TryHackMe: Advent of Cyber 2023 (Day 16) Can’t CAPTCHA this Machine!
“McGreedy has locked McSkidy out of his Elf(TM) HQ admin panel by changing the password! To make it harder for McSkidy to perform a hack-back, McGreedy has altered the admin panel login so that it uses a CAPTCHA to prevent automated attacks. A CAPTCHA is a small test, like providing the numbers in an image, that needs to be performed to ensure that you are a human. This means McSkidy can’t perform a brute force attack. Or does it?
After the great success of using machine learning to detect defective toys and phishing emails, McSkidy is looking to you to help him build a custom brute force script that will make use of ML to solve the CAPTCHA and continue with the brute force attack. There is, however, a bit of irony in having a machine solve a challenge specifically designed to tell humans apart from computers.”
Today it appears that we will be brute-forcing login credentials with a CAPTCHA by using machine learning. The exercise starts with some text-based answers and then moves on to the technical exercise.
Q1: What key process of training a neural network is taken care of by using a CNN?
This is the feature-extraction process.
Q2: What is the name of the process used in the CNN to extract the features?
This is called convolution.
Q3: What is the name of the process used to reduce the features down?
The next step is called pooling, where features are reduced.
Q4: What off-the-shelf CNN did we use to train a CAPTCHA-cracking OCR model?
We’re using Attention OCR.
Q5: What is the password that McGreedy set on the HQ Admin portal?
In the materials, it says that there are 6 steps to go through, but that 1–4 have already been completed.
- Gather CAPTCHAs so we can create labelled data
- Label the CAPTCHAs to use in a supervised learning model
- Train our CAPTCHA-cracking CNN
- Verify and test our CAPTCHA-cracking CNN
- Export and host the trained model so we can feed it CAPTCHAs to solve
- Create and execute a brute force script that will receive the CAPTCHA, pass it on to be solved, and then run the brute force attack
So the first thing I have to do now is export the already trained and verified model from the docker container so that I can begin using it.
I started by getting a docker id and connecting. Then I grabbed the CNN model and moved it to the temp directory.
I then exited and killed my docker container.
We will use TensorFlow Serving to actually host it. You can get that running with the following command.
Then, to actually begin bruteforcing, a custom script was provided for us.
You can start running it like this:
Eventually you will see something like this:
Q6: What is the value of the flag that you receive when you successfully authenticate to the HQ Admin portal?
You can now log in and grab the flag.
❤
