QRLJacker v2.0 – QRLJacking framework de explotacion de QR

0
1086
views

QRLJacker es un framework de explotación altamente personalizable para demostrar ” el vector de ataque QRLJacking  ” para mostrar lo fácil que es secuestrar los servicios que dependen del código QR como método de autenticación e inicio de sesión. ¡El código como la principal forma de acceder a los usuarios a diferentes servicios!

Requisitos antes de instalar

  1. Linux or MacOS. (No funciona en windows)
  2. Python 3.7+

Instalación

  • Actualiza el navegador Firefox a la última versión.
  • Instale el último geckodriver de https://github.com/mozilla/geckodriver/releases y extraiga el archivo:
    • chmod +x geckodriver
    • sudo mv -f geckodriver /usr/local/share/geckodriver
    • sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
    • sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
  • Clone el repositorio con git clone https://github.com/OWASP/QRLJacking luego cd QRLJacking/QRLJacker
  • Instale todos los requisitos con pip install -r requirements.txt
  • Ahora puede ejecutar el marco con python3 QrlJacker.py --help

Probado en

  • Ubuntu 18.04 Bionic Beaver
  • Kali Linux 2018.xy superior

USO

Argumentos de linea de comandos

usage: QrlJacker.py [-h] [-r ] [-x ] [--debug] [--dev] [--verbose] [-q]

optional arguments:
  -h, --help  show this help message and exit
  -r          Execute a resource file (history file).
  -x          Execute a specific command (use ; for multiples).
  --debug     Enables debug mode (Identifying problems easier).
  --dev       Enables development mode (Reloading modules every use).
  --verbose   Enables verbose mode (Display more details).
  -q          Quit mode (no banner).

Menu de ayuda principal

General commands
=================
 Command               Description
 ---------             -------------
 help/?                Show this help menu.
 os           Execute a system command without closing the framework
 banner                Display banner.
 exit/quit             Exit the framework.

Core commands
=============
 Command               Description
 ---------             -------------
 database              Prints the core version and then check if it's up-to-date.
 debug                 Drop into debug mode or disable it. (Making identifying problems easier)
 dev                   Drop into development mode or disable it. (Reload modules every use)
 verbose               Drop into verbose mode or disable it. (Make framework displays more details)
 reload/refresh        Reload the modules database.

Resources commands
==================
 Command               Description
 ---------             -------------
 history               Display commandline most important history from the beginning.
 makerc                Save the most important commands entered since start to a file.
 resource        Run the commands stored in a file.

Sessions management commands
============================
 Command               Description
 ---------             -------------
 sessions (-h)         Dump session listings and display information about sessions.
 jobs     (-h)         Displays and manages jobs.

Module commands
===============
 Command               Description
 ---------             -------------
 list/show             List modules you can use.
 use           Use an available module.
 info          Get information about an available module.
 previous              Runs the previously loaded module.
 search          Search for a module by a specific text in its name or in its description.

Menu de ayuda de sesiones

usage: sessions [-h] [-l] [-K] [-s] [-k] [-i]

optional arguments:
  -h   Show this help message.
  -l   List all captured sessions.
  -K   Remove all captured sessions.
  -s   Search for sessions with a specifed type.
  -k   Remove a specifed captured session by ID
  -i   Interact with a captured session by ID.

Menu de ayuda de trabajos

usage: jobs [-h] [-l] [-K] [-k]

optional arguments:
  -h   Show this help message.
  -l   List all running jobs.
  -K   Terminate all running jobs.
  -k   Terminate jobs by job ID or module name

Video

Descarga QRLJacking

Toda la información proporcionada en este medio es para fines educativos, en ningún caso alguno se hace responsable e cualquier mal uso de la información. Toda la información es para el desarrollo e investigación de métodos de seguridad informática.

No olvides visitar nuestra hacking shop

shop