Captcha Me If You Can Root Me [2021] -

For blue teams and defenders, the goal is to break the chain between CAPTCHA bypass and rooting. Here’s how:

Some poorly designed systems reuse the same CAPTCHA token for multiple requests. An attacker can solve one CAPTCHA and replay it hundreds of times to brute-force credentials or root a server. captcha me if you can root me