.png)
1 year ago
80 BOOK THIS SPACE FOR AD
ARTICLE ADHello, Hunters. You are here because you are struggling or want to advance in your career. Believe me, things take time. Be consistent, continue to learn, and never deceive yourself. If you follow these three mantras, you will undoubtedly achieve success.
What is the definition of a captcha?
A captcha solution, in my opinion, is mostly used to avoid bots and ensure that the user behind the app is a real human.
I find a subscription endpoint with a captcha filter like this:
http://example.com/captcha/captchaCheck? in one application.
This quickly drew my attention, so I went to the source page:
<form action=”/captcha/captchaCheck” method=”post”>
<input name=”hash” value=”09573e52f752f3f7e8230b65aa34b8a8c08a4d22" type=”hidden”>
<input name=”emailAddress” value=”Pentest@email.com” type=”hidden”>
<input name=”name” value=”” type=”hidden”>
<input name=”enteredValue” size=”25" type=”text”>
<input value=”Subscribe” type=”submit”>
</form>
When you look at the form, you’ll notice two interesting parameters:
”hash” (encryption hash) and ”enteredValue” (number value of the captcha)
I then sent the form after filling out the captcha:
I wanted to understand the functionality and behavior of this captcha at this point, I found this:
Nice, so it’s fairly simple: if the request’s parameters match, it will be approved. The tricky question is, can that hash be decrypted?
So I Accepted the challenge! start searching on google got one result start working on it.
So I paste the hash in my terminal and try to decrypt with “dcipher” or any decryption tool that can be used.
(Decipher hashes using online rainbow tables [hash toolkit, GromWeb, MD5Hashing] & lookup table attack services.)
Nice! Decrypted: OK! If you notice the 6 digits number is equal to the captcha image below:
We have all thing with us so now we can create a simple bot for this attack!
I created a bot in python for PoC purposes to show how an attacker can easily bypass this captcha behavior and abuse his functionality:
1) The bot first requested the captcha-protected subscription page at https://company.com/captcha/form/?
2) A bot will scrape the page to find the “hash” value parameter.
3) Bot unlocks the Hash (dcipher)
4) The bot generates a POST request to http://company.com//captcha/captchaCheck using the decrypted value and automatically fills out all user form fields with random values (email, name, address, etc)
5) A bot sent a POST request while avoiding the captcha.
Impact on Security
For spamming or other nefarious purposes, an attacker can construct a bot to get around the captcha and automate the process of sending an endless number of requests to multiple URLs or lists with random or phoney users, emails, or IP addresses (collect data, analyze traffic behaviors, etc)
Source: Medium
Thank you for reading !! hope you get to learn some tricks.
Subscribe to the Shuttlertech YouTube channel for more of this type of content and to watch live POCs. To encourage me to write more, follow me on medium and click the clap icon.
Bengali (Bangladesh) · 
English (United States) ·