TenRepeatedCAPTCHA
This is the demo of weak CAPTCHA design. The vulnerability exists because the application has limited dictionary of CAPTCHA puzzle. They keep on repeating, this makes an attacker carefully observe them and note down the answers manually and crack it the next time they repeat using automated tool. Its usage:
- Save the two files in a folder in your root directory
- Go to browser and load captcha.php
GooglereCAPTCHA/
This is a demo of weak CAPTCHA implementation. Here we see that how can a perfectly designed CAPTCHA be bypassed if it is not implemented properly. Its usage:
- Save all the files in a folder in root directory
- All of them are independent of each other.
- So you can load any file from browser.
Exploits/
These are exploits that target weak design and implementation. Its usage is:
- Have ruby installed on your PC
- Save these files in a folder and host a application from files given in this url: https://github.com/securelayer7/Captch-Bypass-Vulnerable-Script
- Open command prompt and navigate to that folder
- Type for example: ruby ArithmeticExploit.rb
ArithmeticCAPTCHA
- Save the two files in a folder in your root directory
- Go to browser and load captchaarith.php
Thank you!
If you have any question always shoot me email or twit at @securelayer7