Pages:
Author

Topic: Captcha bypass (Read 2276 times)

legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
May 19, 2021, 10:33:01 PM
#48
Captcha bypass appears to be broken?
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
January 16, 2020, 08:59:39 PM
#47
I have a guide video on this, not too good in quality but it might help for newbies, who are not familiar with the forum structure and its operations.
https://www.youtube.com/watch?v=k0kBvOXizhg&feature=youtu.be

The most important thing when one uses captcha bypass code is keep the code in secret and secure it as best as possible. Losing the code will result in risks of account hack. If one unintentionally disclose captcha code, using the reset to get a new one + change password to a new one.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
January 16, 2020, 12:03:27 PM
#46
When I created an account to use for testing automated scripts, I used the following procedure:
-Create account*
-login first time*
-obtain captcha bypass link
-logout
-login all subsequent times using bypass link

The steps with a * above require solving a captcha, so you need to solve once twice and never need to solve one after the second one.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 16, 2020, 11:48:23 AM
#45
Is there a reason that the site couldn't use an old login cookie to let you bypass the captcha for the same account only and get upto one wrong password?
I can't answer this question, but with the right cookie set, I never have to login, thus never see the captcha. This even works on Tor, as long as you allow cookies.
So I assume the captcha bypass is mainly for Tor users who don't want to use cookies, although I use it (without Tor) when I use LoyceMobile in a private browser (I don't logout LoyceV).
staff
Activity: 4284
Merit: 8808
January 16, 2020, 10:25:19 AM
#44
I just discovered this captcha bypass and it 90% answers what I wanted... but since it's not 100%:

Is there a reason that the site couldn't use an old login cookie to let you bypass the captcha for the same account only and get upto one wrong password?

This way a user that enters their password successfully doesn't ever need to captcha again after the initial sign-up.  There would also be no risk of losing control of the cookie, since it will only allow one unsuccessful captcha-free login per successful login to the same account.

[I find the captcha a nuisance because I have to temporarily disable third party script blocking, plus I sometimes fail to be human enough for it...]
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
February 24, 2019, 01:25:52 AM
#43
Yes, Essentially CAPTCHA can prevent spam from robots, but sometimes it sucks the user himself, especially for the blind this is a pity. CAPTCHA is hard to read.


On the other hand the CAPTCHA works correctly preventing bots, for that there are quite a lot of services that provide automatic CAPTCHAs such as bypassing CAPTCHAs.
I hope this can solve the constant CAPTCHA problem in the web browser, and hope for ways to bypass it by completing it automatically and well, thanks @themmos for this.

CAPTCHAs generally have a tolerance towards mini typos. So even if you entered "noclick" or "nodick", it'd still let you pass thru
legendary
Activity: 2128
Merit: 1775
February 23, 2019, 08:35:43 PM
#42
Yes, Essentially CAPTCHA can prevent spam from robots, but sometimes it sucks the user himself, especially for the blind this is a pity. CAPTCHA is hard to read.


On the other hand the CAPTCHA works correctly preventing bots, for that there are quite a lot of services that provide automatic CAPTCHAs such as bypassing CAPTCHAs.
I hope this can solve the constant CAPTCHA problem in the web browser, and hope for ways to bypass it by completing it automatically and well, thanks @themmos for this.
copper member
Activity: 2996
Merit: 2374
February 23, 2019, 05:25:58 PM
#41
Personally, I think more should be done to make TOR users have to jump through hoops to access the forum, not the other way around.  This is probably outstanding news to those who use alt accounts regularly though.
The administration does not do anything about alt accounts, even those of scammers well over 99% of the time, and does not even put much effort into finding alt accounts of banned users.

Also, it is possible to find alt accounts that are all using TOR, even if they are taking a lot of precautions against detection.
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
February 23, 2019, 01:42:55 PM
#40
Personally, I think more should be done to make TOR users have to jump through hoops to access the forum, not the other way around.  This is probably outstanding news to those who use alt accounts regularly though.
sr. member
Activity: 1008
Merit: 308
February 23, 2019, 12:00:15 PM
#39
I guess you didn't see this:

Yeah, I didn't see it. I also tried it by myself as @UserU do and it showed the same message as him. We have to log in first to get the captcha code.
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
February 23, 2019, 10:57:15 AM
#38
I guess you didn't see this:
Image loading...

I tested it, and it showed "You have to login first".

Maybe theymos could just add SolveMedia to alleviate the whole thingy.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
February 23, 2019, 10:13:56 AM
#37
It is very useful for me, I don't need to deal with captcha 3-10 times in a day anymore. Thanks @theymos
I guess you didn't see this:
Image loading...
sr. member
Activity: 1008
Merit: 308
February 23, 2019, 08:05:53 AM
#36
Bump

I know maybe it's not the newest update on bitcointalk, but I just read it recently. Thanks to @LoyceV for bumping this topic [GUIDES] on Bitcointalk. Index thread because of that I can found it.

It is very useful for me, I don't need to deal with captcha 3-10 times in a day anymore. Thanks @theymos

And from my sight, it doesn't have high traffic views. So I translated it to my native language with my comprehension to share it on my local board. I'll be glad if you want to visit on my thread here
copper member
Activity: 2996
Merit: 2374
December 08, 2018, 05:51:32 PM
#35
Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.
Shouldn't that be implemented for incorrect passwords too? If you fail more than 10 times, you should get a captcha again. That also stops any brute-force attack in case your unique link is leaked:
If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it:
Perhaps, however if you keep the link secret, this will not be an issue.

My login code (that I have since reset) is 893f4e9d4e171dc97db6 -- If someone were to know that someone uses this code, they could attempt to login using every username until they don't get an error message anymore, then bruteforce my password.

Another solution might be to only give the error message for the first xxx consecutive attempts to login to an account not associated with the code but keep the code active. This would prevent an attacker forcing someone to use the captcha while reducing the risk that an attacker could use a captcha bypass code to first bruteforce which account it is associated with and then bruteforce the PW
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 15, 2018, 02:01:44 AM
#34
Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.
Shouldn't that be implemented for incorrect passwords too? If you fail more than 10 times, you should get a captcha again. That also stops any brute-force attack in case your unique link is leaked:
If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it:
copper member
Activity: 2996
Merit: 2374
November 15, 2018, 12:38:36 AM
#33
Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?
It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.

OH DAMN

For all other accounts it gives "invalid code" with incorrect password.
For the correct account it gives "invalid password" with incorrect password.
It lets you try as fast as you can too.

It would be easy to brute force if you had a list of suspects, even the list of active accounts isn't that many if you use a bot.

Bug?
You could argue this is a bug. Like I said before, I don't think theymos would allow a large number of attempts before he would take action on the code/link being used.

Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.
member
Activity: 98
Merit: 10
▄▀ REMOVE LAUDA FROM DT
November 14, 2018, 11:35:34 PM
#32
Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?
It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.

OH DAMN

For all other accounts it gives "invalid code" with incorrect password.
For the correct account it gives "invalid password" with incorrect password.
It lets you try as fast as you can too.

It would be easy to brute force if you had a list of suspects, even the list of active accounts isn't that many if you use a bot.

Bug?
copper member
Activity: 2996
Merit: 2374
November 14, 2018, 09:15:35 PM
#31
Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?
It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.
member
Activity: 98
Merit: 10
▄▀ REMOVE LAUDA FROM DT
November 13, 2018, 03:03:50 PM
#30
I FINALLY BEAT GOOGLE!!!

You can register if you try a bajillion times. It does eventually let you in after an hour of training the self driving cars/skynet killbots.

I expected to be hit by an evil fee but their was no mention of it. Is that still a thing or did I get lucky and happen to be on a rare IP?

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?
legendary
Activity: 2408
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
November 11, 2018, 05:19:59 AM
#29
Such a wonderful improvement! Last time I was active I just didn't want to get in because of such annoying captcha.
Pages:
Jump to: