Friday, January 11, 2013

Bypassing C@PTCHAs by Impersonating C@PTCHA Providers




C@PTCHA service providers validate millions of C@PTCHAs each day and protect thousands of websites against the bots. A secure C@PTCHA generation and validation ecosystem forms the basis of the mutual trust model between the C@PTCHA provider and the consumer. A variety of damage can occur if any component of this ecosystem is compromised.

During Analysis of the C@PTCHA integration libraries provided by several C@PTCHA providers (including reC@PTCHA) revealed that almost all of the C@PTCHA verification API’s relied on plain text HTTP protocol to perform C@PTCHA validation. Because of this, the C@PTCHA provider’s identity was not validated, message authentication checks were not performed and the entire C@PTCHA validation was performed on an unencrypted channel. This vulnerability was also reported to reC@PTCHA team several months back.

If you decompile the .NET Plugin, you'll be able to pull out reC@PTCHA's verification URL, which demonstrates the absense of HTTPS:



In the current scenario, two types of attacks can be launched against vulnerable C@PTCHA implementations. These attacks are based on the assumption that an attacker is able to intercept the C@PTCHA validation traffic between target website and the C@PTCHA provider.

Private Key Compromise

Most of C@PTCHA providers issue private and public keys to identify a particular consumer and to enforce an upper limit on the number of C@PTCHAs used by them. Private keys are often sent over to the C@PTCHA provider during the C@PTCHA validation process. If the public and private keys are sent using plain text HTTP, an attacker could sniff the private keys and:

  1. Use the C@PTCHA service for without registering for the service by using the captured keys.
  2. Exhaust the target web site’s C@PTCHA quota for the service, which depending on the C@PTCHA provider may cause a wide variety of unexpected issues.

The C@PTCHA Clipping Attack

The following image describes what I call the "C@PTCHA Clipping Attack". Notice that steps 5 and 6 in blue would be the normal operation of events. We'll go into the attack in a little more detail below.



Since the website’s application server acts as a client to C@PTCHA provider during steps 5 and 6 (in blue) and the application server often neglects to validate the C@PTCHA provider’s identity and the session integrity checks, an attacker may be able to impersonate the C@PTCHA provider and undermine the anti-automation protection (steps 5 and 6 in red). C@PTCHA validation responses are mostly Boolean (true or false, success or failure, pass or fail, 0 or 1). The response format and its contents are also publicly available as part of C@PTCHA provider’s API documentation. This allows an attacker to easily construct the finite set of possible responses, impersonate the C@PTCHA provider, and perform malicious C@PTCHA validation for the application servers.

To exploit this vulnerability an attacker performs the following:

  1. The attacker acts as a legitimate application user and submits a large number of requests to the web application.
  2. At the same time, he/she intercepts C@PTCHA validation requests, masquerades as the C@PTCHA provider and approves all submitted requests.

Masquerading as the C@PTCHA provider and not forwarding the C@PTCHA validation requests to the actual C@PTCHA provider is the C@PTCHA Clipping Attack.

clipc@ptcha

clipcaptcha is a proof of concept exploitation tool that specifically targets the vulnerabilities discussed above and allows complete bypass of C@PTCHA provider protection. clipcaptcha is built on the sslstrip codebase and has the following features:

  1. Performs signature based C@PTCHA provider detection and clipping.
  2. Can be easily extended to masquerade as any C@PTCHA provider by adding corresponding signatures to the configuration XML file.
  3. Has built in signatures of several C@PTCHA providers including reC@PTCHA, OpenC@PTCHA, C@ptchator etc…
  4. Logs POST requests that match any supported C@PTCHA provider to capture private and public keys. Unmatched requests are forwarded as is.
  5. clipcaptcha supports five operational modes. These are “monitor”, “stealth”, “avalanche”, “denial of service” and “random”.



Download

clipc@ptcha can be downloaded.....
Posted by at No comments:

Monday, August 29, 2011

Hello Friends, today i am going to explain how to hack or crack Internet Download Manager (IDM) manually. IDM is the best Internet download manager available on internet but its not free and its cracked or patched versions contains viruses.

NO MORE WARNING OF FAKE SERIAL KEY AT ALL….
internet download manager idm

internet download manager idm

Using this hack you can register the Internet Download Manager (IDM) for free using you own credentials i.e register on your Name and email ID.

I am explaining the manual hacking method because most of my users said that patch and keygen contain viruses.

This hack also works for trail IDM that means download a trail IDM from there site and register the professional i.e. full version of IDM with your credentials for free using my hack.

 

Hack or crack IDM manually :

Step 1: Download the IDM trial or If you already have IDM installed Update it by going to Help—}} then to check for Updates.If you don’t wanna update your version, Just click on Registration.

Step2: When you click on registration, Now a new dialog(window) appears that is asking for Name, Last Name, Email Address and Serial Key.

Step3: Now Enter you name, last name, email address and in field of Serial Key enter any of the following Keys:

RLDGN-OV9WU-5W589-6VZH1
HUDWE-UO689-6D27B-YM28M
UK3DV-E0MNW-MLQYX-GENA1
398ND-QNAGY-CMMZU-ZPI39
GZLJY-X50S3-0S20D-NFRF9
W3J5U-8U66N-D0B9M-54SLM
EC0Q6-QN7UH-5S3JB-YZMEK
UVQW0-X54FE-QW35Q-SNZF5
FJJTJ-J0FLF-QCVBK-A287M

And click on ok to register.

Step4: After you click ok, it will show an error message that you have registered IDM using fake serial key and IDM will exit. Now here the hack starts.

Step5: Now Go to START => Then go to RUN and type the following text and click enter:

notepad %windir%\system32\drivers\etc\hosts


Step6: Now right click on hosts file and go to its properties, then go to security tab and then select your admin account, just below u will see an edit button (in front of change permissions), Now give the user full control and write and read rights and then click on apply and then click on Ok, now u will be able to edit the hosts file and save changes in it.

Detail Note about Granting Permission In Windows7:

For Windows 7 users, due to security reasons you will not be able to save hosts file.so follow this steps :
First of all go to C:/ drive then go to Windows Folder and then go to System32 folder and then go to Drivers folder and then go to Etc Folder, in the Etc folder you will see the hosts file.

Now right click on hosts file and go to its properties then go to Security tab select Users under Group or user names and click on edit button,Permission For Host Window will get open, in that window select Users account and grant permission in bellow section which is “Permission for SYSTEM” by clicking all checkbox under “Allow” Name and press Ok.Dnt click on any Deny check box.

Note : if you have login through admin then skip this step6 .Its just for granting permission for editing file.

Step7: Now a notepad file appears something like this as shown below:
add cod in the hosts file idm















Now copy the below lines of code and add to hosts file as shown above image box :

127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com

 

After adding these piece of code, save the notepad file. And exit from there.
Now start your Internet download manager, and now you IDM has been converted to full version and specially when you update next time, your registration will not expire.

That means it will remain full version for life time and you can update it without any problem in future.


full version licence idm

full version licence idm

I hope you are now able to convert your Trial version of IDM into Full Version. If you have any problem in this tutorial on
How To Hack and Crack IDM,
please mention it in comments.Enjoy ………
Posted by at No comments:
Labels:

Tuesday, May 17, 2011

Airtel new back query

bq

?0.facebook.com/?zout=1
or ?m.facebook.com/?zout=1
guys use with default MO settings working with resume support.....in uc or any handler working in maximum states of india working in. .. Jharkhand
karnataka
banglore
uttarakhand..... Uttarpardesh
Working in maharastra with opera only not in uc as user wil reply i'l ad sm more states .
quite disappointing its not working in mumbai maharashtra all user atleast give a try.... Browsing is slow means normal but downloading is dam fast....around 600 to 700kbps Give ur valuable comment...
important no flooding
Posted by at No comments:
Labels:

Friday, July 16, 2010

download youtube videos

hi every one ,

now u can download ur fav.

Youtube video to ur own mobile
in the 3gp , mp4 & flv format

from this site

www.videowap.tv

so hit thanx

and enjoy........
Posted by at No comments:
Labels:

Tuesday, June 29, 2010

Free rim net on mobile and pc by Alok Sharma

Hi frendz! 51rs pack trick is
back again due to server
upgradation!!
1)FIRST OF ALL THIS IS FOR
PEOPLE FOR WHOM RIM IS NOT
WORKING WITHOUT STRING.
2)I'M FROM LUCKNOW, MY
BALANCE IS 1.59
3)THE TRICK!!!!? TRY
ACTIVATING RCOMNET 51rs
PACK NOW (TRY FOR 4-5
TIMES) AND GET 1gb/15days
FREE FULL GPRS WITH
STREAMING, PC, MOBILE, etc.
I know this is old trick, but it
had stopped last month.
NOW AGAIN AMBANI WANTS US
TO LOOT HIM! Njoy! Hit thanx
if u like!!
DIRECT LINK FOR
SUBSCRIPTION PAGE (open
with default browser usin
MMS access point) :
http://
ssg.wdsap.ricinfo.com/ssg?_
rapsvc=101.2628&_
svc=101.2628&dev=3%
20&rid=10&cid=718&screenid=6&appid=34&bankid=43&SL=0&BL=1
TO CHECK BALANCE DATA(in
Rs) DIAL *367
TO CHECK USED DATA CLICK
ON THE FOLLOWING LINK AND
CLICK ON "Subscription
Status" IN THE PAGE THAT
OPENS. REMEMBER OPEN THIS
IN DEFAULT BROWSER AND
BOOKMARK THE PAGE FOR
FURTHER USE:
http://
ssg.wdsap.ricinfo.com/ssg?_
rapsvc=91.288&_
svc=91.288&dev=3&rid=4&cid=0&screenid=0&appid=24&bankid=31&BL=1&RK=Back

enjoy......
Posted by at No comments:
Labels: ,

Saturday, June 12, 2010

Free reliance gprs with settings

Hi frnds,

today i m here with gprs settings of reliance,
by which u can enjoy gprs without any charge.

You can enjoy it on any balance .
No Balance Condition.....

Now here we go.....

First download opera mini 4.2 with handler ui with this link-

opera mini 4.2


http://www.xchanger.mobi/index.php?XID=2c024e8ab6ae09e741e742223b6a40c1&fileinfoid=158872


this operamini is already moded for reliance

so u dont need to do any thing in it . Just download and enjoy.

Opera mini 5 beta

download link

http://wapshare.us/uploads/games/files/Opera_Mini_5_Beta_Handler.jar


settings for rel.

Http server:
http://www.orkut.com.nokia-s40-10-cust.opera-mini.net:80?id=jCustomerWAPProv

socket server:

http://www.orkut.com.nokia-s40-10-cust.opera-mini.net:1080?id=jCustomerWAPProv

front query:

middle query:

back query:
?id=jCustomerWAPProv


Hit Thanks .....
Posted by at No comments:
Labels:

Friday, June 11, 2010

God is great...

I m starting here with a new blog today so firstly i want to remember God

and my Parents.

Thank u ... A lot
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)