[HN Gopher] Humans Not Invited
___________________________________________________________________
Humans Not Invited
Author : bschne
Score : 203 points
Date : 2020-05-05 18:02 UTC (4 hours ago)
(HTM) web link (www.humansnotinvited.com)
(TXT) w3m dump (www.humansnotinvited.com)
| georgianar wrote:
| Thanks to Robinson buckler ..Email this great herbal doctor cured
| me from herpes virus and he brought my ex lover back via his
| email robinsonbucler@gmail. com ...........
| InitialBP wrote:
| If you want to figure it out I recommend using burp and taking a
| look at the requests.
| mkonecny wrote:
| I dont get it. How would a computer solve this?
| miklosme wrote:
| If you want an extensive answer, I recommend the neural network
| playlist on 3Blue1Brown:
| https://www.youtube.com/watch?v=aircAruvnKk&list=PLZHQObOWTQ...
|
| For a quick answer, watch this segment:
| https://www.youtube.com/watch?v=IHZwWFHWa-w&feature=youtu.be...
| throwaway-87398 wrote:
| My guess is its some form of this:
| https://openai.com/blog/adversarial-example-research/
| therealdrag0 wrote:
| Anyone able to get past it?
| thomasqm wrote:
| No, but in the source you can get a message if you are the
| first to solve it.
| CrazyStat wrote:
| There's only 2^9 possible selections for each board, someone
| will get it just by chance.
| rajesh-s wrote:
| Humans have persistence. I guess that'll help them
| eventually get through using brute force.
| pinjiz wrote:
| I just got it by chance, there seems to be a XSS
| vulnerability and some way to post things. Didn't expect so
| many alert windows to appear and not sure what else it was
| doing.
| nutjob2 wrote:
| If that's getting though then for me it worked first
| time. It asked for "men" and the blurry outlines seemed
| pretty obvious to me.
|
| Maybe I'm an android and I don't know it. Surely not I
| remember my childhood.
| scrozier wrote:
| Just as we implanted it....
| caffeinewriter wrote:
| Quite a few "people" have solved it it looks like, and it's
| riddled with persisted XSS attacks once you get past it.
|
| Here's the returned response when you succeed:
| https://hasteb.in/iyifapud.html
|
| I found the "man" category to be the easiest to pretend to be a
| bot on.
| Noumenon72 wrote:
| My understanding of persisted XSS attacks is that it's not
| that the site is malicious, but that it had security holes,
| so other people who got through the captcha uploaded
| malicious scripts. Now the site is serving them unawares.
| Does that sound right?
| ollien wrote:
| Correct. If it were malicious on the part of the site, they
| could just send you that javascript anyway.
| allenu wrote:
| Yup! See my other post. I was asked to pick computers and I
| figured they'd all be in the greyish boxes and not the colorful
| ones. Turns out it was a good assumption.
| dexen wrote:
| SMBC to the rescue:
|
| [1] robots https://www.smbc-comics.com/comic/2013-06-05
|
| [2] philosophers https://www.smbc-comics.com/comic/p-bot
| sp332 wrote:
| https://thepunchlineismachismo.com/archives/comic/the-straw-...
| schoen wrote:
| There's at least one more SMBC with a CAPTCHA joke:
|
| https://www.smbc-comics.com/comic/captcha
| zadkey wrote:
| This made me laugh quite a bit.
| poyu wrote:
| What's interesting is that, humans get to control computers, but
| computers don't get to control humans. At least computers are not
| originating thoughts on controlling humans yet. So technically we
| could get in by asking a computer to do it, but not the other way
| around yet.
| jchallis wrote:
| Amazon is trying hard to replace its foremen / women with
| computers. Maybe AWS will develop a nifty web service that
| allows all of us to shift people management to software.
| ainiriand wrote:
| Any time you classify traffic lights for a captcha you are
| doing just that, you are being asked to do something by a robot
| because it is not so confident about their own results. We are
| just starting to be the cheap labor of robots.
| tantalor wrote:
| Name is derivative of CGP Grey "Humans Need Not Apply"
|
| https://www.youtube.com/watch?v=7Pq-S557XQU
| Sambdala wrote:
| "X need not apply" is a well-known trope that has historically
| been used in a discriminatory sense, e.g., "Irish need not
| apply."
|
| "Humans not invited," isn't super derivative of either...
| tantalor wrote:
| Oh yeah it's a "snowclone"
| sho wrote:
| Well thanks for pointing that out?
|
| It's still an excellent video that almost everyone should
| watch. It's dated, a little, but I am pretty sure it is still
| going to prove all to true.
| [deleted]
| JadoJodo wrote:
| I'd love to see this show the unblurred images on failure (Humans
| need to learn, too).
| tlbsofware wrote:
| That would be nice but IIRC captchas actually use your cookies
| to decide if you are a human. Maybe incognito or a headless
| browser would give you initial access here, and then you could
| copy whatever access token they use from your cookies and add
| it to your application storage to access on your normal browser
| (unless they consistently check your cookies)
| mrspeaker wrote:
| Many years ago (back when machines weren't so good at image
| recognition, and we were still better at something) I made
| "humans.txt": solve simple arithmetic expressions to ensure your
| services are being consumed by your intended audience - and not
| bandwidth-wasting humans.
|
| https://www.mrspeaker.net/2010/07/15/humans-txt/
| greatNespresso wrote:
| Challenge accepted, I am going to beat this game
| hinkley wrote:
| How's that semantic web thing working out for you?
