Of Stack

How to extract captcha from php168_cms

  • 2020-06-12 08:38:22
  • OfStack 


<?php
function yzImg($nmsg){
 if (function_exists('imagecreatetruecolor')){
  $imstr[0]["s"]=$nmsg[0];
  $imstr[1]["s"]=$nmsg[1];
  $imstr[2]["s"]=$nmsg[2];
  $imstr[3]["s"]=$nmsg[3];
  // The file header ...
  header("Content-type: image/png");
  // Create true color white paper 
  $im = @imagecreatetruecolor(50, 20) or die(" Failed to build image ");
  // Get the background color 
  $background_color = imagecolorallocate($im, 255, 255, 255);
  // Fill background color ( This thing is like an oil drum )
  imagefill($im,0,0,$background_color);
  // Get the border color 
  $border_color = imagecolorallocate($im,200,200,200);
  // Draw rectangle, border color 200,200,200
  imagerectangle($im,0,0,49,19,$border_color);
  // Show off the background line by line, full screen 1 or 0
  for($i=2;$i<28;$i++){
  // Gets the random tint 
  $line_color = imagecolorallocate($im,rand(180,255),rand(180,255),rand(180,255));
  // Line drawing 
  imageline($im,2,$i,47,$i,$line_color);
  }
  // Set the font size 
  $font_size=12;
  // Sets the printed text 
  $Str[0] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  $Str[1] = "abcdefghijklmnopqrstuvwxyz";
  $Str[2] = "01234567891234567890123456";
  // For the first 1 Random text 
  //$imstr[0]["s"] = $Str[rand(0,2)][rand(0,25)];
  $imstr[0]["x"] = rand(2,5);
  $imstr[0]["y"] = rand(1,4);
  // For the first 2 Random text 
  //$imstr[1]["s"] = $Str[rand(0,2)][rand(0,25)];
  $imstr[1]["x"] = $imstr[0]["x"]+$font_size-1+rand(0,1);
  $imstr[1]["y"] = rand(1,3);
  // For the first 3 Random text 
  //$imstr[2]["s"] = $Str[rand(0,2)][rand(0,25)];
  $imstr[2]["x"] = $imstr[1]["x"]+$font_size-1+rand(0,1);
  $imstr[2]["y"] = rand(1,4);
  // For the first 4 Random text 
  //$imstr[3]["s"] = $Str[rand(0,2)][rand(0,25)];
  $imstr[3]["x"] = $imstr[2]["x"]+$font_size-1+rand(0,1);
  $imstr[3]["y"] = rand(1,3);
  // Write a random string 
  for($i=0;$i<4;$i++){
   // Gets a random darker color 
   $text_color = imagecolorallocate($im,rand(80,180),rand(80,180),rand(80,180));
   // Draw the text 
   imagechar($im,$font_size,$imstr[$i]["x"],$imstr[$i]["y"],$imstr[$i]["s"],$text_color);
  }
  // Display images 
  imagepng($im);
  // Destroy the image 
  imagedestroy($im);
  exit;
 } else {
  header("Pragma:no-cache");
  header("Cache-control:no-cache");
  header("ContentType: Image/BMP");
  $Color[0] = chr(0).chr(0).chr(0);
  $Color[1] = chr(255).chr(255).chr(255);
  $_Num[0]  = "1110000111110111101111011110111101001011110100101111010010111101001011110111101111011110111110000111";
  $_Num[1]  = "1111011111110001111111110111111111011111111101111111110111111111011111111101111111110111111100000111";
  $_Num[2]  = "1110000111110111101111011110111111111011111111011111111011111111011111111011111111011110111100000011";
  $_Num[3]  = "1110000111110111101111011110111111110111111100111111111101111111111011110111101111011110111110000111";
  $_Num[4]  = "1111101111111110111111110011111110101111110110111111011011111100000011111110111111111011111111000011";
  $_Num[5]  = "1100000011110111111111011111111101000111110011101111111110111111111011110111101111011110111110000111";
  $_Num[6]  = "1111000111111011101111011111111101111111110100011111001110111101111011110111101111011110111110000111";
  $_Num[7]  = "1100000011110111011111011101111111101111111110111111110111111111011111111101111111110111111111011111";
  $_Num[8]  = "1110000111110111101111011110111101111011111000011111101101111101111011110111101111011110111110000111";
  $_Num[9]  = "1110001111110111011111011110111101111011110111001111100010111111111011111111101111011101111110001111";
  echo chr(66).chr(77).chr(230).chr(4).chr(0).chr(0).chr(0).chr(0).chr(0).chr(0).chr(54).chr(0).chr(0).chr(0).chr(40).chr(0).chr(0).chr(0).chr(40).chr(0).chr(0).chr(0).chr(10).chr(0).chr(0).chr(0).chr(1).chr(0);
  echo chr(24).chr(0).chr(0).chr(0).chr(0).chr(0).chr(176).chr(4).chr(0).chr(0).chr(18).chr(11).chr(0).chr(0).chr(18).chr(11).chr(0).chr(0).chr(0).chr(0).chr(0).chr(0).chr(0).chr(0).chr(0).chr(0);
  for ($i=9;$i>=0;$i--){
    for ($j=0;$j<=3;$j++){
      for ($k=1;$k<=10;$k++){
        echo $Color[substr($_Num[$nmsg[$j]], $i * 10 + $k, 1)];
      }
    }
  }
  exit;
 }
}
$string_yzimg=yzImgNumRand(4);

yzImg($string_yzimg);
function yzImgNumRand($lenth){
 mt_srand((double)microtime() * 1000000);
 for($i=0;$i<$lenth;$i++){
  $randval.= mt_rand(1,9);
 }
 return $randval;
}
/*== Reclusion bird ==*/
?>

This generated captcha is just a number, the background is just a simple 26 lines. He wanted 4 to be a sequence of random letters and Numbers, but when he generated the sequence, he used only Numbers, but the letters didn't work. The following is a new 4-digit alphanumeric sequence: 

function yzImgNumRand($lenth){
 mt_srand((double)microtime() * 1000000);
$Str[0] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
 $Str[1] = "abcdefghijklmnopqrstuvwxyz";
 $Str[2] = "01234567891234567890123456";
for($i=0;$i<$lenth;$i++){
  $randval.= $Str[rand(0,2)][rand(0,25)];
}
 return $randval;
}

Related articles: