-=I.C.E.=- Proudly Presents Caecus ver 1.0 Coded by Sentinel ***************************** Readme by tr0n Background: ----------- First, what is Caecus? Caecus is a OCR bruteforce program which allows webmasters to test their site security. I.C.E. will not be held responsible for misuse of this program as a tool to break into websites. hehe! Second, a little background on OCR and related security scripts. OCR stands for Optical Character Recognition. This term is typically used for general character recognition which includes the transformation of anything humanly readable to machine manipulatable representation. For more infomation on OCR go here: http://www.cfar.umd.edu/~kia/ocr-faq.html. Next, lets look at how OCR applies to us and site security. Most of you know about standard html form logins which use two types of user input, username and password. Well, now there is a new type of form login which uses three types of input, username, password and a numeric security key. This security key (sometimes referred to as the Code) is generated by a script known as t4wsentry. http://www.tools4webmasters.com/t4wsentry.htm If you scroll down the page you can see an example of what this type of form login looks like. To date no other program has been able to bruteforce this type of login. Getting Started: ---------------- Step one, get the member's url and enter it into Caecus where it says Site. It's important that you enter the 'correct' member's url. For this tutorial I will use this site as a example: http://www.sluttysammi.com. Next, we will goto the 'Main' tab of Caecus and work our way to the right from there. It's important that you follow this procedure. Click on the folder icon and load a combo wordlist. Next adjust the number of bots and the timeout settings that you prefer. This will vary depending on your system and connection, so I suggest you experiment. Now goto the 'Proxy' tab, and then the 'Analyzer' tab. As you can see this is all pretty much the same as Sentry...just load a list of proxies. Next goto the 'Analyzer Options' tab. Here you need to enter the url of a proxyjudge, get your external ip, and set the proxy timeout. Now adjust the slide control above the tab to the number of bots you want to run and then start your test by clicking on the icon left of the slide. After the test go back to the 'Analyzer' tab and edit your list (delete timeouts, etc). Next, click on the arrow icon to send the proxies to 'My List'. So far so good. Now onto the 'Form Type' tab. This is the hardest part and the most important. To help you get started we have included a small list of ocr sites divided into their respective types. As you can see there are basically three types of ocr types...depending on 'how' the site has configured and setup their ocr security. Using the example site goto the member's url and view the page source. If you're not familiar with html then skip this part and go readup on it. About halfway down the page you will find where the form starts. It will say 'form action="verify.php?PHPSESSID= (where ID is the generated session id). This is how you can identify a Type 1 ocr site. You can identify the other ocr types using this same method. There is a short explanation of each type on the 'Form Type' tab of Caecus. Once you have Type 1 selected lets move on to the 'Form Settings' tab. The only thing you need to do here is hit the 'Analyze' icon. If you have checked the correct form type then Caecus will automatically gather the necessary form data needed. Move on to the OCR tab and click on the 'Test OCR' icon. If your settings are right Caecus will display an image consisting of numbers. If your settings are wrong a error window will pop up which will give you a choice of options. Now on to the final stage. Click on the 'Start' icon, get a cup of coffee, a beer or whatever and watch the results on the 'Progression' tab. That's all there is to it...just do it! Final Note: ----------- There are some ocr sites that use another form type. You can recognize them by the fact that they have a 'grid' behind the numbers in the image. Caecus cannot test these sites...yet! But on the bright side, we at I.C.E. are working on it. If you have any questions you can post them on the Icefortress, Securibox, or deny forums. Enjoy! -------------------------------------------------------------------------------- Version 1.2 (12-12-03) ----------- - Added Proxies Left Statistic. - Redirects for Type 3 are not followed anymore. - Fixed small parsing bug in hit detection for Types 1, 2, and 3. I don't think it had any effect. - Fixed a bug in hit detection for Types 1, 2, and 3. Version 1.1 (27-11-03) ----------- Beta RC 4 released to public. Version 1.1 (Beta RC 4) (never released) ----------- - Added cookie refreshing for Type 4. - Added another OCR Library for Type 4. - Made HTML image-link parsing more versatile. - Fixed bug when loading proxies with invalid format. - Fixed Form Action parsing bug for Type 1. Now more versatile. - Fixed bug when changing out and into the Proxy Tab fast. It would cause an exception. Version 1.1 (Beta RC 3) (19-11-03) ----------- - Added option to use a Proxy Analyze a Form and Test OCR. Caecus will use a random proxy from My List. - Major speed increase in OCR for Type 1, 2, and 3 sites. - Additional letters added for Type 1 and 2 sites. - Added support for Scanlines in Type 3 images. - Fixed bug with Show Type Information Popup Window. It now centers in your screen. - Modified the max number of bots Caecus can launch from 100 to 50. No need to hammer a site, or melt your processor trying ;) Version 1.1 (Beta RC 2) (13-11-03) ----------- - Fixed "200 - Proxy Error" bug for Type 4. - Fixed bug when clearing a wordlist and closing the program. The last wordlist was loaded. - Upgraded hit protection for Type 4. - Changed hit protection in Type 3. More accurate. - Fixed bug with Type 3 sites which was caused by the implementation of Type 4. - Fixed bug in hit detection for Type 2. - Fixed bug when pressing the Start Button inside the Main Frame. Bug was created in Beta RC 1. - Fixed bug when incrementing responses. If the bot was retried, the abnormal response was not increased. Version 1.1 (Beta RC 1) (09-11-03) ----------- - Added Form Type Help Button in Form Type Tab. - Added support for Hidden Session ID's. Found in the newer version of Type 1. - Added a Specific Site Engine to the Proxy Analyzer. Use it to identify proxies which will return a 200 response and the correct source of a given location. - Added support for access_key.php. This script generates the tan and black OCR image with the black gridlines through the numbers. - Clicking Abort 2x during a test will now cause a hard abort. Using a hard abort will speed the abort process up, but combos being tried may not give accurate results. - Added wordlist position slider in Main tab, just like Sentry's. The position of the wordlist can be changed in the middle of a session. - Added support for Type 1 sites which also have capital and lowercase letters. - Improved image format handling. - Renamed this file to "Readme.txt" and changed "Readme.txt" to "Manual.txt". - Fixed bug hit detection for Type 1. - Fixed Access Violation bug when switching tabs during a test. Version 1.0 (31-10-03) ----------- Some important information: Use the parameter -log ("Caecus.exe" -log) to enable bot logging. Bot logging will log all bot information about each attempt to a file called "Debug.txt". Since the program is still a Beta, there is no guarantee all hits will be detected. Minor Notes: All settings are saved before each test starts. So incase of a crash, your settings will be saved. All hits are logged to "Logfile.log", incase of a crash. Proxy rotation is automatically set to 1, when all proxies are marked bad, they are all reactivated (will probably change in a later version). A Timeout increments the 404 counter and the Timeout counter (A Timeout is an aborted HTTP Request (404) ). It is strongly advised to use good/stable proxies that do not redirect to a blocked/banned page when running Caecus. The recommended way to test your proxies is by doing this: 1. Anonymity check. (You can use Caecus to do this) 2. Response check for 200 proxies against the Base URL of the site you are going to test, and scan for a keyphrase in the source of that page. Sentinel