| thayne wrote:
| > the semantic web - is just around the corner
|
| Or so you thought...
| core-questions wrote:
| It got as far as little preview content things for links and
| RSS, and never as far as RDF tuples. Ah well.
| [deleted]
| Geee wrote:
| I made a joke once, that in the future captchas would be so
| difficult that only bots are able to get in.
| Apocryphon wrote:
| That joke in video form:
|
| https://www.youtube.com/watch?v=WqnXp6Saa8Y
| hinkley wrote:
| It's the saddest joke ever. Distorted text got pretty bad for a
| while there.
|
| We've crossed that threshold a couple of times. I think that's
| why we keep getting new captchas.
| parasanti wrote:
| Click on X...all are blank.
| exrook wrote:
| My first thought was that maybe this was some sort of anti-
| captcha where the images were adversarial examples that a neural
| network would classify as a shopfront?
|
| However from the comments here it seems to be less involved than
| that to get past the challenge, does anyone else know what the
| actual test is?
| worik wrote:
| I think that is what it is...
| chpmrc wrote:
| The URLs of the images seem to be a combination of a MD5 hash and
| an ID (changing the ID will produce a different image). I guess
| the point is that only machines can reverse MD5 to get the actual
| "image name"?
| Topgamer7 wrote:
| There is no reversing of an md5 hash. You can try to cause a
| hash collision, or brute force compute it, but you can't turn
| something like 40 bytes of data into 100 for example.
| gowld wrote:
| Rainbow table: https://en.wikipedia.org/wiki/Rainbow_table
| vivekseth wrote:
| Hashes are inherently lossy. Although a rainbow table can
| maybe tell you one possible input for a given hash, it
| cannot tell you exactly what was hashed.
| pc86 wrote:
| This still isn't reversing a hash.
| maerF0x0 wrote:
| but in the case of hashes -> URL there is a fairly reasonable
| rule set of what constitutes a plausible reversal. Therefore
| generated collisions could be reality checked, unlike other
| things (like a md5 of an encrypted file)
| skizm wrote:
| You can't reverse most hashes, you can just check if one
| thing's hash is the same as another thing's hash. If they are,
| they're _probably_ the same thing.
| aaomidi wrote:
| If you can reverse a hash, its not a hash.
| skizm wrote:
| Theoretically, no, but in practice if you know that
| "password123" hashes to "blaHb1ah" then you get a DB of
| hashed passwords and see "blaHb1ah", you _probably_ know
| that person 's password is "password123". (which is why you
| use salts to fix that). For all intents and purposes I just
| reversed the hash in this context.
| aaomidi wrote:
| Kinda? But there's infinite number of other things that
| will hash to that same value.
|
| So you can assume (probably with good certainty) that
| you've got the correct password, but you can't be sure.
|
| So pedantically speaking, it's not really reversible.
| zamfi wrote:
| > So you can assume (probably with good certainty) that
| you've got the correct password, but you can't be sure.
|
| That's assuming no other constraints.
|
| If the constraints on the password are strong enough (for
| example, must include letters, numbers, special
| characters, and be less than 30 characters) that there
| really may be only one input that satisfies those
| constraints and also hashes to the found value.
| sp332 wrote:
| This is true. If a "hash" is reversible, it's actually a
| cipher.
| crankylinuxuser wrote:
| I'd also argue that a hash (SHA, MD5, etc) is also
| reversible IFF the bit length does not exceed the
| bitlength of the hash.
|
| It's how many a password db is cracked. A hash may have
| infinite unhashed representations, but if the maxlength
| (in bits) is less than the hash type, then rainbow tables
| can relatively easily handle it.
| chungy wrote:
| But androids cannot use contractions.
| efficax wrote:
| They can with Dr Soong's Emotion Chip
| allenu wrote:
| This was great.
|
| I failed the first time when it asked for traffic lights.
|
| Then it asked to click on all computers and I just picked all the
| greyish squares since all the others were seemed like shots of
| "natural" things. Got in then.
| dingoegret wrote:
| Bot detected
| kensai wrote:
| And? What was is dear machine?! :)
| nautical wrote:
| https://github.com/YAIsaienkov/Humans-Not-Invited-Problem/bl...
| arberx wrote:
| I clicked on all the images and got in lol
| SkyMarshal wrote:
| Seems you either got super lucky or that's been fixed.
| usb0 wrote:
| ermahgerd, capcher!
|
| willing to bet that op hadn't seen hcaptcha, which is worse.
| nautical wrote:
| Looks like, you have to select elements with data-id="8".
| chpmrc wrote:
| It doesn't seem to work.
| [deleted]
| nautical wrote:
| I think it is product dependent .. data-id=8 might have
| worked for "router" if my memory serves me right.
| chpmrc wrote:
| Just tried with "modem" (didn't get any "router", even
| after 20 refreshes), no luck. I _need_ to see what 's next
| haha!
| nautical wrote:
| Ok, found this .. I guess there is a complete map.
|
| https://github.com/YAIsaienkov/Humans-Not-Invited-
| Problem/bl...
| [deleted]
| sandov wrote:
| So this is what deepie feels like when he has to classify data.
| ccozan wrote:
| I like this "deepie" :) sounds like cute name for an AI.
| thanks!
| OscarCunningham wrote:
| Did no one else get 'Select all squares with dicks'?
| gautamcgoel wrote:
| I got that one...
___________________________________________________________________
(page generated 2020-05-05 23:00 UTC)