Monday 1 February 2016

Captcha_me_if_you_can exploit

Also one of the programming challenges from root-me.

Statement
Break the CAPTCHA to be able to validate it in less than 3 seconds.

Exploit
import requests
import os
import base64
import re
import subprocess
import urllib

fil = open('file2.png','w')
r = requests.get('hidden_URL')
resp = r.text
ses = r.cookies
express = r'data:image/png;base64,(.*)" /><br><br>'
res = re.search(express,resp)
res = res.group(1)
res = base64.b64decode(res)
fil.write(res)
fil.close()
lolek = subprocess.Popen(['gocr -i file2.png'], shell=True, stdout=subprocess.PIPE).communicate()[0]
lolek = lolek.replace("\n","")
lolek = lolek.replace("\r","")
lolek = lolek.replace(" ","")
lolek = lolek.replace(",","")
lolek = lolek.replace("_","")
#print lolek

value = {'cametu':lolek}
post_data = urllib.urlencode(value)
rex = requests.post('hidden_URL',cookies = ses,data = value)
print rex.text