Thread: Mini Mods - Harmor's Bot Protection
View Single Post
  #10  
Old 04-13-2007, 12:09 PM
Pyrix Pyrix is offline
 
Join Date: Jul 2004
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Sorry, but this is incredibly easy to bypass - in fact I can think of two ways that this can be done...

MD5 Hash Table.
I could easily create a small array of hashes for each 'possible' answer. As the chances are that most of the time the character will be alphanumeric, i will only need A-Z,a-z and 0-9. All i have to do is hash each of these letters in turn and store them in a small array (62 cells)

For example

$answer[0cc175b9c0f1b6a831c399e269772661] = 'a'
$answer[92eb5ffee6ae2fec3ad71c777531578f] = 'b'

Now all i have to do is look up the value stored in the array with the key that matches your 'hidden field' value and put that letter in the field.

Look at the webpage
Alternatively, I could just look at the webpage. Unless I'm missing something, you give me the username in plain text. All i have to do is look for the value given after 'What is the first character of '?

This is the very reason that vBulletin uses CAPTCHA - it's an image so cannot just be 'read' in this way.

You may however get some 'security through obscurity' - bots need to know about your hack before they know what to do. But that would only take time and popularity.

Sorry to rip it apart so badly, but you did ask if there was any way bots could get past it.

Keep at it

Ollie
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01153 seconds
  • Memory Usage 1,764KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete