[HN Gopher] Humans Not Invited ___________________________________________________________________ Humans Not Invited Author : bschne Score : 203 points Date : 2020-05-05 18:02 UTC (4 hours ago) (HTM) web link (www.humansnotinvited.com) (TXT) w3m dump (www.humansnotinvited.com) | georgianar wrote: | Thanks to Robinson buckler ..Email this great herbal doctor cured | me from herpes virus and he brought my ex lover back via his | email robinsonbucler@gmail. com ........... | InitialBP wrote: | If you want to figure it out I recommend using burp and taking a | look at the requests. | mkonecny wrote: | I dont get it. How would a computer solve this? | miklosme wrote: | If you want an extensive answer, I recommend the neural network | playlist on 3Blue1Brown: | https://www.youtube.com/watch?v=aircAruvnKk&list=PLZHQObOWTQ... | | For a quick answer, watch this segment: | https://www.youtube.com/watch?v=IHZwWFHWa-w&feature=youtu.be... | throwaway-87398 wrote: | My guess is its some form of this: | https://openai.com/blog/adversarial-example-research/ | therealdrag0 wrote: | Anyone able to get past it? | thomasqm wrote: | No, but in the source you can get a message if you are the | first to solve it. | CrazyStat wrote: | There's only 2^9 possible selections for each board, someone | will get it just by chance. | rajesh-s wrote: | Humans have persistence. I guess that'll help them | eventually get through using brute force. | pinjiz wrote: | I just got it by chance, there seems to be a XSS | vulnerability and some way to post things. Didn't expect so | many alert windows to appear and not sure what else it was | doing. | nutjob2 wrote: | If that's getting though then for me it worked first | time. It asked for "men" and the blurry outlines seemed | pretty obvious to me. | | Maybe I'm an android and I don't know it. Surely not I | remember my childhood. | scrozier wrote: | Just as we implanted it.... | caffeinewriter wrote: | Quite a few "people" have solved it it looks like, and it's | riddled with persisted XSS attacks once you get past it. | | Here's the returned response when you succeed: | https://hasteb.in/iyifapud.html | | I found the "man" category to be the easiest to pretend to be a | bot on. | Noumenon72 wrote: | My understanding of persisted XSS attacks is that it's not | that the site is malicious, but that it had security holes, | so other people who got through the captcha uploaded | malicious scripts. Now the site is serving them unawares. | Does that sound right? | ollien wrote: | Correct. If it were malicious on the part of the site, they | could just send you that javascript anyway. | allenu wrote: | Yup! See my other post. I was asked to pick computers and I | figured they'd all be in the greyish boxes and not the colorful | ones. Turns out it was a good assumption. | dexen wrote: | SMBC to the rescue: | | [1] robots https://www.smbc-comics.com/comic/2013-06-05 | | [2] philosophers https://www.smbc-comics.com/comic/p-bot | sp332 wrote: | https://thepunchlineismachismo.com/archives/comic/the-straw-... | schoen wrote: | There's at least one more SMBC with a CAPTCHA joke: | | https://www.smbc-comics.com/comic/captcha | zadkey wrote: | This made me laugh quite a bit. | poyu wrote: | What's interesting is that, humans get to control computers, but | computers don't get to control humans. At least computers are not | originating thoughts on controlling humans yet. So technically we | could get in by asking a computer to do it, but not the other way | around yet. | jchallis wrote: | Amazon is trying hard to replace its foremen / women with | computers. Maybe AWS will develop a nifty web service that | allows all of us to shift people management to software. | ainiriand wrote: | Any time you classify traffic lights for a captcha you are | doing just that, you are being asked to do something by a robot | because it is not so confident about their own results. We are | just starting to be the cheap labor of robots. | tantalor wrote: | Name is derivative of CGP Grey "Humans Need Not Apply" | | https://www.youtube.com/watch?v=7Pq-S557XQU | Sambdala wrote: | "X need not apply" is a well-known trope that has historically | been used in a discriminatory sense, e.g., "Irish need not | apply." | | "Humans not invited," isn't super derivative of either... | tantalor wrote: | Oh yeah it's a "snowclone" | sho wrote: | Well thanks for pointing that out? | | It's still an excellent video that almost everyone should | watch. It's dated, a little, but I am pretty sure it is still | going to prove all to true. | [deleted] | JadoJodo wrote: | I'd love to see this show the unblurred images on failure (Humans | need to learn, too). | tlbsofware wrote: | That would be nice but IIRC captchas actually use your cookies | to decide if you are a human. Maybe incognito or a headless | browser would give you initial access here, and then you could | copy whatever access token they use from your cookies and add | it to your application storage to access on your normal browser | (unless they consistently check your cookies) | mrspeaker wrote: | Many years ago (back when machines weren't so good at image | recognition, and we were still better at something) I made | "humans.txt": solve simple arithmetic expressions to ensure your | services are being consumed by your intended audience - and not | bandwidth-wasting humans. | | https://www.mrspeaker.net/2010/07/15/humans-txt/ | greatNespresso wrote: | Challenge accepted, I am going to beat this game | hinkley wrote: | How's that semantic web thing working out for