CAPTCHA enhancement for Nuke... |
|
 wizkid writes "If you are wondering where the nice security code system came from well here is a little background, as well as some code to make the security code a bit harder for scripts to decipher.
Background:
CAPTCHA is A computer-generated test that humans can pass but computer programs cannot (taken from wordspy, http://www.wordspy.com/words/captcha.asp)
Well there is a nice site on CAPTCHA's, http://www.captcha.net/ they have a few of the most common versions with samples of some of them.
Well who has noticed that PHP-NUKE's version of this system is easily bypassed with computer scripts? (yes I have had my computer OCR read the screen and deciper the numbers) Well I have come up with a little harder to decipher version, it is basically just based on a (slightly larger image), along with no JPG to build the background but instead very light circles under the numbers which are printed twice with a slight offset & in different colors. While not too hard to read 90% of the images, it does offer a huge advantage in protecting the sites from script-kiddies.
If you are wondering how I managed to beat the security code image, well you can do it by hand. (if you have an OCR program) Here is what you need to do to beat the code.
Open a Login Page (with the code)
Screen Capture the page (or use similiar web tools to save the image to the HD, but this way is for the people who don't want to use wget, or crazy tools..)
Stick the image into photoshop (or similiar image program, such as GIMP)
Chop the image area out of the rest of the image
Do a color range selection (fro the hash image, not the numbers)
Convert it to white.
Save the resulting picture
send it to your OCR software
Wondering how to do it automatically? Use Macros & Windows Scripting. :) (only thing Microsoft ever did right, well for people looking to break things... lol)
You can load a login page (using wget)
Look for the security image IMG tag
use Wget to grab the image
now repeat using photoshop (or GIMP)
run through OCR (any that supports OLE or scripting will be the best..) (which I believe there is a GPL program too..)
Now you got the code, fake the login.
See why there is a need for a stronger system?
Well here is some modded code to make the login look like Yahoo!(tm) or other big sites... lol
function gfx($random_num) {
global $prefix, $db, $module_name;
require("config.php");
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
# $image = ImageCreateFromJPEG("modules/$module_name/images/code_bg.jpg");
Header("Content-type: image/jpeg");
$image = ImageCreate(100,20);
$white=ImageColorAllocate($image,255,255,255);
ImageFilledRectangle($image,0,0,100,20,$white);
for ($cnt=0; $cnt<12; $cnt++) {
$text_color = ImageColorAllocate($image, intval(rand(200,255)), intval(rand(200,255)), intval(rand(200,255)));
# Depending on your PHP use one of imageellipse or imagearc
#ImageEllipse($image,($cnt*8),10,intval(rand(15,30)),intval(rand(15,30)), $text_color);
ImageArc($image,($cnt*8),10,intval(rand(15,30)),intval(rand(15,30)),0,360, $text_color);
}
for ($idx=0; $idx
$text_color = ImageColorAllocate($image, intval(rand(0,128)), intval(rand(0,128)), intval(rand(0,128)));
$text_color1 = ImageColorAllocate($image, intval(rand(0,128)), intval(rand(0,128)), intval(rand(0,128)));
ImageString ($image, intval(rand(1,5)), 12+($idx*14), 2, substr($code,$idx,1), $text_color);
ImageString ($image, intval(rand(1,5)), 11+($idx*14), 2, substr($code,$idx,1), $text_color1);
}
ImageJPEG($image, '', 75);
ImageDestroy($image);
die();
}"
|
|
Posted on Saturday, October 18 @ 16:33:30 CEST by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 4.2
Votes: 5
|
|
|
|
|
|
