Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
1 résultat taggé gi7w0rm  ✕
HuluCaptcha — An example of a FakeCaptcha framework https://gi7w0rm.medium.com/hulucaptcha-an-example-of-a-fakecaptcha-framework-9f50eeeb2e6d
04/06/2025 13:20:20
QRCode
archive.org

Hello and welcome back to another blog post. After some time of absence due to a lot of changes in my personal life ( finished university, started a new job, etc), I am happy to finally be able to present something new.

Chapter 1: Captcha-verified Victim
This story starts with a message by one of my long time internet contacts:

Figure 1: Shit hit the Fan
I assume, some of you can already tell from this message alone that something terrible had just happend to him.

The legitimate website of the German Association for International Law had redirected him to an apparent Cloudflare Captcha site asking him to execute a Powershell command on device that does a Webrequest (iwr = Invoke-WebRequest) to a remote website (amoliera[.]com) and then pipes the response into “iex” which stands for Invoke-Expression.

Thats a text-book example for a so called FakeCaptcha attack.

For those of you that do not know what the FakeCaptcha attack technique is, let me give you a short primer:

A Captcha in itself is a legitimate method Website Owners use to differentiate between bots (automated traffic) and real human users. It often involves at-least clicking a button but can additionally require the website visitor to solve different form of small tasks like clicking certain images out of a collection of random images or identifying a bunch of obscurely written letters. The goal is to only let users visit the website that are able to solve these tasks, which are often designed to be hard for computers but easy for human beings. Well, most of the times.

gi7w0rm medium 2025 EN HuluCaptcha FakeCaptcha framework ClickFix
4836 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn