Hunting for CAPTCHAs

23:55 14.11.2007

Let’s examine methods of searching for vulnerable captchas. Main tool it is Google hacking - searching for vulnerabilities at sites using Google (this approach can be used and with others search engines). When vulnerable captcha was discovered, than good guys (with purpose to inform about availability of vulnerabilities) and bad guys (with purpose to use these vulnerabilities) can find sites with vulnerable captcha using search engines. So let’s examine ways of using Google hacking for searching for sites with vulnerable captchas of different types: text, logical and image (graphic).

Searching for vulnerable text captchas.

In case of text captchas they can be searched by text, which is near with captchas (via Google Search).

“into the textbox below” - up to 71000 results.

Taking into account that different captchas can use the same or similar text phrases, it’ll be not simple to find specific vulnerable captсha. For more precise results it’s need to specify search phrase.

Resistance: for resistance to this method it’s better to change default captcha’s phrases, then your site will be harder to find by presence of vulnerable captcha. But it’s better to use reliable captchas.

Searching for vulnerable logical captchas.

In case of logical captchas they can be searched by text, which is near with captchas (via Google Search).

“Check this box if you are not a spammer” - up to 12500 results.

Taking into account that different captchas can use the same or similar text phrases, it’ll be not simple to find specific vulnerable captсha. For more precise results it’s need to specify search phrase.

Resistance: for resistance to this method it’s better to change default captcha’s phrases, then your site will be harder to find by presence of vulnerable captcha. But it’s better to use reliable captchas.

Searching for vulnerable graphic captchas.

In case of graphic captchas for searching for sites with vulerable captchas there are two approaches.

1. They can be searched by text, which is near with captchas (via Google Search).

“Please enter the numbers you see below” - up to 39500 results.

This variant is not too precise, because different captchas can use the same or similar text phrases. So it’ll be not simple to find specific vulnerable captсha (but it is possible to search for different ones to find captchas with similar vulnerabilities).

Resistance: for resistance to this method it’s better to change default captcha’s phrases, then your site will be harder to find by presence of vulnerable captcha. But it’s better to not use vulnerable captchas.

2. They can be searched by their image (via Google Image Search).

Let’s view on example of captcha mt-scode:

mt-scode.cgi - up to 3340 results.

inurl:mt-scode.cgi - up to 3270 results.

This variant is more precise, because it’s allow to search for specific vulnerable captсha.

Resistance: for resistance to this method it’s better to change captcha’s filenames, then your site will be harder to find by presence of vulnerable captcha. But it’s better to not use vulnerable captchas.


Leave a Reply

You must be logged in to post a comment.