# Captcha1 | the Missing Lake

<div align="left"><figure><img src="/files/bWYaVbeVpTv1iO42NzxC" alt=""><figcaption></figcaption></figure></div>

to get the flag we have to solve 300 captchas, each captcha is an image that contains text we have to extract the text from the image correctly and submit it if it's valid we have solved 1 captcha

<div align="left"><figure><img src="/files/MhuFIcaoQcJG7EEBgSrR" alt=""><figcaption></figcaption></figure></div>

we cannot do this manually so what we have to do is create a python script to automate the work done.

first we have to see the request done when we open the page and get new captcha image

<div align="left"><figure><img src="/files/87vq76kuFEo70fV8iy8d" alt=""><figcaption></figcaption></figure></div>

in the response we have an encoded image embedded within the HTML response as a `data:image/png;base64`, so we'll need to extract and decode it from the HTML content using a script to save it as an image file.

**In this script:**

1. We send a GET request to the URL
2. We use a regular expression to extract the base64-encoded image data from the HTML response.
3. We decode the base64-encoded image data and save it as an image file named "output.png" using the Python Imaging Library (PIL).
4. We use the `pytesseract` library to perform OCR on the image obtained from the HTML response.
5. The `image_to_string` function is used to extract text from the image.
6. The extracted text is then printed to the console.

Make sure you have the `requests` and `Pillow` (PIL) libraries installed in your Python environment:

```bash
pip install requests requests
pip install requests pillow
pip install pytesseract
sudo apt install tesseract-ocr
```

```python
import re
import base64
from PIL import Image
from io import BytesIO
import requests
import pytesseract

# Send a GET request to the URL
url = "https://captcha1.uctf.ir"
headers = {
    "Cookie": "PHPSESSID=p0ubbj7gbpic6lmjlg251mtvhg; 926835342a210d84823968c8328cc3c8=7991ca4ed06637bb85462f16f7903c15",
    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
response = requests.get(url, headers=headers)

# Extract the base64-encoded image from the HTML response
html_content = response.text
match = re.search(r'data:image/png;base64,([^"]+)', html_content)
if match:
    base64_image = match.group(1)

    # Decode the base64-encoded image
    image_data = base64.b64decode(base64_image)
    image = Image.open(BytesIO(image_data))

    # Save the image to a file
    image.save("output.png")
    print("Image saved as 'output.png'")

    # Perform OCR on the image to extract text
    extracted_text = pytesseract.image_to_string(image)

    print("Extracted Text:")
    print(extracted_text)
else:
    print("Image not found in the HTML response")
```

after we get the extracted text from the image we have to send a POST Request where we send the captcha value to the server&#x20;

<div align="left"><figure><img src="/files/AJNFYk1WpKcBhs5ZyHUU" alt=""><figcaption></figcaption></figure></div>

modified script to send the extracted text as the captcha value in a POST request

```python
import re
import base64
from PIL import Image
from io import BytesIO
import requests
import pytesseract

# Send a GET request to the URL
url = "https://captcha1.uctf.ir"
headers = {
    "Cookie": "PHPSESSID=p0ubbj7gbpic6lmjlg251mtvhg; 926835342a210d84823968c8328cc3c8=7991ca4ed06637bb85462f16f7903c15",
    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
response = requests.get(url, headers=headers)

# Extract the base64-encoded image from the HTML response
html_content = response.text
match = re.search(r'data:image/png;base64,([^"]+)', html_content)
if match:
    base64_image = match.group(1)

    # Decode the base64-encoded image
    image_data = base64.b64decode(base64_image)
    image = Image.open(BytesIO(image_data))

    # Save the image to a file
    image.save("output.png")
    print("Image saved as 'output.png'")

    # Perform OCR on the image to extract text
    extracted_text = pytesseract.image_to_string(image)

    print("Extracted Text:")
    print(extracted_text)

    # Send a POST request with the extracted text as the captcha value
    captcha_value = extracted_text.strip()  # Remove leading/trailing whitespace
    post_url = "https://captcha1.uctf.ir"  # Replace with the actual POST URL
    post_data = {"captcha": captcha_value}
    post_response = requests.post(post_url, headers=headers, data=post_data)

    print("POST Response:")
    print(post_response.text)
else:
    print("Image not found in the HTML response")
```

to solve 300 captchas by sending captcha values, we can modify the script to keep track of the number of captchas solved and continue the loop until we reach 300.

This script will continue sending captcha values and counting the number of captchas solved until it reaches the goal of 300. It will print the number of captchas solved as it progresses and a final message when 300 captchas are solved.

```python
import re
import base64
from PIL import Image
from io import BytesIO
import requests
import pytesseract

# Define the URL for getting captcha images and submitting captchas
base_url = "https://captcha1.uctf.ir"
get_url = f"{base_url}/"
post_url = f"{base_url}/"

# Headers for the requests
headers = {
    "Cookie": "PHPSESSID=p0ubbj7gbpic6lmjlg251mtvhg; 926835342a210d84823968c8328cc3c8=7991ca4ed06637bb85462f16f7903c15",
    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
}

# Initialize variables to keep track of captchas solved
captchas_solved = 0

# Continue sending captchas until 300 are solved
while captchas_solved < 300:
    # Send a GET request to the URL to retrieve a new captcha image
    response = requests.get(get_url, headers=headers)

    # Extract the base64-encoded image from the HTML response
    html_content = response.text
    match = re.search(r'data:image/png;base64,([^"]+)', html_content)
    if match:
        base64_image = match.group(1)

        # Decode the base64-encoded image
        image_data = base64.b64decode(base64_image)
        image = Image.open(BytesIO(image_data))

        # Perform OCR on the image to extract text
        extracted_text = pytesseract.image_to_string(image).strip()  # Remove leading/trailing whitespace

        print("Extracted Text:")
        print(extracted_text)

        # Send a POST request with the extracted text as the captcha value
        post_data = {"captcha": extracted_text}
        post_response = requests.post(post_url, headers=headers, data=post_data)

        # Check if the response contains "that ain't right"
        if "that ain't right" not in post_response.text:
            captchas_solved += 1
            print(f"Captchas Solved: {captchas_solved}")

    else:
        print("Image not found in the HTML response")

print("Solved 300 captchas!")
```

now let's run this script

<div align="left"><figure><img src="/files/L043UTXy0uvkrlqCfHFa" alt=""><figcaption></figcaption></figure></div>

and when the script finishes

<div align="left"><figure><img src="/files/6zg6HG0bYo4h1ogTh8Al" alt=""><figcaption></figcaption></figure></div>

and we have got the flag

<div align="left"><figure><img src="/files/BemgTXfFHvAMkPSzNYif" alt=""><figcaption></figcaption></figure></div>

### Flag

```
UCTF{7h3_m1551n6_l4k3}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sayonara.gitbook.io/writeups/ctf/urmia-ctf-2023/web/captcha1-or-the-missing-lake.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.