Captcha1 | the Missing Lake
to get the flag we have to solve 300 captchas, each captcha is an image that contains text we have to extract the text from the image correctly and submit it if it's valid we have solved 1 captcha
we cannot do this manually so what we have to do is create a python script to automate the work done.
first we have to see the request done when we open the page and get new captcha image
in the response we have an encoded image embedded within the HTML response as a data:image/png;base64, so we'll need to extract and decode it from the HTML content using a script to save it as an image file.
In this script:
We send a GET request to the URL
We use a regular expression to extract the base64-encoded image data from the HTML response.
We decode the base64-encoded image data and save it as an image file named "output.png" using the Python Imaging Library (PIL).
We use the
pytesseractlibrary to perform OCR on the image obtained from the HTML response.The
image_to_stringfunction is used to extract text from the image.The extracted text is then printed to the console.
Make sure you have the requests and Pillow (PIL) libraries installed in your Python environment:
pip install requests requests
pip install requests pillow
pip install pytesseract
sudo apt install tesseract-ocrimport re
import base64
from PIL import Image
from io import BytesIO
import requests
import pytesseract
# Send a GET request to the URL
url = "https://captcha1.uctf.ir"
headers = {
"Cookie": "PHPSESSID=p0ubbj7gbpic6lmjlg251mtvhg; 926835342a210d84823968c8328cc3c8=7991ca4ed06637bb85462f16f7903c15",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
response = requests.get(url, headers=headers)
# Extract the base64-encoded image from the HTML response
html_content = response.text
match = re.search(r'data:image/png;base64,([^"]+)', html_content)
if match:
base64_image = match.group(1)
# Decode the base64-encoded image
image_data = base64.b64decode(base64_image)
image = Image.open(BytesIO(image_data))
# Save the image to a file
image.save("output.png")
print("Image saved as 'output.png'")
# Perform OCR on the image to extract text
extracted_text = pytesseract.image_to_string(image)
print("Extracted Text:")
print(extracted_text)
else:
print("Image not found in the HTML response")after we get the extracted text from the image we have to send a POST Request where we send the captcha value to the server
modified script to send the extracted text as the captcha value in a POST request
import re
import base64
from PIL import Image
from io import BytesIO
import requests
import pytesseract
# Send a GET request to the URL
url = "https://captcha1.uctf.ir"
headers = {
"Cookie": "PHPSESSID=p0ubbj7gbpic6lmjlg251mtvhg; 926835342a210d84823968c8328cc3c8=7991ca4ed06637bb85462f16f7903c15",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
response = requests.get(url, headers=headers)
# Extract the base64-encoded image from the HTML response
html_content = response.text
match = re.search(r'data:image/png;base64,([^"]+)', html_content)
if match:
base64_image = match.group(1)
# Decode the base64-encoded image
image_data = base64.b64decode(base64_image)
image = Image.open(BytesIO(image_data))
# Save the image to a file
image.save("output.png")
print("Image saved as 'output.png'")
# Perform OCR on the image to extract text
extracted_text = pytesseract.image_to_string(image)
print("Extracted Text:")
print(extracted_text)
# Send a POST request with the extracted text as the captcha value
captcha_value = extracted_text.strip() # Remove leading/trailing whitespace
post_url = "https://captcha1.uctf.ir" # Replace with the actual POST URL
post_data = {"captcha": captcha_value}
post_response = requests.post(post_url, headers=headers, data=post_data)
print("POST Response:")
print(post_response.text)
else:
print("Image not found in the HTML response")to solve 300 captchas by sending captcha values, we can modify the script to keep track of the number of captchas solved and continue the loop until we reach 300.
This script will continue sending captcha values and counting the number of captchas solved until it reaches the goal of 300. It will print the number of captchas solved as it progresses and a final message when 300 captchas are solved.
import re
import base64
from PIL import Image
from io import BytesIO
import requests
import pytesseract
# Define the URL for getting captcha images and submitting captchas
base_url = "https://captcha1.uctf.ir"
get_url = f"{base_url}/"
post_url = f"{base_url}/"
# Headers for the requests
headers = {
"Cookie": "PHPSESSID=p0ubbj7gbpic6lmjlg251mtvhg; 926835342a210d84823968c8328cc3c8=7991ca4ed06637bb85462f16f7903c15",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
# Initialize variables to keep track of captchas solved
captchas_solved = 0
# Continue sending captchas until 300 are solved
while captchas_solved < 300:
# Send a GET request to the URL to retrieve a new captcha image
response = requests.get(get_url, headers=headers)
# Extract the base64-encoded image from the HTML response
html_content = response.text
match = re.search(r'data:image/png;base64,([^"]+)', html_content)
if match:
base64_image = match.group(1)
# Decode the base64-encoded image
image_data = base64.b64decode(base64_image)
image = Image.open(BytesIO(image_data))
# Perform OCR on the image to extract text
extracted_text = pytesseract.image_to_string(image).strip() # Remove leading/trailing whitespace
print("Extracted Text:")
print(extracted_text)
# Send a POST request with the extracted text as the captcha value
post_data = {"captcha": extracted_text}
post_response = requests.post(post_url, headers=headers, data=post_data)
# Check if the response contains "that ain't right"
if "that ain't right" not in post_response.text:
captchas_solved += 1
print(f"Captchas Solved: {captchas_solved}")
else:
print("Image not found in the HTML response")
print("Solved 300 captchas!")now let's run this script
and when the script finishes
and we have got the flag
Flag
UCTF{7h3_m1551n6_l4k3}Last updated
Was this helpful?