Day 16

Machine learning Can't CAPTCHA this Machine!

Learning Objectives

• Complex neural network structures

• How does a convolutional neural networks function?

• Using neural networks for optical character recognition

• Integrating neural networks into red team tooling

This room is again a very straightforward one with all commands and instructions already given. We just need to follow along and run them.

What key process of training a neural network is taken care of by using a CNN? Submit
[REDACTED]

This can be found in the reading section at the begining

What is the name of the process used in the CNN to extract the features?
[REDACTED]

This can be found in the reading section at the begining

What is the name of the process used to reduce the features down?
[REDACTED]

This can be found in the reading section at the begining

What off-the-shelf CNN did we use to train a CAPTCHA-cracking OCR model?
[REDACTED]

This can be found in the reading section at the begining

What is the password that McGreedy set on the HQ Admin portal?
[REDACTED]

This can be found once the CNN model has been exported and hosted. We then run the bruteforce.py program given.

cd ~/Desktop/bruteforcer && python3 bruteforce.py
[-] Prediction probability too low, not submitting CAPTCHA
[-] Invalid credential pair -- Username: admin Password: Spring2017
[-] Incorrect CAPTCHA value was supplied, we will resubmit this password
[-] Invalid credential pair -- Username: admin Password: Spring2021
.
.
.
[-] Invalid credential pair -- Username: admin Password: sysadmin
[-] Invalid credential pair -- Username: admin Password: water
[-] Invalid credential pair -- Username: admin Password: dirt
[-] Invalid credential pair -- Username: admin Password: air
[-] Invalid credential pair -- Username: admin Password: earth
[+] Access Granted!! -- Username: [REDACTED] Password: [REDACTED]

What is the value of the flag that you receive when you successfully authenticate to the HQ Admin portal?
[REDACTED]

With the username and password found we just need to enter it into the site along with the CAPTCHA. This will give us the flag.