You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 287 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
CAPTCHA enhancement for Nuke...
Securitywizkid writes "If you are wondering where the nice security code system came from well here is a little background, as well as some code to make the security code a bit harder for scripts to decipher.



Background:
CAPTCHA is A computer-generated test that humans can pass but computer programs cannot (taken from wordspy, http://www.wordspy.com/words/captcha.asp)

Well there is a nice site on CAPTCHA's, http://www.captcha.net/ they have a few of the most common versions with samples of some of them.

Well who has noticed that PHP-NUKE's version of this system is easily bypassed with computer scripts? (yes I have had my computer OCR read the screen and deciper the numbers) Well I have come up with a little harder to decipher version, it is basically just based on a (slightly larger image), along with no JPG to build the background but instead very light circles under the numbers which are printed twice with a slight offset & in different colors. While not too hard to read 90% of the images, it does offer a huge advantage in protecting the sites from script-kiddies.

If you are wondering how I managed to beat the security code image, well you can do it by hand. (if you have an OCR program) Here is what you need to do to beat the code.

Open a Login Page (with the code)
Screen Capture the page (or use similiar web tools to save the image to the HD, but this way is for the people who don't want to use wget, or crazy tools..)
Stick the image into photoshop (or similiar image program, such as GIMP)
Chop the image area out of the rest of the image
Do a color range selection (fro the hash image, not the numbers)
Convert it to white.
Save the resulting picture
send it to your OCR software

Wondering how to do it automatically? Use Macros & Windows Scripting. :) (only thing Microsoft ever did right, well for people looking to break things... lol)

You can load a login page (using wget)
Look for the security image IMG tag
use Wget to grab the image
now repeat using photoshop (or GIMP)
run through OCR (any that supports OLE or scripting will be the best..) (which I believe there is a GPL program too..)
Now you got the code, fake the login.

See why there is a need for a stronger system?

Well here is some modded code to make the login look like Yahoo!(tm) or other big sites... lol

function gfx($random_num) {
global $prefix, $db, $module_name;
require("config.php");
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
# $image = ImageCreateFromJPEG("modules/$module_name/images/code_bg.jpg");
Header("Content-type: image/jpeg");

$image = ImageCreate(100,20);

$white=ImageColorAllocate($image,255,255,255);
ImageFilledRectangle($image,0,0,100,20,$white);

for ($cnt=0; $cnt<12; $cnt++) {
$text_color = ImageColorAllocate($image, intval(rand(200,255)), intval(rand(200,255)), intval(rand(200,255)));

# Depending on your PHP use one of imageellipse or imagearc
#ImageEllipse($image,($cnt*8),10,intval(rand(15,30)),intval(rand(15,30)), $text_color);
ImageArc($image,($cnt*8),10,intval(rand(15,30)),intval(rand(15,30)),0,360, $text_color);
}

for ($idx=0; $idx $text_color = ImageColorAllocate($image, intval(rand(0,128)), intval(rand(0,128)), intval(rand(0,128)));
$text_color1 = ImageColorAllocate($image, intval(rand(0,128)), intval(rand(0,128)), intval(rand(0,128)));
ImageString ($image, intval(rand(1,5)), 12+($idx*14), 2, substr($code,$idx,1), $text_color);
ImageString ($image, intval(rand(1,5)), 11+($idx*14), 2, substr($code,$idx,1), $text_color1);

}

ImageJPEG($image, '', 75);
ImageDestroy($image);
die();
}"
Posted on Saturday, October 18 @ 16:33:30 CEST by Zhen-Xjell
 
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 4.2
Votes: 5


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: CAPTCHA enhancement for Nuke... (Score: 1)
by anthonyaykut on Thursday, October 23 @ 03:49:13 CEST
(User Info | Send a Message) http://www.frame4.com/
Has anyone made this change?? Is it working OK??



Re: CAPTCHA enhancement for Nuke... (Score: 1)
by bigdaddyebk on Thursday, November 20 @ 16:55:31 CET
(User Info | Send a Message) http://www.superpimped.com
Is there a way to have this cope support png's or gif's?

Has anyone gotten this to work on their PHP-Nuke website?


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.277 Seconds - 162 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::