Let’s learn WebApp Pentest from basic on DVWA. From setup to hack. Part8. Insecure captcha(Low to High).

Hey all. How are you doing?

In part 7 we have done Recaptcha key creation which resolved the dvwa issue with the Recaptcha key.

Now let’s hack it. We can see the page like this

So here we have to bypass the captcha which is insecure.

First, we will do with low security.

Let’s check the source. Here is showing 1 is for captcha challenge and after successful, 2 is happening for password change.

So, let’s see the traffic without clicking the captcha box and for the new password let’s put “abcd”

Look at the above image. step=1. step 1 is captcha and step 2 is actually changing the password. So, what if we change the step=2 from step=1

And the password got changed.

Cool right…! Let’s do this on medium-level security.

Now in the source, we can see almost as low security but here one thing is different which is taking the captcha tick.

So, passed_captcha is a parameter that has to be true for showing that captcha is passed properly. So, what if we do the same thing as last time and add this parameter with the value is true.

So we intercept this

and we change that to this

Let’s forward this and it works fine.

Now let’s do this at the high-security level.

Now in the source code, we can see that there are two parameters that have a value. Those two have to be there in the request for changing the password.

So, let’s catch the traffic and we can see the g-recaptcha-response parameter.

Let’s do the changes

step=1 need not change(but you can change it, it will work perfectly fine) because if the first part is bypassed then it will automatically go to step 2. Now let’s forward this.

Insecure captcha is done. I hope all of you understood properly.

We will meet in the next part.