Skip to content
/ PolyCaptcha Public

PolyCaptcha is a Flask‑based web application that mimics Google’s image‑based reCAPTCHA flow to demonstrate how attackers can use visual deception, clipboard poisoning, and file‑format spoofing to trick users into downloading and executing malicious code.

AnonKryptiQuz.github.io/
9 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AnonKryptiQuz/PolyCaptcha

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
images
images
 
 
malware
malware
 
 
templates
templates
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

PolyCaptcha: reCAPTCHA Awareness Malware Demo

PolyCaptcha is a Flask‑based web application that mimics Google’s image‑based reCAPTCHA flow to demonstrate how attackers can use visual deception, clipboard poisoning, and file‑format spoofing (via I‑Espresso) to trick users into downloading and executing malicious code. This PoC is strictly for educational, research, and security‑testing purposes.

Features

  • Blurred‑Image Challenge: Prompts the user to “Identify the object” using a blurred picture.
  • Forced Download: Requires downloading reCAPTCHA.png (a dual‑format EXE/PNG) to continue.
  • Clipboard Poisoning: Automatically copies the full malicious Win+R command to the clipboard.
  • Dual‑Format Payload: Uses I‑Espresso to wrap a Windows PE inside a .png.
  • AV Evasion Demo: Shows how extension spoofing and user‑driven execution bypass antivirus.

Prerequisites

Installation

  1. Clone the repository:

    git clone https://github.com/AnonKryptiQuz/PolyCaptcha.git
cd PolyCaptcha

  2. Install required Python packages:

    pip install -r requirements.txt

    Ensure that requirements.txt contains the following:

    flask

Usage

  1. Start the Flask server:

    python app.py

  2. Open your browser and navigate to:

    http://localhost:5000/

  3. Follow the on‑screen prompts:

    1. You’ll see a blurred image and the text:

      “Identify the object in the image to continue. This helps prevent bots from solving the challenge.”

    2. Click Download to save reCAPTCHA.png (actually a PE wrapped as PNG via I‑Espresso).

    3. The tool automatically copies this command into your clipboard:

      cmd /c start "" "%USERPROFILE%\Downloads\reCAPTCHA.png" & echo # ✅ 'I am not a robot - reCAPTCHA Verification ID: 83472'

    4. Press Win + R, paste (Ctrl+V), and Enter.

      • Only the “I am not a robot…” text is visible at a glance, hiding the cmd /c start… launch.
      • The embedded payload (e.g. Calculator in PoC) executes while the image displays.

Disclaimer

  • Educational Purposes Only PolyCaptcha is intended solely for awareness, research, and security testing.
  • Legal Notice Unauthorized use against real users or live environments is unethical and may violate laws.

Author

Created by: AnonKryptiQuz

About

PolyCaptcha is a Flask‑based web application that mimics Google’s image‑based reCAPTCHA flow to demonstrate how attackers can use visual deception, clipboard poisoning, and file‑format spoofing to trick users into downloading and executing malicious code.

AnonKryptiQuz.github.io/

Topics

hacking cybersecurity penetration-testing polyglot anonymous ethical-hacking av-evasion educational-tool recaptha

Resources

Readme
Activity

Stars

9 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages