Post

TryHackMe - Capture!

Bypass a captcha using python to Brute-force a login page.

Posted
By WafflesExploits
1 min read

Table of Contents

  1. Reconnaissance
  2. Bypassing Captcha

Reconnaissance

  1. The first step to brute-force the login page, is enumerating valid users.
  2. We can use the websites message error for this:
    • The user 'test' does not exist
  3. However, when we try too many invalid attempts, the website requests the user to solve a captcha:
    • e7602b68a6fcd77229fe20a53f5b46c5.png
  4. Fortunately, the captcha only requires solving a simple math expression, which we can bypass using Python.

Bypassing Captcha

The way I bypassed the captcha using Python is as follows:

  1. Send a Post Request.
  2. Use Regex to grab the captcha’s math expression.
  3. Use eval() function to calculate the math expression.
  4. Send a new Post Request with the captcha’s solution.

After bypassing the captcha, I created a Python script to automatically enumerate a valid username and password. You can read it here: script

  • 27d7f1e5831eac700e820e46aa7c5bb3.png
  • 72433eac23039b308c24648fc0d2f4a1.png
  • Note that it should take you some minutes to get the right credentials.

Next, I used the credentials I found to login in the website and got the flag:

  • 14afb718d8675fe949b1eb3c91375270.png
Write-up, TryHackMe, CTF
write-up TryHackMe THM CTF Web Pentest Python Hacking
This post is licensed under CC BY 4.0 by the author.