Micha just implemented an own Captcha-Plugin for wordpress, I just cracked it some minutes later ;)
Micha was annoyed of his previous Captcha-Plugin, neither valid nor beautiful, so he decided to write his own tool for killing bots.
When I saw his new captchas I was wondering wheter he will get further comments. His captchas ask for solution of mathematical problems like or or .. Who the hell wants to calculate that stuff!? Me not! ;)
So I developed a little userscript that solves this problem. When you take a look to the source code of his website you’ll find something like this:
So you see, there is an image created by an external server, an input field where you can put the solution and an input field of the type hidden with a crypt value (seems like a hash^^). The most of you will see several ways to hack this:
- Parse the string of the image like the external server does to create the -image. So you’ll get an arithmetic problem, easy to solve.
- Find out what kind of hash is in the value of the secret hidden input-field and try to find a number that matches that hash, maybe via brute force.
- Solve one captcha and fake the rest ;)
Of course the last solution is the easiest one. So I solved on captcha, solution was
7 and the secret key was
9ee4251f80923e6239ae66ab50a357daa6039f04 , hack done!
The development of the userscript was more than simple:
I think that this script won’t work for a long time, so there is no download available ;) If you want to use it, copy&paste, you know.
Ähm, before anybody starts to blame me, a similar workaround kills also my captcha-solution… :P
- blog (16) ,
- hacked (25) ,
- latex (8) ,
- programming (71) ,
- security (29) ,
- userscript (6) ,
- wordpress (14)