1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is the method of this encoding?

Discussion in 'BlackHat Lounge' started by ImacrosGuy, Jul 19, 2014.

  1. ImacrosGuy

    ImacrosGuy BANNED BANNED

    Joined:
    Apr 20, 2014
    Messages:
    56
    Likes Received:
    43
    Hey,

    I'm trying to figure out how to decode a javascript based captcha.

    Some examples:

    'lAFqxqYHhlkEaZyNPO0NGQGwKjOliIxFMFZMOVgNW%2fg%3d' == '6HCOI'

    'WHwvopiJKG0oKCrhkearTIkWkYl%2fGLcebPNwWODRfBw%3d' == '7JDBK'

    Engine of the captcha:

    Code:
    [COLOR=#000000]<%@ WebHandler Language="C#" Class="GetImgText" %>[/COLOR]/*
    
    Scrambled text generator.
    Developed by: Aref Karimi
    Email: Arefkr@gmail.com
    Last update: 20 October 2009
    
    This code is free to use. 
     
    */
    using System;
    using System.Web;
    using System.Collections.Generic;
    using System.Drawing;
    
    public class GetImgText : IHttpHandler {
        
        public void ProcessRequest (HttpContext context) {
            context.Response.ContentType = "image/jpeg";
            var CaptchaText = SecurityHelper.DecryptString(
                Convert.FromBase64String(context.Request.QueryString["CaptchaText"]));
            if (CaptchaText != null)
            {
                List<Letter> letter = new List<Letter>();
                int TotalWidth = 0;
                int MaxHeight = 0;
                foreach (char c in CaptchaText)
                {
                    var ltr = new Letter(c);
                    letter.Add(ltr);
                    int space = (new Random()).Next(5) + 1;
                    ltr.space = space;
                    System.Threading.Thread.Sleep(1);
                    TotalWidth += ltr.LetterSize.Width+space;
                    if (MaxHeight < ltr.LetterSize.Height)
                        MaxHeight = ltr.LetterSize.Height;
                    System.Threading.Thread.Sleep(1);
                }
                const int HMargin = 5;
                const int VMargin = 3;
    
                Bitmap bmp = new Bitmap(TotalWidth + HMargin, MaxHeight + VMargin);
                var Grph = Graphics.FromImage(bmp);
                Grph.FillRectangle(new SolidBrush(Color.Lavender), 0, 0, bmp.Width, bmp.Height);
                Pixelate(ref bmp);
                Grph.CompositingQuality = System.Drawing.Drawing2D.CompositingQuality.HighQuality;
                Grph.SmoothingMode = System.Drawing.Drawing2D.SmoothingMode.HighQuality;
                int xPos = HMargin;
                foreach (var ltr in letter)
                {
                    Grph.DrawString(ltr.letter.ToString(), ltr.font, new SolidBrush(Color.Navy), xPos, VMargin );
                    xPos += ltr.LetterSize.Width + ltr.space;
                }
                
                bmp.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Jpeg);
            }
        }
     
        public bool IsReusable {
            get {
                return false;
            }
        }
        private void Pixelate(ref Bitmap bmp)
        {
            Color[] Colors = { Color.Gray , Color.Red, Color.Blue, Color.Olive };
            for (int i = 0; i < 200; i++)
            {
                var rnd = new Random(DateTime.Now.Millisecond);
                var grp = Graphics.FromImage(bmp);
                Image background = Image.FromFile(HttpContext.Current.Server.MapPath("~/images/captcha/captcha3.jpg"));
                grp.DrawImage(background, new Rectangle(0, 0, bmp.Width, bmp.Height));
            }
        }
     [COLOR=#000000]}[/COLOR]
     
  2. divok

    divok Senior Member

    Joined:
    Jul 21, 2010
    Messages:
    1,015
    Likes Received:
    634
    Location:
    http://twitter.com/divok
  3. Macthetrix

    Macthetrix Regular Member

    Joined:
    Feb 21, 2013
    Messages:
    379
    Likes Received:
    390
    Occupation:
    The Boss
    Location:
    Silicon Valley
    The whole point of a hash is that you cant reverse it.
    A database stores hashed passwords so even if someone gets access to it he wont be able to reverse it and get the passwords.
     
    Last edited: Jul 19, 2014
  4. ImacrosGuy

    ImacrosGuy BANNED BANNED

    Joined:
    Apr 20, 2014
    Messages:
    56
    Likes Received:
    43
    So there is no chance to break the captcha from the codes i guess?