create a wordlist with all possible combinations with them. thanks
@NullByteWHT 5 жыл бұрын
Yes there is! Check out our video on The Mentalist: kzbin.info/www/bejne/ZmKQdZawZs15rZo
@sandeepvk 5 жыл бұрын
Can I do all this in my Mac ? Or Should I get Virtual Box and run Linux in it ?
@coffeeklutz9318 4 жыл бұрын
NullByte reminds me of Kevin Rose from the TechTV days
@NullByteWHT 4 жыл бұрын
Nice, I don't think I've heard that one before.
@definesigint2823 4 жыл бұрын
Caveat emptor: Some of the domains in the exploit list (apparently from payloadbox) are currently inhabited by squatters. Nasty trap potential there.
@NullByteWHT 4 жыл бұрын
Yeah that's a good point!
@JNCressey 4 жыл бұрын
> generate malicious barcodes > they link to domains out of your control Sound like it works as intended 😁
@muritisaude112 3 жыл бұрын
Hi how can I change the link of these qr codes without the app I made them? Because I didn't see it was a free test:(
@franciscolucarini8761 5 жыл бұрын
Which Mac do you use?
@franciscolucarini8761 5 жыл бұрын
Plz bro answer me
@twistedsocal 5 жыл бұрын
dude, Macs come in so many different varieties lol, macbook, MacBook air and MacBook pro, that's about it now isn't it. Pick one, configure it to your hearts content and call it a day. It's a Mac so config ie spec out is where they differ and even then just by speed and battery life. lok
@franciscolucarini8761 5 жыл бұрын
@@twistedsocal u which one u prefer?
@twistedsocal 5 жыл бұрын
@@franciscolucarini8761 I prefer not a Mac, not that I have an issue with them, just that I am a PC guy and since Macs now use the same hardware ie...no more proprietary CPU stuff like they used to before switching over to Intel, I don't see the value in going Mac over anything else. If I were to buy one I guess I would get the MacBook pro, I would config it with at minimum 32 gig of memory, a core I7 unless they offered better and 1 or if available 2 Nvme SSD. pick up a thunderbolt 3 dock, all the little dongles to connect everything from USB c or tb3 to everything else and go from there. That is just me though.
@franciscolucarini8761 5 жыл бұрын
@@twistedsocal thank you so much
@milliconsolutions5377 3 жыл бұрын
Running this on a Samsung tablet with Termux. Pretty dang cool.
@jonathancsoy 5 жыл бұрын
My neighbor's WiFi has not password...it is completely open. What kind of attack would you recommend to make some tests?
@shekhar81 5 жыл бұрын
man from an open wifi you can get heaven loads of knowledge about whats goin on in their network ....you can see what they are browsing to what the pictures they are seeing and even inject malicious code into their browsers and a lot more ..... possibilities are endless :)
@jonathancsoy 5 жыл бұрын
So what tool recommend for do it?
@shekhar81 5 жыл бұрын
@@jonathancsoy you can try Wireshark , Cain and Abel , ettercap , driftnet ....and there are many more but these are basic and pretty simple to use
@tysk5729 5 жыл бұрын
hello null bite im a bit of a script kiddie that absolutely loves your videos! i love it when you make a video of something thats usefull in real life could you please make a video on how to spoof my cars blackbox preferbly in a bit of a polemon go kind of way where i can decite where my cars myself ? this would make my life a ton easier and cheaper
@tanvirsingh6015 5 жыл бұрын
Please make videos on mobile too.hacking with phone
@philwoodgreene6683 5 жыл бұрын
Thank you so much for another absolutely excellent video
@robinroby88 5 жыл бұрын
Can you pls re-upload the social media page spoofing..
@x86tejeda 5 жыл бұрын
Hi, a question, what's the mame of the app you use in the video yo scan QR codes? Thank you.
@meirknapp 4 жыл бұрын
What's the app you're using on Android?
@s.n.d.e2025 3 жыл бұрын
Your having to scan you ticket on a vaccine passport with a QR code reader apparently??? Just though
@wanyama737 2 жыл бұрын
How about in windows?
@dropcake 5 жыл бұрын
Another great video -- really love your tutorials.
@brandonproductions2575 5 жыл бұрын
Great video like always, is it possible if you could make some more videos about making scripts or pre-made scripts for a rubber ducky by any chance? Thank you
@cadeathtv 5 жыл бұрын
Im confuse, vulnerability of the Device or Application?
@neelgohel335 5 жыл бұрын
But how that code executes? The QR scanners generally returns a string to copy..no executions made..then how those codes execute implicit?
@mofassil_noor_alif 5 жыл бұрын
I'm a big fan of yours... 😍
@solace6717 5 жыл бұрын
Get a room....
@ghoul5529 5 жыл бұрын
Why you are not uploading videos Its been a month
@zodindev3860 5 жыл бұрын
Maybe he's born with it maybe it's amphetamiiiines
@HemantSingh-vi4eg 5 жыл бұрын
Sir please tell me I was using my WiFi and suddenly connection disconnected and on going to device manager it says windows is still setting up the class configuration for this device! (Code 56)
@OwO-. 5 жыл бұрын
Step 1. Delete Windows. Step 2. Install Windows.
@scientist100 5 жыл бұрын
Did you copy the jesters technique or not as sophisticated yet?
@ramananaik358 5 жыл бұрын
Sir... I'm indian...I want to learn Hacking...Can u teach me...plzzz
@gravypadruski462 5 жыл бұрын
Ask ur local boys for help! Indians are already good at it
@BilalHassan-wm5ev 5 жыл бұрын
Please video on CVE-2019-2107
@owotuna 5 жыл бұрын
Looks pretty scary...
@Jeroennijhuis 5 жыл бұрын
Why not try to teach people some programming languages like bash and python or maybe even C . Because you’ve done enough script reviews maybe it’s time to change some things up , so people will actually be able to make scripts on their own.
@RaveTsukii 5 жыл бұрын
Mh are you a human i mean you don't blink .-.
@geoffreyzziwambazza7862 Жыл бұрын
Ok what is your secret on not blinking?
@mrdiamond64 5 жыл бұрын
Is there a payload shows a picture and under it text. I want it to show my yt profile picture and my KZbin channel name
@dominicswinton4739 5 жыл бұрын
this is interesting, especially considering I was thinking about putting a QR code in my final artwork for my last year in highschool. I was originally planning on just making a page that grabs some data and then redirects to a simple website that just displays a poem or something for "conceptual depth" and then just as a final fuck you to the school system they give me marks for hacking them. but this seems like it would be way more fun even though I doubt it would do much to a phone as demonstrated in the video
@codingfinance6080 Жыл бұрын
You alright kid?
@dominicswinton4739 Жыл бұрын
@@codingfinance6080 nah cunts fucked
@Alan_Jacob 5 жыл бұрын
Shows 1 view with 21 likes and 3 comments xD
@twistedsocal 5 жыл бұрын
145 views 2 min later
@burnthechurch2423 5 жыл бұрын
Libtard trash. Trump 2020
@rohitzeiq7260 5 жыл бұрын
What is the laptop ur using sir?
@Yorak404 3 жыл бұрын
How do u save the words list idk what to press
@xristoss.2037 5 жыл бұрын
He looks like Sheldon from "the big bang theory"😂
@utkarshsatyaprakash4383 5 жыл бұрын
blink sometimes bro , my mother gets shit scared when she sees me watching your videos .
@TheAnalystradioprogram 5 жыл бұрын
This is end. These new rules have channels running scared. They produce less and less content. I enjoyed this channel while it lasted.
@StarsManny Ай бұрын
Video starts at 0:30
@Hdtjdjbszh 4 жыл бұрын
Basically SnowCrash for phones
@lamarrotabil5504 5 жыл бұрын
Can you make a video on ARP Spoofing/ARP Poisoning
@nickelhacksz4793 5 жыл бұрын
yah
@shekhar81 5 жыл бұрын
@lamarr there are already endless videos on this topic see em
@haizi7179 5 жыл бұрын
Oh my God I've been talking about this for like the past 3 years thank you so much
@Smartpatternacademy 5 жыл бұрын
Hey man ilove your videos ❤ but today i wanna Ask you One question. Can i hack Ussd code for sim cards
@Robonova 4 жыл бұрын
How do you get the passwords
@saurrav3801 5 жыл бұрын
Bro where r u ........new SIM vulnerability is here......
@jesse_dickson 5 жыл бұрын
So I recently downloaded kali as a dual boot with my windows 10. all good first run through. Now when I do apt update I get no pubkey error. Can you help?
@utkarshsatyaprakash4383 5 жыл бұрын
dont worry about that . try using this command : sudo apt-get update && sudo apt-get upgrade sudo apt-get --fix-missing upgrade sudo apt-get update && sudo apt-get upgrade this should fix the issue , if it doesnt , dont worry too much . Public Key is mostly used by people working on .net frameworks. it wont affect u in anyway.
@xM0nsterFr3ak 5 жыл бұрын
i had the idea to put funny images in it, but i dont think it is possible to display it without having a link to a website with that image
@bignig123 5 жыл бұрын
is there something like this but with nfc?
@RavinderSingh-nq7lu 3 жыл бұрын
Can u help me sir 😭😭😭 We received your information If we still find that you're not old enough to be on Facebook, your account will remain disabled. This is because your account doesn't follow our Terms of Service. We're always looking out for the security of people on Facebook, so until then you can't use your account.
@poojabhandari6659 5 жыл бұрын
Can you please make a video on injecting keylogger on a victim device without physical access
@lem0ndadedcorner994 3 жыл бұрын
Hmmm dude why not put a warning into the start of the video saying this is for. Education purpose only You must do it to avoid any legal risks
@amnaashraf2512 3 жыл бұрын
Plz tell if qr code of contact numbers is hacked what to do to protect my data plzzz
@furkan2161 5 жыл бұрын
Wait can i do a QR code which looks for the connected WIFI code in the Phone?
@Yash_J 5 жыл бұрын
He is real kind of a hacker... Don't believe me? Check his eye ..... You could never see him blink
@slacortes2975 3 жыл бұрын
NEED HELP! I need to change the link of 3 qr codes, because I did it on the QR Code Generator website and didn't know it was a test for 14 days. If that's not possible I would like the app hacked or cracked QR Code Generator because I need the paid version and I don't have the value. :^(
@carloscontreras-rq3ms 5 жыл бұрын
So sick that's all money null byte much respects to u all
@skreet7251 3 жыл бұрын
Hacking nasa has been a child hood dream of mines just saying
@yasyasmarangoz3577 4 жыл бұрын
Is this possible with barcodes?
@supremehiro 5 жыл бұрын
Sir my kali wifi is not show how i fix it
@vaibhavgavas4691 5 жыл бұрын
Request to Null Bytes for making a video on Configuring and installation (OWASP Modsecurity CSR) on parrot os...🙋♂️
@TheAnalystradioprogram 5 жыл бұрын
Kody please check in. We are all worried. Are you ok?
@smartashiq6931 2 жыл бұрын
Hi team .... Is it possible to retrieve the 10 % (damaged) blurred QR code?
@aestheticbeast3288 4 жыл бұрын
But what can we do after generating these payloads. I mean other than checking what it contains. LIKE HOW WE CAN USE THEM TO ACCESS THE SCANNING DEVICE. *ASKING OUT OF CURIOSITY*
@aballa-l4q 5 жыл бұрын
Hello sir can you please send post a video of downloading kali Linux and setup plz I tried to watch your previous videos but it didn’t work so plz make a new video 🙏🙏🙏🙏🙏🙏
@YoutubeShorties69 5 жыл бұрын
Hey i can help you with that...Text me on Instagram -> qesharaku
@MKVD 5 жыл бұрын
Just don't install Kali
@sbubble5332 5 жыл бұрын
Keep getting distracted to follow from such magnetic energy, or attraction! ;P
@VH-eq2ci 5 жыл бұрын
I have damaged a Lild scanner. But they just restarting it I think. It was a few years ago.
@VH-eq2ci 5 жыл бұрын
@@wiktorn4268 ah yes :D
@ani-zxk Жыл бұрын
ok I can confirm this repo doesn't work on mac os
Loi Liang Yang
Рет қаралды 1,2 МЛН
Christiaan008
Рет қаралды 1,6 МЛН
Ranveer Allahbadia
Рет қаралды 729 М.
David Bombal
Рет қаралды 64 М.