Breaking Rapidshare's Annoying Captcha the Easy Way

Like many others, I got stuck in front of Rapidshare’s captcha. After more than five attempts at reading different letters with kittens and other critters hidden behind them, I was thinking of giving up. Especially because each time I failed I had to wait a half a minute again. However, in one instance I went *back* via my browser, and tried solving the same captcha again. Turns out this works, and I got the file.

I know I could probably have solved it in a smarter fashion, but it wasn’t worth the effort.

My lesson:

When someone writes crappy software, their software is probably crappy in more than one way.

This is not the first time I’ve seen this happen.

This entry was posted in Programming Philosophy, Security, web-design and tagged , . Bookmark the permalink.

One Response to Breaking Rapidshare's Annoying Captcha the Easy Way

  1. Yoni says:

    Does this mean one can write a bot that tries all 6choose4 combinations for a single captcha?

    1. Interpret all 6 characters with certainty by using a pretty good OCR algorithm.
    2. Try all 15 possibilities, simulating a “back button press” after each one.

    Alternatively:

    1. Interpret all 6 characters with certainty by using a pretty good OCR algorithm.
    2. Try a random possibility.
    3. Repeat ~15 times until success.

    If either is possible, this extra kitten layer does not offer that much more security…