Go Back   Xisp.org Forums > Porn Password Cracking > Porn Password Cracking Help Section

Help with Image recognition

Reply
Views: 2103 - Replies: 18  
Thread Tools Display Modes

Help with Image recognition
Old 07-14-2006, 01:00 PM   #1
žabre
Guest
 
Posts: n/a
Threads: 5107
Default Help with Image recognition

Greetings guys,

Maybe you can help me out here a little, Im after getting my hands on some software that`s for OCR sites and other utilities but im wanting to know a little about how this OCR works first.

Right here goes, When you see an image under the user and pass, when i press reload on the browser it changes to something else, this i can understand completely. But how many possiblities can there be? are they done in order or mixed? Is there different types of image recognition software thats available to Webmasters to implement into their sites under the USER : PASS Fields?

Is this what tell call CAPTCHA protection can this even be overrided
The software ive got is Imacro is this even any good to this purpose?

I more than likely have more questions but that`s really it for now.

I would be greatful if anyone could give me some advice on the subject.

regards,

žabre

Last edited by žabre; 07-14-2006 at 01:17 PM..
  Reply With Quote

Old 07-14-2006, 02:53 PM   #2
tpstdd
Moderator
 
tpstdd's Avatar
 
tpstdd is offline Offline
Join Date: Jan 2005
Posts: 1,308
Threads: 231
tpstdd is on a distinguished road
Default

I have never heard of anybody using iMacros for OCR testing. To answer your question, OCR comes in MANY different flavors. There is not just one method of testing when it comes to that kind of scripting. CAPTCHA is just one variety of OCR. I suggest you read up on OCR to understand what you are up against when trying to test various sites.
  Reply With Quote

Old 07-14-2006, 03:20 PM   #3
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

Quote:
The software ive got is Imacro
I don't know that. The OCR programs I know about simply connect to the OCR generating script the same way the site does. view the source page of a OCR site and you can see clearly how it works.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 07-14-2006, 03:32 PM   #4
žabre
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks guys for for all your help in the matter , Il look up more info about it and as sly says il also view the source too and see what i can learn from it.

Bck to the drawning board.

Once again thanks :)

The software is this - http://www.iopus.com/imacros/ v 5.01

regards
  Reply With Quote

Old 07-14-2006, 05:17 PM   #5
žabre
Guest
 
Posts: n/a
Threads: 5107
Default

Right ive done what you said Slysnake and this is what im getting..

First off, i get to the main login page i view the source and this i see that bring to my attention.

obivously this is the OCR section?

Quote:
<body onLoad="prefillForm()">
<!-- <body> -->
<!--
Use the this 1X1 pixel version of the Turing image if you remove
the visible one frm the page. Calling the Turing image is enecesary
even if it's not visible.
<img src="/cgi-bin/sblogin/turingimage.cgi" height="1" width="1"><br>
-->
Now i can see this where this tool is called from on the sites server.

<img src="/cgi-bin/sblogin/turingimage.cgi"

I then put this into my browser like so http://www.bootytalk.com/cgi-bin/sblogin/turingimage.cgi and press return, it now displays just the turing image, but when i view the source its all encrypted :(

Can you tell me am i going in the right direction at all?

Also ive seen this part too in the source

Quote:

<!--
if (top.frames.length!=0)
top.location=self.document.location;
// Disable browser's Back button on another page
// being able to go back to this page and seeing the same turing image.
history.forward();

// -->
Does this mean that when you disable the backbutton and when you press the submit on the user - Pass and have entered the code so when the login details are incorrect that it will actually display the same turing image on the form over and over ?!? until you get the right user and pass?

Also ive found out something else when i look at the source is this what im looking for ?

src="/sblogin/formfiller.js

and i do the same as the above and it doesnt bring me to a ecrypted page

Thanks once again guys ;)

regards,

Last edited by žabre; 07-14-2006 at 05:49 PM..
  Reply With Quote

Old 07-14-2006, 08:56 PM   #6
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,486
Threads: 407
sPlico is on a distinguished road
Default

You are on right track. This is actually the way of exploiting :P

But, the turingimage that is "encrypted" isn't encrypted. It's a gif :P That's what you're seeing :)
  Reply With Quote

Old 07-15-2006, 03:40 AM   #7
thchog
Special Friend
 
thchog's Avatar
 
thchog is offline Offline
Join Date: Mar 2006
Location: California, USA
Posts: 319
Threads: 89
thchog is on a distinguished road
Default

HolyShit.... What A Great thread Saber, when I get a second I will try and catch up to you and learn/help as well!! FINALLY an intelligent and un-lazy post about OCR. First one I have seen (besides mine of course) ever.

And a big thumbs up to the Mods that not only let us discuss topics and detail rarely seen or alllowed @ other boards, also offer more help than JFGI!
  Reply With Quote

Old 07-15-2006, 06:38 PM   #8
žabre
Guest
 
Posts: n/a
Threads: 5107
Default

Greetings once again guys,

Quote:
You are on right track. This is actually the way of exploiting :P

But, the turingimage that is "encrypted" isn't encrypted. It's a gif :P That's what you're seeing :)
Lol.. Yes I can see that now as I didnt read the start of the page correctly when I was looking at , all i did was gave it one quick gander as I didnt like what I seen on it... :-X

Right i was doing some reading and reading and more reading ..... And I started looking at all the different pages that had OCR on it.

And walaa i started noticing this....

Quote:

<form action="verify.php" method="POST" name="form" onSubmit="return checkFields();">
Now if im not mistaken this looks like it the Optical code php script followed by the command line onSubmit="returncheckfields();"> which i think it checks the entered numbers/Digits
the user has inputted.

I am looking at other types of code too from other sites that have OCR.

and im starting to notice that between the different image types that theres different code.

like so

Quote:

SRC="/random.image.new.php" ALT="Image Loading..." WIDTH="140" HEIGHT="35" BORDER="0"></TD>
I can see now that this type of OCR calls the image and shows you the image parameters not like the first one I quoted....

I can even extend it onto the address that the site is like http://www.Somesite.com/random.image.new.php and the page loads up with just the image and it changes ever time I refresh.

Im now starting to see some of the other types of this OCR. Im still looking into these other types @ the moment, But I think Im on the right track now ?!?

regards,

Last edited by žabre; 07-15-2006 at 06:48 PM..
  Reply With Quote

Old 07-15-2006, 08:01 PM   #9
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,486
Threads: 407
sPlico is on a distinguished road
Default

Well, right track to where. Not sure what you want to accomplish with these ocr tests :) You are however, finding out how OCR's actually work from the server side of things, so if that's the case, then good.
onSubmit="returncheckfields();
I believe this checks are the login fields all inputed (as you didn't leave any empty). The verify.php is the script that processes the login i believe, but it's no use to you since you can't see the code of that.

Now, what you can learn from this searching of yours is how to "bruteforce" ocr without the actuall OCR recognition. See how the forms that process OCRS handle sessions, or cookies.
  Reply With Quote

Old 07-15-2006, 09:05 PM   #10
žabre
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks splico for your input, If your wondering where im looking to go then its basicly understanding the concept of how different ocr scripts differ from each other and their functions.

Quote:

Now, what you can learn from this searching of yours is how to "bruteforce" ocr without the actuall OCR recognition. See how the forms that process OCRS handle sessions, or cookies.
Yes I will be looking into this and see what I can find out, I have to learn alot more , but this method of actually overriding the OCR alltogether and putting a stop to it while i BF the site sounds like very interesting concept.

Once again thank you for your guidance

regards,
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 12:38 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 ę Copyright Xisp.org