If you’re talking about the squiggly letter type captchas, they were beaten years ago and shouldn’t be used, the bots sussed them, not sure how but they did. Have you got a particular issue?
phpBB has a built in Q&A that, properly set up along with the newly registered user group, will stop 99% of your spam attacks.
As for how to make one I just googled the question (how to make a captcha) and there is a ton of information available on all types of methods, different captchas and even YT videos. Knowing how one or two work may help you but don’t forget there are different types from many different sources.
"The more connected we get the more alone we become" - Kyle Broflovski