you? | thayne wrote: | > the semantic web - is just around the corner | | Or so you thought... | core-questions wrote: | It got as far as little preview content things for links and | RSS, and never as far as RDF tuples. Ah well. | [deleted] | Geee wrote: | I made a joke once, that in the future captchas would be so | difficult that only bots are able to get in. | Apocryphon wrote: | That joke in video form: | | https://www.youtube.com/watch?v=WqnXp6Saa8Y | hinkley wrote: | It's the saddest joke ever. Distorted text got pretty bad for a | while there. | | We've crossed that threshold a couple of times. I think that's | why we keep getting new captchas. | parasanti wrote: | Click on X...all are blank. | exrook wrote: | My first thought was that maybe this was some sort of anti- | captcha where the images were adversarial examples that a neural | network would classify as a shopfront? | | However from the comments here it seems to be less involved than | that to get past the challenge, does anyone else know what the | actual test is? | worik wrote: | I think that is what it is... | chpmrc wrote: | The URLs of the images seem to be a combination of a MD5 hash and | an ID (changing the ID will produce a different image). I guess | the point is that only machines can reverse MD5 to get the actual | "image name"? | Topgamer7 wrote: | There is no reversing of an md5 hash. You can try to cause a | hash collision, or brute force compute it, but you can't turn | something like 40 bytes of data into 100 for example. | gowld wrote: | Rainbow table: https://en.wikipedia.org/wiki/Rainbow_table | vivekseth wrote: | Hashes are inherently lossy. Although a rainbow table can | maybe tell you one possible input for a given hash, it | cannot tell you exactly what was hashed. | pc86 wrote: | This still isn't reversing a hash. | maerF0x0 wrote: | but in the case of hashes -> URL there is a fairly reasonable | rule set of what constitutes a plausible reversal. Therefore | generated collisions could be reality checked, unlike other | things (like a md5 of an encrypted file) | skizm wrote: | You can't reverse most hashes, you can just check if one | thing's hash is the same as another thing's hash. If they are, | they're _probably_ the same thing. | aaomidi wrote: | If you can reverse a hash, its not a hash. | skizm wrote: | Theoretically, no, but in practice if you know that | "password123" hashes to "blaHb1ah" then you get a DB of | hashed passwords and see "blaHb1ah", you _probably_ know | that person 's password is "password123". (which is why you | use salts to fix that). For all intents and purposes I just | reversed the hash in this context. | aaomidi wrote: | Kinda? But there's infinite number of other things that | will hash to that same value. | | So you can assume (probably with good certainty) that | you've got the correct password, but you can't be sure. | | So pedantically speaking, it's not really reversible. | zamfi wrote: | > So you can assume (probably with good certainty) that | you've got the correct password, but you can't be sure. | | That's assuming no other constraints. | | If the constraints on the password are strong enough (for | example, must include letters, numbers, special | characters, and be less than 30 characters) that there | really may be only one input that satisfies those | constraints and also hashes to the found value. | sp332 wrote: | This is true. If a "hash" is reversible, it's actually a | cipher. | crankylinuxuser wrote: | I'd also argue that a hash (SHA, MD5, etc) is also | reversible IFF the bit length does not exceed the | bitlength of the hash. | | It's how many a password db is cracked. A hash may have | infinite unhashed representations, but if the maxlength | (in bits) is less than the hash type, then rainbow tables | can relatively easily handle it. | chungy wrote: | But androids cannot use contractions. | efficax wrote: | They can with Dr Soong's Emotion Chip | allenu wrote: | This was great. | | I failed the first time when it asked for traffic lights. | | Then it asked to click on all computers and I just picked all the | greyish squares since all the others were seemed like shots of | "natural" things. Got in then. | dingoegret wrote: | Bot detected | kensai wrote: | And? What was is dear machine?! :) | nautical wrote: | https://github.com/YAIsaienkov/Humans-Not-Invited-Problem/bl... | arberx wrote: | I clicked on all the images and got in lol | SkyMarshal wrote: | Seems you either got super lucky or that's been fixed. | usb0 wrote: | ermahgerd, capcher! | | willing to bet that op hadn't seen hcaptcha, which is worse. | nautical wrote: | Looks like, you have to select elements with data-id="8". | chpmrc wrote: | It doesn't seem to work. | [deleted] | nautical wrote: | I think it is product dependent .. data-id=8 might have | worked for "router" if my memory serves me right. | chpmrc wrote: | Just tried with "modem" (didn't get any "router", even | after 20 refreshes), no luck. I _need_ to see what 's next | haha! | nautical wrote: | Ok, found this .. I guess there is a complete map. | | https://github.com/YAIsaienkov/Humans-Not-Invited- | Problem/bl... | [deleted] | sandov wrote: | So this is what deepie feels like when he has to classify data. | ccozan wrote: | I like this "deepie" :) sounds like cute name for an AI. | thanks! | OscarCunningham wrote: | Did no one else get 'Select all squares with dicks'? | gautamcgoel wrote: | I got that one... ___________________________________________________________________ (page generated 2020-05-05 23:00 UTC)