Deciphering Captcha

Presented at DEF CON 16 (2008), Aug. 8, 2008, 11 a.m. (20 minutes)

This presentation will detail two methods of breaking captcha. One uses RainbowCrack to break a visual captcha. The other uses fuzzy logic to break an audio captcha. Both methods are 100% effective. These are real attacks that affect real world software: CVE-2008-2020 CVE-2008-2019. Exploit code is available to the public

Presenters:

• Michael Brooks - Security Engineer, Fruition Security
  Michael Brooks is a puzzle master. Some people like Sudoku, but Michael likes hacking. Michael is a Computer Science student at Northern Arizona University. Michael has worked in web application development, penetration testing as well as other forms of software quality control. Currently he works in the finical industry for https://www.paythentrade.com/ as a security engineer. Michael has recently started the website: http://www.rooksecurity.com/ . As you can see Michael has published a wide range of real world attacks against web applications. Exploit code written by Michael: http://milw0rm.com/author/677 CVE's from Michael: CVE-2008-2019,CVE-2008-2020,CVE-2008-2043,CVE-2007-6471,CVE-2007-6459,CVE-2007-6458,CVE-2007-0134,CVE-2007-0132, CVE-2007-0130,CVE-2006-6781,CVE-2006-3208,CVE-2006-3207,CVE-2006-3206,CVE-2006-3205,CVE-2006-3204,CVE-2006-3203.

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#Brooks
• https://infocon.org/cons/DEF CON/DEF CON 16/DEF CON 16 video/DEF CON 16 - Michael Brooks - Deciphering Captcha - Video.mp4
• https://www.youtube.com/watch?v=9P9gWV7-a-w

Similar Presentations:

• Black Hat Asia 2016 / I'm Not a Human: Breaking the Google reCAPTCHA
• ToorCon San Diego 17 (2015) / PixelCAPTCHA - A Unicode Based CAPTCHA Scheme
• The Eleventh HOPE (2016) / CAPTCHAs - Building and Breaking