Glancing at the Python API, the code is checked on the Codecha's servers, not the websites servers. So, you aren't going to be able to run arbitrary code on Amazon.com if they, hypothetically, decided to use this.
I imagine the checking done on Codecha's servers is done in a protected environment, such as chroot, or a Linux container. If not, then they will get exactly what they deserve.
The java one seems to use an old version of java, doesn't support lambdas for sure and possibly auto boxing, currently complaining of a runtime error that works perfectly on my machine.
10 comments
1 u/mash_taiters 26 Jul 2015 00:25
It's nifty but really a gimmick. I can't think of many cases where this is better than existing captchas (especially the new Google checkbox ones).
It could be used to filter out impatient and lazy users who just couldn't be bothered with it (I'd be one of them) haha.
1 u/TheCollector 26 Jul 2015 04:33
So, I can run arbitrary code on someone's website? That's pretty neat!
1 u/Master_Foo 26 Jul 2015 07:09
Glancing at the Python API, the code is checked on the Codecha's servers, not the websites servers. So, you aren't going to be able to run arbitrary code on Amazon.com if they, hypothetically, decided to use this.
I imagine the checking done on Codecha's servers is done in a protected environment, such as chroot, or a Linux container. If not, then they will get exactly what they deserve.
0 u/TheCollector 26 Jul 2015 19:28
True, but it didn't do anything to stop me from importing os with python.
0 u/Master_Foo 26 Jul 2015 21:50
I guess the next step would be to gather pertinent information and POST it back to your machine.
But at that point, you are getting into dangerous territory. Expect Agent Smith to show up at your door.
I guess, if you are curious, here are some questions.
What is the nature of the environment? Chroot? LXC? Nothing?
Is the environment ephemeral?
Is the environment shared?
Is the executed code hosted inside the environment?
Can the environment be hijacked to return false positives?
Does the environment have a timed kill?
Can I hijack it to mine Bitcoin?
Good luck with that.
1 u/leixiaotie 26 Jul 2015 17:30
Imagine that stackoverflow using this as captcha for posting question. Mind-blown.
0 u/zekio 25 Jul 2015 21:45
Kinda sad to see that there isn't a C# version of the captcha's
0 u/leixiaotie 26 Jul 2015 17:29
true...
0 u/TheSniperFan 25 Jul 2015 22:53
Nice idea.
Needs more than one language though. I don't want to learn Python just to be able to use some website.0 u/nsfwalias 26 Jul 2015 16:53
The java one seems to use an old version of java, doesn't support lambdas for sure and possibly auto boxing, currently complaining of a runtime error that works perfectly on my machine.