QRLJacker v2.0 – QRLJacking Exploitation Framework

Comments Off on QRLJacker v2.0 – QRLJacking Exploitation Framework

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

What is QRLJacking?

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.

Prerequisites before installing:

  1. Linux or MacOS. (Not working on windows)
  2. Python 3.7+

Installing instructions:

Note: Don’t install QRLJacker and Firefox as root in a regular user’s session because it’s not supported by Firefox which would give error on running modules in framework.

  1. Update Firefox browser to the latest version
  2. Install the latest geckodriver from https://github.com/mozilla/geckodriver/releases and extract the file then do :
    • chmod +x geckodriver
    • sudo mv -f geckodriver /usr/local/share/geckodriver
    • sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
    • sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
  3. Clone the repo with git clone https://github.com/OWASP/QRLJacking then do cd QRLJacking/QRLJacker
  4. Install all the requirements with pip install -r requirements.txt
  5. Now you can run the framework with python3 QrlJacker.py --help

Also read: pwnedOrNot – Find Passwords for Compromised Email Accounts

Tested on

  • Ubuntu 18.04 Bionic Beaver
  • Kali Linux 2018.x and up

Usage

Commandline arguments

usage: QrlJacker.py [-h] [-r ] [-x ] [--debug] [--dev] [--verbose] [-q]

optional arguments:
  -h, --help  show this help message and exit
  -r          Execute a resource file (history file).
  -x          Execute a specific command (use ; for multiples).
  --debug     Enables debug mode (Identifying problems easier).
  --dev       Enables development mode (Reloading modules every use).
  --verbose   Enables verbose mode (Display more details).
  -q          Quit mode (no banner).

Main menu help

General commands
=================
	Command               Description
	---------             -------------
	help/?                Show this help menu.
	os      <command>     Execute a system command without closing the framework
	banner                Display banner.
	exit/quit             Exit the framework.

Core commands
=============
	Command               Description
	---------             -------------
	database              Prints the core version, check if framework is up-to-date and update if you are not up-to-date.
	debug                 Drop into debug mode or disable it. (Making identifying problems easier)
	dev                   Drop into development mode or disable it. (Reload modules every use)
	verbose               Drop into verbose mode or disable it. (Make framework displays more details)
	reload/refresh        Reload the modules database.

Resources commands
==================
	Command               Description
	---------             -------------
	history               Display commandline most important history from the beginning.
	makerc                Save the most important commands entered since start to a file.
	resource  <file>      Run the commands stored in a file.

Sessions management commands
============================
	Command               Description
	---------             -------------
	sessions (-h)         Dump session listings and display information about sessions.
	jobs     (-h)         Displays and manages jobs.

Module commands
===============
	Command               Description
	---------             -------------
	list/show             List modules you can use.
	use      <module>     Use an available module.
	info     <module>     Get information about an available module.
	previous              Runs the previously loaded module.
	search   <text>       Search for a module by a specific text in its name or in its description.

Module menu help

General commands
=================
	Command               Description
	---------             -------------
	help/?                Show this help menu.
	os      <command>     Execute a system command without closing the framework
	banner                Display banner.
	exit/quit             Exit the framework.

Core commands
=============
	Command               Description
	---------             -------------
	database              Prints the core version and then check if it's up-to-date.
	debug                 Drop into debug mode or disable it. (Making identifying problems easier)
	dev                   Drop into development mode or disable it. (Reload modules every use)
	verbose               Drop into verbose mode or disable it. (Make framework displays more details)
	reload/refresh        Reload the modules database.

Resources commands
==================
	Command               Description
	---------             -------------
	history               Display commandline most important history from the beginning.
	makerc                Save the most important commands entered since start to a file.
	resource  <file>      Run the commands stored in a file.

Sessions management commands
============================
	Command               Description
	---------             -------------
	sessions (-h)         Dump session listings and display information about sessions.
	jobs     (-h)         Displays and manages jobs.

Module commands
===============
	Command               Description
	----------            --------------
	list/show             List modules you can use.
	options               Displays options for the current module.
	set                   Sets a context-specific variable to a value.
	run                   Launch the current module.
	use     <module>      Use an available module.
	info    <module>      Get information about an available module.
	search  <text>        Search for a module by a specific text in its name or in its description.
	previous              Sets the previously loaded module as the current module.
	back                  Move back from the current context.

Sessions command help menu

usage: sessions [-h] [-l] [-K] [-s] [-k] [-i]

optional arguments:
  -h   Show this help message.
  -l   List all captured sessions.
  -K   Remove all captured sessions.
  -s   Search for sessions with a specifed type.
  -k   Remove a specifed captured session by ID
  -i   Interact with a captured session by ID.

Jobs command help menu

usage: jobs [-h] [-l] [-K] [-k]

optional arguments:
  -h   Show this help message.
  -l   List all running jobs.
  -K   Terminate all running jobs.
  -k   Terminate jobs by job ID or module name

Taking advantage of the core

Commands autocomplete

The autocomplete feature that has been implemented in this framework is not the usual one you always see, here are some highlights:

  1. It’s designed to fix typos in typed commands to the most similar command with just one tab click so saerch becomes search and so on, even if you typed any random word similar to an command in this framework.
  2. For you lazy-ones out there like me, it can predict what module you are trying to use by typing any part of it. For example if you typed use wh and clicked tab, it would be replaced with use grabber/whatsapp and so on. I can see your smile, You are welcome!
  3. If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
  4. Some less impressive things like autocomplete for options of the current module after set command, autocomplete for modules after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
  5. Finally, you’ll find your normal autocopmletion things you were using before, like commands autocompletion and persistent history, etc…

Automation

  • As you may noticed, you can use a resource file from command-line arguments before starting the framework itself or send commands directly.
  • Inside the framework you can use makerc command like in Metasploit but this time it only saves the correct important commands.
  • There are history and resource commands so you don’t need to exit the framework.
  • You can execute as many commands as you want at the same time by splitting them with semi-colon and many more left to be discovered by yourself.
  • Searching for modules in QRLJacker is so easy, you can search for a module by its name, something written in its description or even the author name.

Demo

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress