Skip to content
View in the app

A better way to browse. Learn more.
HWBOT Community Forums

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Captcha Me If You Can Root Me: [portable]

[Fetch Page & Image] ---> [Process Image via OCR] ---> [Submit Text via POST] | ^ +----------------- Maintain Session --------------------+ 1. Session Management

When automated scripts encounter security walls, they rely on root-level frameworks to mask their identity and mimic legitimate human devices. 1. Magisk and KernelSU

Approximately 3% of participants have validated this challenge. Core Technical Strategy

import io import re import requests from PIL import Image import pytesseract # Configure URL and Session URL = "http://root-me.org" session = requests.Session() def solve_challenge(): # 1. Fetch the challenge page to trigger cookie generation response = session.get(URL) # 2. Extract the CAPTCHA image URL (adapt regex based on actual HTML structure) # Often the image is embedded as base64 or hosted on a relative path img_url = URL + "img.php" img_response = session.get(img_url) # 3. Load image into Pillow img = Image.open(io.BytesIO(img_response.content)) # 4. Preprocess: Convert to grayscale and enhance contrast img = img.convert("L") img = img.point(lambda x: 0 if x < 128 else 255, "1") # 5. Run Tesseract OCR with PSM 8 (treat image as a single word) config = "--psm 8" captcha_text = pytesseract.image_to_string(img, config=config) captcha_text = re.sub(r'\W+', '', captcha_text).strip() print(f"[+] Extracted CAPTCHA: captcha_text") # 6. Submit the result payload = "captcha": captcha_text, "submit": "Submit" result = session.post(URL, data=payload) # 7. Check for the flag if "flag" in result.text.lower() or "congratulations" in result.text.lower(): print("[+] Success! Check the response for your flag.") print(result.text) else: print("[-] Failed. Retrying may be necessary due to OCR misreads.") if __name__ == "__main__": solve_challenge() Use code with caution. Troubleshooting OCR Failures captcha me if you can root me

: Extract the text or numbers from the image and submit them via a POST request within the allowed timeframe. Common Technical Steps

This challenge highlights why traditional, text-based visual puzzles no longer provide robust security.

CAPTCHA Me If You Can: Mastering Programmatic Automation on Root-Me [Fetch Page & Image] ---> [Process Image via

What or behavior you are seeing (e.g., bad OCR, session timeout) The exact HTML structure of the target form input fields

The image showed not pixels, but code. A moving, breathing CAPTCHA that changed every time a bot tried to parse it. Humans could read it easily: “Type the letters: R00T M3” — but any automated solver crashed into an infinite loop.

What are you getting back from the server? Magisk and KernelSU Approximately 3% of participants have

“CAPTCHA” ? What's this? Everybody already used CAPTCHA (or “Completely Automated Turing Test To Tell Computers and Humans Apart“) blog.rootshell.be CAPTCHA Me If You Can - Svetlana Kouznetsova Consulting

: The pytesseract library (a wrapper for Google's Tesseract-OCR) is frequently used to read the characters from the cleaned image.

: A web page that displays a unique CAPTCHA image upon every refresh.

. While the OCR logic can be frustratingly inconsistent due to image noise, it teaches essential CTF skills like session management and handling time-sensitive tasks.

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.