Dashboard Articles Playground Discussions More
Follow

Simple and More Complex Captcha Bypass

735Tesla
10 years ago | edited 10 years ago

1

I do not yet have any code written down, but just as a concept, what about a captcha bypassing level? I know this is a common problem in many websites. A simple example could be that the user just has to send a get request to a given url and the captcha will be considered complete. A more complex level could user a randomly generated token that has to be posted to a certain page, but is visible in the source as a hidden form input or something similar. The goal could be to make X number of requests in Y seconds using an automated script.

I’m just throwing out ideas, there is probably a better way to test whether the user has actually bypassed the mechanism or is just solving the captcha

8replies
4voices
281views
Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

[quote=735Tesla]I’m just throwing out ideas[/quote]
You gotta create it first.

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
Magical Cat Does Hax [magicalcatwithhax]
10 years ago

0

freewind1012 is right.Personaly I would love to challenge a level like this :)

735Tesla
10 years ago

0

Okay, I’ve been playing around with some php and I think I have what I want. I will create a pull request when I’m done. Is there any documentation on how the HackThis code is organized or should I just read through and try to figure out?

Cyan Wind [freewind1012]
10 years ago

0

Do you mean HackThis!! source code for everything (articles, users, forum…) or just for levels?

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
735Tesla
10 years ago

0

I was referring to the HackThis!! source code I found on github. Is there a different way to submit levels?

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

1

The source code which you have found on GitHub is everything you can see on HackThis!! at this moment, except for levels. Think about it: Would users try to solve the levels if they could read all passwords in PHP files somewhere?

I believe that the code of all levels (HTML / PHP / the method to check password…) is stored in database. Therefore, the only choice which you can do to submit your idea is directly PM to @flabbyrabbit .

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
735Tesla
10 years ago

0

Is there a certain format my code should follow? At the moment it’s just plain html with a few lines of php as the backend.

Abhi
10 years ago

0

I don’t know….but according to me…..If not all…then your code should at least convey what logic does your level works upon….at least , flabbyrabbit should understand how the level is working….besides…it should also have the basic coding structure containing your code for the level !!

 

“ENJOY LEARNING AS YOU HACK !! ”
Image

You must be logged in to reply to this discussion. Login
1 of 9

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss