Try Hack me — Advent Of Cyber 2023 Day 16 Write Up — Can’t CAPTCHA this Machine! | by Leendert Coenen | Dec, 2023

December 17, 2023 admin TensorFlow 0


Room: Advent of Cyber 2023 Day 16

Try Hack me — Advent Of Cyber 2023 Day 16 Write Up — Can’t CAPTCHA this Machine!

CAPTCHA, which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a security measure designed to distinguish between human users and automated bots.

However with the help of machine learning we will have a machine pass this turing test. Enabling us to brute force a login page regardless of the CAPTCHA.

A lot has already been done for us. We are provided a data set and with the help of tensorflow, we can train a CNN model that is able to do OCR (Recognition of charachters) to pass the CAPTCHA test.

Starting off by spinning up a Docker container. And making a connection to it.

Launching Docker Container

Inside of the docker container we convert the training data into a TensorFlow record. (This step is not necessary as it has already been done for us)

Training the model

While training the model we get some feedback.

  • Loss: Loss is the CNN’s prediction error. The closer the value is to 0, the smaller our prediction error.
  • Perplexity: Perplexity refers to how uncertain the CNN is in its prediction. The closer the value is to 1, the more certain the CNN is that its prediction is correct.

After training we test the model:

Testing the model

And finally we arrive at the fun stuff, which the bruteforcing itself. This is done with a Python script that will go over these steps:

  1. Set up a webserver hosting our CNN model
  2. Retrieve CAPTCHA from the login page
  3. Send CAPTCHA to hosted CNN model
  4. CNN model solves CAPTCHA / return solution
  5. Evaluate probability and continue or discard
  6. Submut CAPTCHA with login attempt, and fill in password from password list
  7. Repeat until correct password was used

Let’s dive into what this script is doing:

  1. First, we load the libraries that will be used. We’ll mainly make use of Python’s request library to make the web requests on our behalf.
  2. Next, we load our password list, which will be used for the brute force attacks.
  3. In a loop, we will perform our brute force attack, which consists of the following steps:
  4. Make a request to the HQ admin portal to get the cookie values and CAPTCHA image.
  5. Submit the CAPTCHA image to our hosted CNN model.
  6. Determine if the prediction accuracy of the CNN model was high enough to submit the CAPTCHA attempt.
  7. Submit a brute force request to the HQ admin portal with the username, password, and CAPTCHA attempt.
  8. Read the response from the HQ admin portal to determine what to do next.

I highly recommend to read through the Python script in detail.

Let’s run our brute force attack using the following commands in a terminal window:

Copy the model from the container back to the attack machine:

cd /ocr/ && cp -r model /tempdir/

Spin up a new docker container that runs the model:

docker run -t --rm -p 8501:8501 -v /tmp/data/model/exported-model:/models/ -e MODEL_NAME=ocr tensorflow/serving

Run the Python script:

cd ~/Desktop/bruteforcer && python3 bruteforce.py
Output of BruteForce attack
Asnwer to Task 6

Happy Hacking!

💡 If you want to stay updated with what I’m working on. Follow me and Subscribe! 🔔

Medium LinkedInTwitter Substack





Source link

Be the first to comment

Leave a Reply

Your email address will not be published.


*