Tuesday, October 16, 2012

hackyou CTF: PPC 100

Tasks that fell in the PPC category were supposed to be computationally intensive. PPC 100 was an "Anti-Human Captcha." It was a captcha that asked for two large numbers to be added together and submitted, but it was timed. You had to get it within a certain time limit in order to be considered a 'robot.' So it was time for some python scripting. My winning script is shown below.

import urllib2, urllib

# A unique url here prevents server-side caching with varnish.
# This block grabs a unique equation from the server so that
# we can do the math with as new a result as possible
url = 'http://misteryou.ru/ppc100/?aaaaa'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
header = { 'User-Agent' : user_agent }
req = urllib2.Request(url, None, header)
response = urllib2.urlopen(req)
data = response.read()

# We have the data and we need to get the trueanswer field which
# acts as a cookie. Then we grab the equation and do the math.
trueanswer = data.split("'trueanswer' value='")[1].split("'")[0]
equation = data.split('</h2>\n')[1].split('<br>')[0]
equation = equation.replace(' ','').replace('\t','')
answer =  eval(equation)

# Create the appropriate POST parameters
values = {
  'captchatype' : 'hugecaptcha',
  'trueanswer' : trueanswer,
  'answer' : answer
}

# Send the answer and get the response
data = urllib.urlencode(values)
req = urllib2.Request(url, data, header)
response = urllib2.urlopen(req)

# Print the answer
print response.read()

This returned the following string.
Ok, u are robot
Secret is:
1101011
1101001
1101100
1101100
1100001
1101100
1101100
1101000
1110101
1101101
1100001
1101110
1110011
This is a set of 7-bit ASCII characters which translates to 'killallhumans'.

-- suntzu_II

No comments:

Post a Comment